My family is under attack 24/7 any linux or windows is rootkitted, botnet, metasploit
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My family is under attack 24/7 any linux or windows is rootkitted, botnet, metasploit
Hello,
I used to work in SEO and I rated someones website who turned out to be an evil hacker.
He has a machine attacking my family PC 24/7.
I havn't used the internet in half a year but my 60 year old mother is still under constant attack. I want to help them as its my fault.
I didn't realise rating a website would lead someone to such a sadistic and relentless act.
Any windows or linux I install is taken. We've lost over 10 PCs and phones and 3 businesses in the attack leaving us unemployed. They control the machines at BIOS level and I cannot get anybody to help.
Ther UK police told me outright they won't help. I quote "we do nothing about hackers".
I can install any OS and it gets hijacked instantly. They block antivirus and firewalls and put loads of fake certificates in. Any browser on the net is constantly warning that theres a "man in the middle" attack and that the connection is unsafe.
With linux they hijack everything, the updates etc - we can't even use a live CD as it appears to be in the BIOS. A mini linux that runs daemons.
If I format the harddisk offline, there is always a fake filesystem. If I type // into the browser I can see the real file system and there is a folder caller run/lock and no program will delete it.
I've tried rescue CD, midnight commander, Knoppix - we've tried everything we can think of - moving house, changing routers, changing ISPs but its nearly 1 year now and the attack is still happening.
The attacker seems to be using a botnet and metasploit attack on us. Hes destroyed entire PCs and phones. I was warned he runs a hacking forum and is advanced in it.
I believe even the firmware on the router has been altered as its now saying "busybox" and the BIOS has been altered very obviously.
Our routers lights flash really fast - both the in and out lights are going crazy constantly.
I don't even use the internet anymore but I'm so sick of my mother being attacked. Shes 60 years old with a heart condition and relies on shopping online. Theres a lot of things she HAS to do online.
We've tried changing house, ISPs, routers and they still attack us. They won't let her work online on her shop she used to have selling clothes.
We under constant harrassment and no idea how to stop it now. We've given up buying new PCs and using the net altogether but lifes become very difficult as everything is online.
Basicaly every single thing has been attacked, the bios needs replacing the router but they use doxing to find us again.
When I run rescue CD off of the front of Linux Magazine, they have restricted the options, only one kernal can be loaded. I've tried every Linux you can think of including Kali and putting the harddisk in a docking bay and dismounting it but we cannot remove the "lock" file.
Even running a live CD the system log is reporting that the BIOS memory areas have been hijacked. I will try and find a log file to copy and some pictures.
It just popped up with this error link "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1064" I believe they are metasploit attacking her.
She has a chromebook and that has also been hijacked - it won't powerwash and if you go into developer mode theres hundreds of errors. When I check the security certificates theres hundreds of false ones.
The base PC we have had every computer expert in we can and they cannot remove it or help us. They told us to change everything and move but that does not help.
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with LFS.
Posts: 2,900
Rep:
1st thing first, if this is actually coming via the internet turn off your modem.
2nd thing, do a totally clean install on your systems.
3rd thing, do not reconnect the modem at all.
4th thing, use your systems totally (I mean totally) disconnected from the interent.
5th thing, let us know how you go.
If I type // into the address bar of a browser it appears file:/// then the above list of stuff is there ^^
a false file system is created its always the same, it has VMLINUZ and a run/lock directory. It has SElinux but I never even install it.
When I try to run any commands in terminal - a terminal emulator comes up called "busybox".
I can get to # by unplugging everything and resetiung the mother board and tehres a mini linux running still that has acpi and avahi daemons and fake version of TOP, you can try and kill all the processes but it won't work. The lock file owner has no setting and there is a group called root and a user called root - so I cannot ever be the real root
If I try to update my firmware or flash the bios they divert me to horrible images or just block us or send a new virus or start a new exploit.
I tracked the hacker to a location in Taunton England and believe I have is name but the police have refused to help. They told us they "do do anything about hackers".
If this is not a joke on the part of the OP, then I think he/she needs to refresh their knowledge of PCs.
Allowing that they are having serious problems, I think taking a deep breath, lower the paranoia a notch, quit seeing monsters under every rug and take things logically, one step at a time, would be a good first step.
4th thing, use your systems totally (I mean totally) disconnected from the interent.
5th thing, let us know how you go.
Yes I have but I cannot remove it. It infects every USB device, remotely activates bluetooth and wifi.
I had to physically remove the WIFI cards and even then it adapts and learns. The mini liux in the BIOS has a kind of A.I - it recognises what disk you put in and always you can never be root or dismount the drive and format it. Even knoppix did not work its that powerful.
