buump.me virus in Firefox got my whole Ubuntu 12.04 OS in a mess.

The number one reason for virus infections is, on Windows AND Linux, the end user. Did you install any software from non-official repositories or download any program from a third-party site manually? Which browser extensions are you using?

You can check out this program[1], also. I think it is available in the software center.

-Phil

[1] http://www.clamav.net/lang/en/

Thanks for that Phil,

The answer to your first question is: not that I am aware of. However, I do (did) have quite a few add-ons in my firefox browser. Now that I've uninstalled firefox, can't remember their names, mostly add-ons which kill adware and unwanted cookies, also https everywhere, also the ubuntu firefox extension (now also removed)

Of course I must have inadvertently downloaded something nasty without realising. I had become a bit careless lately, started to brag to my paranoid Windows friends that with a linux OS you can download anything and not worry at all. I am suitably humbled and will be more careful. Now i just want to find this thing and get rid of it.

I've installed CLAMAV, which I see needs to be run from a terminal window. Please could you just give me the instruction to run this, is it sudo apt get... or something (sorry, still only a beginner)
many thanks for you prompt support

-Jonathan

Have you tried renaming ~/.mozilla after closing the browser. Upon reopening it, does the browser behave?

Thanks

Sorry AP, not sure what u mean

Hello,

actionparsnip also provided very useful information. However, you said that the virus was interfering with your OS settings? Could you give an example for that?

As for the AV program (which I cannot guarantee that it will work, but you might give it a try(, you can install it via

sudo apt-get install clamav clamav-freshclam

You can scan your home directory by opening a console and type in

sudo clamscan -r /home/USERNAME/

If you want to scan the entire / partition, use the same command and alter the path.

Kind regards,
Phil

What actionparsnip meant: Navigate to your home directory and rename the .mozilla directory (it is hidden by default). Then open firefox again and see whether that fixed the error.

Thanks again Phil,
Now I've got something to work on.
I'll re-install firefox from the software centre, see if it's still infected (I'm pretty sure it will be) then try the rename, then do a scan.
let you know.
(I'd still like to know where this nasty 'buump.me' code is sitting in my computer)

Close Firefox and run:

mv -a ~/.mozilla ~/.mozilla_old

Then rerun the browser. Is it ok?

Uninstalling and reinstalling does very little to nothing. You removed the files for Firefox to run then put the same files straight back. Your user runs the browser as user so only has read access so it is highly unlikely to be the binaries. Doesn't hurt to do though :-)

Close all browser windows.

Then run this command (as actionparsnip requested):

mv -a ~/.mozilla ~/.mozilla_old

Then reopen Firefox and retest.

If that does not help, try this suggestion:

http://support.mozilla.org/en-US/questions/974453

Thanks guys, what a great response. Really helpful.
I've solved the problem by creating a new firefox profile and importing my settings and bookmarks from the old one (carefully, so as not to import the virus as well) Now the old profile has the virus and the new profile is just fine. I could just delete the old profile... but I'd love to find out exactly where this buump.me bug is lurking, so maybe I'll keep the old profile for a while and see if I can find half a day or night free for detective work. Clamscan didn't find it, maybe needs updating?
At first i thought that my OS was compromised because there were some unusual new settings on my desktop; now i think that this happened because of my attempts to get rid of the virus by fiddling around in the file sytem folders.
This is now corrected and there are no further problems. I do not believe the OS is compromised. Back to a high state of satisfaction. Nice.