LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 07-21-2005, 12:24 AM   #1
mazzy
LQ Newbie
 
Registered: Jul 2005
Posts: 8

Rep: Reputation: 0
Hacker installed a Linux bootloader on my Windows system


I've been hacked and can't perform a clean install of Windows. Whatever this is, a rootkit maybe?, has installed a lilo bootloader onto my system. There are many files that are Linux, and my version of DOS is now FreeBSD. I've tried everything imaginable to get rid of this, but I can't.

I hate Windows because I've been hacked before, but I know nothing about Linux. I bought a book "Linux For Non-Geeks", that has installation CD's for Fedora Core. However, this thing remains even after installing Linux on my system.

Can anyone tell me how to modify the kernel to prevent the old bootloader from remaining in control?

If I'm posting in the wrong place, sorry, and please tell me where to go.

Thanks in advance!
 
Old 07-21-2005, 12:31 AM   #2
king111
Member
 
Registered: Jul 2005
Distribution: Debian, Ubuntu
Posts: 85

Rep: Reputation: 15
A hacker installed Linux and FreeBSD? He's quite cunning.

http://ubcd.sourceforge.net/

fdisk /mbr
 
Old 07-21-2005, 12:40 AM   #3
mazzy
LQ Newbie
 
Registered: Jul 2005
Posts: 8

Original Poster
Rep: Reputation: 0
Maybe not so cunning.........I think he got in through my wireless.
 
Old 07-21-2005, 05:01 AM   #4
Gkarfield
Member
 
Registered: Jul 2004
Location: Greece
Distribution: FreeBSD 6.2/widows[not 8 legs nor black]
Posts: 123

Rep: Reputation: 15
hmmmmm freesbie runs ok?
cause it can blow up your disk
and loose data.

freesbie is not as friendly as linux.
 
Old 07-21-2005, 05:06 AM   #5
TigerOC
Senior Member
 
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380

Rep: Reputation: 49
Get a DOS boot disk (floppy) and boot the system with it. When you get a prompt enter fdisk /mbr which will erase the boot sector of the C: disk and remove the boot loader. By doing so you will have no way to boot the system so you will have to install a new boot loader.
 
Old 07-21-2005, 06:49 AM   #6
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 12,497

Rep: Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077
Say what - I would expect it to "restore" (from Redmonts perspective) the MBR to a usable state.
Same as fixmbr from the XP CD.

However, as I read it, the OP has tried to re-install Windows, *and* install FC - neither of which cleaned out this problem.
Probably something to do with dodgy partitions ("slices" ???) - but I've never tried BSD, so I could way off base.

mazzy, if you are prepared to do a total (re-)install (Windows or FC, whatever you want), try the following. Boot your first FC CD, and enter
Code:
linux rescue
. Then
Code:
dd if=/dev/zero of=/dev/hda bs=1 count=510
This will erase your MBR *and* partition table - you will have NO way to access any of your data. After this you will have to do a total rebuild. Of something.

You have been warned.
 
Old 07-21-2005, 09:40 AM   #7
Gkarfield
Member
 
Registered: Jul 2004
Location: Greece
Distribution: FreeBSD 6.2/widows[not 8 legs nor black]
Posts: 123

Rep: Reputation: 15
u log on a freesbie system??????????/

it has blown up ur disk. or has slice for windows.
freebsd disk is : /dev/ad0s(x), wherex is every slice.
 
Old 07-21-2005, 12:39 PM   #8
deviance99
Member
 
Registered: Jun 2004
Location: Mount Pleasant, MI
Posts: 41

Rep: Reputation: 16
Sounds unlikely that you have had a "hacker" I would venture to say someone thought i'd be fun to install freeBSD on your computer while physically being at it, but failed miserablly, or maybe they F-d up your windows and was trying to fix it by install FreeBSD. Whatever the case, I highly doubt a hacker *COULD* install freeBSD via a WIRELESS connection. Wireless is a pain enough for Unix/Linux to get working, I couldn't imagine trying to figure out how to get a bios to netboot from a wireless connection...

Perhaps pop in a knoppix CD to see if your data on the windows partition is still intact. If you can't get your system to boot, then you don't even know that. It's just your assumption that it's *just* the bootloader, when, in fact, it could be the entire system BSDed.

If you don't have any data left, try an cfdisk from inside of knoppix and format the hard drive. Then, try to install Windows XP from scratch; make sure you are running SP2 as well. I know some people dislike it, but it really is much more secure.

Oh, for future reference, put a BIOS password on your computer and boot directly to your hard drive thus preventing anyone from booting from the network or cd-rom in order to install BSD, as well, make sure you have a firewall running to prevent access to unwanted ports. Also, don't run as administrator on Windows (make a new user with "standard" permissions and use that). Make sure you have a strong password, one with letters and numbers. If you want it to be easy to remember, that's not a problem. Say you have an old password called: queue, but want a strong password, it's nice to add a word before like line, so it could be line_queue, then, replace some letters with numbers, so it could be l1n3_qu3u3. Voila! Strong password that is easy to remember!
 
