Hacker installed a Linux bootloader on my Windows system
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hacker installed a Linux bootloader on my Windows system
I've been hacked and can't perform a clean install of Windows. Whatever this is, a rootkit maybe?, has installed a lilo bootloader onto my system. There are many files that are Linux, and my version of DOS is now FreeBSD. I've tried everything imaginable to get rid of this, but I can't.
I hate Windows because I've been hacked before, but I know nothing about Linux. I bought a book "Linux For Non-Geeks", that has installation CD's for Fedora Core. However, this thing remains even after installing Linux on my system.
Can anyone tell me how to modify the kernel to prevent the old bootloader from remaining in control?
If I'm posting in the wrong place, sorry, and please tell me where to go.
Get a DOS boot disk (floppy) and boot the system with it. When you get a prompt enter fdisk /mbr which will erase the boot sector of the C: disk and remove the boot loader. By doing so you will have no way to boot the system so you will have to install a new boot loader.
Say what - I would expect it to "restore" (from Redmonts perspective) the MBR to a usable state.
Same as fixmbr from the XP CD.
However, as I read it, the OP has tried to re-install Windows, *and* install FC - neither of which cleaned out this problem.
Probably something to do with dodgy partitions ("slices" ???) - but I've never tried BSD, so I could way off base.
mazzy, if you are prepared to do a total (re-)install (Windows or FC, whatever you want), try the following. Boot your first FC CD, and enter
Code:
linux rescue
. Then
Code:
dd if=/dev/zero of=/dev/hda bs=1 count=510
This will erase your MBR *and* partition table - you will have NO way to access any of your data. After this you will have to do a total rebuild. Of something.
Sounds unlikely that you have had a "hacker" I would venture to say someone thought i'd be fun to install freeBSD on your computer while physically being at it, but failed miserablly, or maybe they F-d up your windows and was trying to fix it by install FreeBSD. Whatever the case, I highly doubt a hacker *COULD* install freeBSD via a WIRELESS connection. Wireless is a pain enough for Unix/Linux to get working, I couldn't imagine trying to figure out how to get a bios to netboot from a wireless connection...
Perhaps pop in a knoppix CD to see if your data on the windows partition is still intact. If you can't get your system to boot, then you don't even know that. It's just your assumption that it's *just* the bootloader, when, in fact, it could be the entire system BSDed.
If you don't have any data left, try an cfdisk from inside of knoppix and format the hard drive. Then, try to install Windows XP from scratch; make sure you are running SP2 as well. I know some people dislike it, but it really is much more secure.
Oh, for future reference, put a BIOS password on your computer and boot directly to your hard drive thus preventing anyone from booting from the network or cd-rom in order to install BSD, as well, make sure you have a firewall running to prevent access to unwanted ports. Also, don't run as administrator on Windows (make a new user with "standard" permissions and use that). Make sure you have a strong password, one with letters and numbers. If you want it to be easy to remember, that's not a problem. Say you have an old password called: queue, but want a strong password, it's nice to add a word before like line, so it could be line_queue, then, replace some letters with numbers, so it could be l1n3_qu3u3. Voila! Strong password that is easy to remember!
I've tried fdisk /mbr without luck. When I boot with a DOS floppy, I get the message that the version is incompatible, and I can't continue.
I'm not sure what y'all mean by "slice".
syg00, I'm willing to try your suggestion, but will I be able to install either system from a CD or will I need a floppy to boot? There is nothing on my system that I want to save. I just want a totally clean machine.
deviance99,
The only way this could've been installed was through wireless or maybe because I downloaded some music? No one uses my computer but me.
There is a guy who hates me because I asked him to take pics of me in my bathing suit off of his freaking website. He refused, and now he's on a mission to make me miserable. He's very computter savvy and his friends claim he could've done this hack job. Whoever did this has accessed my ebay account and paypal account.
When running windows I have a huge file called bios.bin. I think it just reinstalls itself rather than allowing a clean install. I'm clueless about Linux, but I have many questions. Mainly what is /dev/scramdisk/ ?
Use the windows XP and see if you can somehow get it to format your hard disks. You migh have to use fdisk to delete the linux and freebsd partitions before and then create them new as windows file format.
I think I used this site to learn a bit about fdisk, if you don't know how to do it: http://fdisk.radified.com/
Then you can format everything (including the windows partition) and reinstall windows or try to get the normal boot record with the XP CD but I'm not really sure how that works.
Distribution: FreeBSD 6.2/widows[not 8 legs nor black]
Posts: 123
Rep:
ehm, slice is the other name for partition
the freesbie name for partitions
for windows u have C: D: and so on
in linux u have hda1 hda2 hda3...
in freebsd u have one disk ad0 and its slices (paritions)
ad0s1 (hda1, c, ad0s2(hda2, d....
Originally posted by mazzy
syg00, I'm willing to try your suggestion, but will I be able to install either system from a CD or will I need a floppy to boot? There is nothing on my system that I want to save. I just want a totally clean machine.
Do as I suggested, then simply boot an install CD.
XP will recognise it as an unformatted disk and offer to partition it prior to the install I think.
FC will probably just install as normal, and offer to partition the disk at the normal point.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.