I read online they can infect CDROM memory areas, the I.T experts have gone insane - one of them waqas litterally crazy - he said its impossible to do what it has done. As It wrote the virus to a LIVECD which transfered to my offline PC this PC did not even have WIFI in it so either I accidently used a infected drive and forgot or its capable of writing to finalised CDs.
It takes over Windows or any linux machine. Even phones have been remote activated. The hacker sent us horrible messages then the phones locked and would not work again. Some of the PCs were also destroyed by him putting passwords on the harddisks and bioses and encrypting it all.
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with LFS.
Posts: 2,900
Rep:
Quote:
Originally Posted by nice1m8
Yes I have but I cannot remove it. It infects every USB device, remotely activates bluetooth and wifi.
Turn OFF the powerpoint to the modem etc pull out the powerlead from the wall and start again. Until you do that, if as astrogeek says this is not a huge hoax, nothing will change.
If this is not a joke on the part of the OP, then I think he/she needs to refresh their knowledge of PCs.
Allowing that they are having serious problems, I think taking a deep breath, lower the paranoia a notch, quit seeing monsters under every rug and take things logically, one step at a time, would be a good first step.
I've been readfing every book I possibly can. Hacking for dummies, advanced SSH off-port tunnels, metasploiting - we are under a botnet attack. Its targeted and a powerful rootkit that infects the biuos and grub and locks itself as "root" and opens up the PC in some way.
I'm not seeing stuff - we've paid thousands of pounds hiring I.T experts and they told me that is what this is and we have to live with it every day.
I know about PCS. In Windows, it takes hold of a mini partition and core windows files - if you put the machine online it emulates the entire system with a fake root which can be found by typing cd c:,
- effectively theres always 3 partiions no matter what I do or what OS I install. If I install a Linux it creates a mini partition to boot it, a virtual linux XCFE that is mostly fake software, there wil be a load of packageses installed that state they are not part of the OS. I can go into synaptics package manager and they are all from "multi-verse" and the linux states its untrusted. They are all packages that effect control of the PC at core level.
The PC is basically unusable because the devices are faked. For example Its created a directory called mount and if I dismount SDA1 5 and 6 they just automatically remount themselves. I can try installing ubuntu into 1 partition and when its done - theres 3 partitions and you cannot remove the packages using DPKG as they have created ALIASES and SYMLINKS to prevent you from removing it.
This is not a joke its been effecting my family for almost a year now. I don't go online anymore, Its juist upsetting to see what their doing to my mother. Shes 60 years old, has a heart condition and really does need to use the net to shop and bank.
We can't et a secure connection. They block her for sadistic fun. The security certificates are forged and every browser tells you theres a "man in the middle" attack. You could not make this up. We've had to live with it and its horrible.
Turn OFF the powerpoint to the modem etc pull out the powerlead from the wall and start again. Until you do that, if as astrogeek says this is not a huge hoax, nothing will change.
We have.
We moved house, change PC and changed ISP but it only lasted 3 weeks and they found us again.
The hacker usesd doxing and we can't prevent that because my family has 6 members and they use websites to find our address. I never even knew about it until it happened to me that half this stuff was even possible. Its called "doxing" but thats how they find you.
I don't thgink theres anything we can do because I can't get every memeber of my family to to change name anonymously, its just impossible. They are even rootkitting family memebers phones etc so its just been impossible to stop.
I can't even have an offloine PC because I cannot remove it from them. So far I have only 1 pc thats not infected - because I removed the WIFI card physically and have never plugged any USB or ethernet in or used any CD that been used in the other machines.
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with LFS.
Posts: 2,900
Rep:
I understand your a bit hysterical, again if this is real it is a bad experience but nothing will change until you totally disconnect from the internet and do complete clean reinstalls. Once you have done that remain totally disconnected from the internet, if you must use the internet go to an internet cafe or something that way you and your family are not able to be targetted until the issue is fixed.
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with LFS.
Posts: 2,900
Rep:
Quote:
Originally Posted by nice1m8
Look for yourself at what has been done
Your public IP address is 90.204.60.225
^ this is our IP.
Anyone can post their IP up, I can do it but I wont.
Seriously settle down because you're not listening and your not even attempting to do as you are asked when we are trying to offer help. We are volunteers and I for one won't waste time with someone who wont listen.
But apparently you have not understood anything that you have read... I do not intend that in any mean-spirited way, but it is rather obvious from your posts that you really do not have any understanding about how these things work.
As long as you continue to believe in viruses that jump air-gaps, AI's running in your BIOS, re-written CDs, faking of entire operating systems and mass replacement of certificates with dupes on a secure connection, remote activation of a disabled WIFI device - and attempt to convince people who read your posts of those things, your situation will remain hopeless. Your only hope will be to discard all your electronic devices, throw your mobile phone in the river and move to a village in Patgonia without electrical service.
On the other hand, if you are willing to understand the basic principles involved and identify the actual source of your problems, there are many here willing to help.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.