Old 07-21-2005, 01:42 PM   #9
ewaltd
LQ Newbie
 
Registered: Jul 2005
Distribution: SuSE 9.3 Pro and FC3
Posts: 17

Rep: Reputation: 0
You could also try loading the windows recover console. Available on the XP install disk.

Just boot from the CD and choose the recover option. Sorry can't remember the exact wording.

Then try using fixmbr and fixboot to repair the MBR.
 
Old 07-21-2005, 02:37 PM   #10
mazzy
LQ Newbie
 
Registered: Jul 2005
Posts: 8

Original Poster
Rep: Reputation: 0
Thanks to all for your responses..........

I've tried fdisk /mbr without luck. When I boot with a DOS floppy, I get the message that the version is incompatible, and I can't continue.

I'm not sure what y'all mean by "slice".

syg00, I'm willing to try your suggestion, but will I be able to install either system from a CD or will I need a floppy to boot? There is nothing on my system that I want to save. I just want a totally clean machine.

again.....
thanks!
 
Old 07-21-2005, 02:56 PM   #11
mazzy
LQ Newbie
 
Registered: Jul 2005
Posts: 8

Original Poster
Rep: Reputation: 0
deviance99,
The only way this could've been installed was through wireless or maybe because I downloaded some music? No one uses my computer but me.

There is a guy who hates me because I asked him to take pics of me in my bathing suit off of his freaking website. He refused, and now he's on a mission to make me miserable. He's very computter savvy and his friends claim he could've done this hack job. Whoever did this has accessed my ebay account and paypal account.

When running windows I have a huge file called bios.bin. I think it just reinstalls itself rather than allowing a clean install. I'm clueless about Linux, but I have many questions. Mainly what is /dev/scramdisk/ ?

ewaltd,
I've tried recovery console without luck.

thanks for your help!

Last edited by mazzy; 07-21-2005 at 02:58 PM.
 
Old 07-21-2005, 03:01 PM   #12
darkleaf
Senior Member
 
Registered: Jun 2004
Location: the Netherlands
Distribution: debian SID
Posts: 2,170

Rep: Reputation: 45
Use the windows XP and see if you can somehow get it to format your hard disks. You migh have to use fdisk to delete the linux and freebsd partitions before and then create them new as windows file format.

I think I used this site to learn a bit about fdisk, if you don't know how to do it:
http://fdisk.radified.com/

Then you can format everything (including the windows partition) and reinstall windows or try to get the normal boot record with the XP CD but I'm not really sure how that works.
 
Old 07-21-2005, 05:27 PM   #13
Gkarfield
Member
 
Registered: Jul 2004
Location: Greece
Distribution: FreeBSD 6.2/widows[not 8 legs nor black]
Posts: 123

Rep: Reputation: 15
ehm, slice is the other name for partition

the freesbie name for partitions

for windows u have C: D: and so on
in linux u have hda1 hda2 hda3...
in freebsd u have one disk ad0 and its slices (paritions)
ad0s1 (hda1, c, ad0s2(hda2, d....


cheeres
 
Old 07-21-2005, 05:48 PM   #14
mazzy
LQ Newbie
 
Registered: Jul 2005
Posts: 8

Original Poster
Rep: Reputation: 0
Don't laugh! I said I was new!
 
Old 07-21-2005, 06:04 PM   #15
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 12,497

Rep: Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077
Quote:
Originally posted by mazzy
syg00, I'm willing to try your suggestion, but will I be able to install either system from a CD or will I need a floppy to boot? There is nothing on my system that I want to save. I just want a totally clean machine.
Do as I suggested, then simply boot an install CD.
XP will recognise it as an unformatted disk and offer to partition it prior to the install I think.
FC will probably just install as normal, and offer to partition the disk at the normal point.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
REPAIR WINDOWS( linux installed system) sajjadc Linux - Software 8 08-11-2006 11:06 AM
** WIERD STUFF Sendmail running But NOT installed Hacker maybe? ** DropHit Linux - Security 15 06-14-2004 12:32 PM
Has anybody successfully installed a windows/linux dual boot system on a Compaq PC? bugsbunny Linux - Newbie 16 04-03-2004 02:24 PM
how to hide GRUB bootloader while booting a duel boot system ( linux/windows ) ? dommini Linux - General 0 12-03-2003 04:48 AM
Deleted all my bootloader stuff from windows/linux system jimdaworm Red Hat 2 09-04-2003 06:54 PM


All times are GMT -5. The time now is 05:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration