Being attacked by a virus that does the same thing but drivers are different
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Took me a minute to figure this out. The other thread got closed...The OP here says nothing about thumb drives.
I concur. Use a different/new thumb drive.
How I know it’s malware:
1) I received a threat email
2) Both a Mac and the Ubuntu system were working fine before the email
3) Now both computers present the same behavior wether I try copying to any usb flash drive or hard disk
4) I read on another thread that this can be done by replacing the Ubuntu usb 2.0 driver with a 1.1 driver. I asked the question there but since the thread was 4 years old the moderator asked me to open a new thread. The file names mentioned there are outdated and seem to be different in Ubuntu 20.04
5) if this isn’t evidence enough, the hacker got into my windows computer and corrupted the boot sector.
6) The point of the attack is to not let me make backups of my files because the copy never gets finished. It starts at 30 mb/s and it stalls at 5/mb/s. When you’re trying to backup 1tb of data from hard drive to hard drive the copy would take forever. Same behavior happens when I copy one directory to different sandisk or Multilaser usb flash drives.
7) On my Mac he did something even more amazing, all text files get copied but when you open them on the other side they are completely filled with dots (...........).
Last edited by RPC; 09-14-2020 at 01:58 AM.
Reason: Additional clarification
Prep (or have a friend prep) a USB drive with a live-cd iso file (perhaps using one of the tools in my signature) and with ClamAV on it. Boot to that and use clam-av to scan your drives. 99.9% chance that if there is a virus present CLAM will detect and report the virus. I am betting there is no virus, but this is the test you should run to be certain. One might also use a CD-R disk loaded to boot a Linux image with Clam.
Running ANY AV detection from within the CORRUPTED OS is futile, a well crafted virus can use the OS facilities to hide itself. Booting a different OS from a USB device or CD avoids that issue.
wpeckham, thank you for your reply. I ‘m using eset antivirus. I found out the reason why the antivirus doesn’t detect it is because what he does is replace the usb 2.0 driver with a 1.1 driver. Like I mentioned this post https://www.linuxquestions.org/quest...device-166981/
Shows that doing this gets me the exact effect that I mention. I just need this procedure updated to Ubuntu 20.04.
Thank you in advance do your help
Last edited by RPC; 09-14-2020 at 09:55 AM.
Reason: Correcting grammar errors
Probably because it’s not actually a virus but a problem of perception. Viruses that perform said actions simply don’t exist. Making a virus that slows a USB copy just to prevent someone from doing a backup is ludicrous. A new USB stick would probably fix the issue but this is apparently not what OP wants so this thread, like all others about the exact same “mysterious virus” activity will continue ad infinitum.
I guess it could be possible that some email did some damage to two systems. It is not impossible. It is possible that some uefi damage could do that but the odds I'd think are very low.
It should be easy enough to burn a cd/dvd of some live distro and boot to confirm either software or hardware issue.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.