Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello, I believe that I have a Remote Access Trojan on my laptop. The laptop is LENOVO ideapad 110 and I have 3 Operating Systems installed - Windows 10, Linux Ubuntu 20.04 LTS and Linux Kubuntu 20.04 LTS. I mainly use Kubuntu and sometimes Windows(for gaming). I don't use Ubuntu anymore. Is there a way to get rid of a RAT and is buying a new Hard Disk the only solution?
Hello, I believe that I have a Remote Access Trojan on my laptop. The laptop is LENOVO ideapad 110 and I have 3 Operating Systems installed - Windows 10, Linux Ubuntu 20.04 LTS and Linux Kubuntu 20.04 LTS. I mainly use Kubuntu and sometimes Windows(for gaming). I don't use Ubuntu anymore. Is there a way to get rid of a RAT and is buying a new Hard Disk the only solution?
You don't ever really answer why you think these things, but seem to ignore the obvious "you have flaky hardware" advice you've been repeatedly given. Again, you are STILL using the same laptop as you mentioned before, where you marked the thread 'solved'. Now it's back again??
I personally think the best solution for you is to get a brand new laptop with a new hard drive, and get the best/most updated Windows antivirus programs you can find and use them with Windows. That way, you have Microsoft support there to help you.
Rather than buying a new hard disk, you could reinstall Windows and Kubuntu on the old disk. You'd even gain some disk space, since Ubuntu is gone.
If you don't want to reinstall, you first need to know which RAT you have. The internet can help you, for example https://www.dnsstuff.com/remote-access-trojan-rat (random web site found by googling; looking legitimate).
I just came here from OP's previous thread and I must say I fully agree with TB0ne, and am equally annoyed at this behaviour:
OP never followed up on questions asked, and instead just opened a new - this - thread.
Looking at their previous threads also shows a propensity to ignore the most obvious reason/advice and instead suspect "strange" and "weird" things happening on their computer.
Some of the more obious reasons suggested so far:
old/flaky hardware
running a graphical desktop as root
Let me add the possibility of a "Frankenbuntu". (See Frankendebian for an explanation).
I suggest to check out & eliminate these more obvious reasons before suspecting esoteric BS.
Rather than buying a new hard disk, you could reinstall Windows and Kubuntu on the old disk. You'd even gain some disk space, since Ubuntu is gone.
If you don't want to reinstall, you first need to know which RAT you have. The internet can help you, for example https://www.dnsstuff.com/remote-access-trojan-rat (random web site found by googling; looking legitimate).
I wiped the entire Hard Disk, including Windows and installed Kubuntu 20.04. Now I only have Kubuntu installed. I received a text message from my carrier that my phone was hacked through phishing. I received a text message posing as a delivery service with a link to track the "shipment". Once I clicked on this link the phone was infected. So the carrier stopped my SMS messages and told me to do a factory reset on my Smartphone before allowing me to send text messages again. My phone is Motorola G8 Power and it has Android 11. I am not sure whether this malware could have infected my laptop as well. Is it possible for a RAT to hide in the BIOS and would reflashing the BIOS make it go away?
I just came here from OP's previous thread and I must say I fully agree with TB0ne, and am equally annoyed at this behaviour:
OP never followed up on questions asked, and instead just opened a new - this - thread.
Looking at their previous threads also shows a propensity to ignore the most obvious reason/advice and instead suspect "strange" and "weird" things happening on their computer.
Some of the more obious reasons suggested so far:
old/flaky hardware
running a graphical desktop as root
Let me add the possibility of a "Frankenbuntu". (See Frankendebian for an explanation).
I suggest to check out & eliminate these more obvious reasons before suspecting esoteric BS.
I ran Universal Boot CD and there was a tool inside which successfully remaped my Hard Drive. After that I didn't have any more problems with the HDD. I ran Lenovo Diagnostic Tool and all was well.
I wiped the entire Hard Disk, including Windows and installed Kubuntu 20.04. Now I only have Kubuntu installed. I received a text message from my carrier that my phone was hacked through phishing. I received a text message posing as a delivery service with a link to track the "shipment". Once I clicked on this link the phone was infected. So the carrier stopped my SMS messages and told me to do a factory reset on my Smartphone before allowing me to send text messages again. My phone is Motorola G8 Power and it has Android 11. I am not sure whether this malware could have infected my laptop as well. Is it possible for a RAT to hide in the BIOS and would reflashing the BIOS make it go away?
And now you're asking again?? No, your phone isn't going to somehow 'infect' your computer.
Quote:
Originally Posted by whois1230
I ran Universal Boot CD and there was a tool inside which successfully remaped my Hard Drive. After that I didn't have any more problems with the HDD. I ran Lenovo Diagnostic Tool and all was well.
Most likely you had no problems with your hard drive to start with, and more than likely you aren't 'infected' with anything, beyond having old/dying/flaky hardware. But you don't seem to want to listen to anyone here...so why bother posting and asking us things???
And now you're asking again?? No, your phone isn't going to somehow 'infect' your computer.
Most likely you had no problems with your hard drive to start with, and more than likely you aren't 'infected' with anything, beyond having old/dying/flaky hardware. But you don't seem to want to listen to anyone here...so why bother posting and asking us things???
My hard drive had bad sectors, which I repaired. If the problem is dying hardware, I guess the solution would be to get a new laptop?
...and yet you've said before it was fine. Then you repaired it. Now it's bad again, and you repaired it again??? Which is it??
Quote:
If the problem is dying hardware, I guess the solution would be to get a new laptop?
Are you asking that as a question?? If all you're going to do is ignore what people are telling you, why bother asking?? You've posted numerous threads about these supposed 'hacking' things, related to your browsers, etc. All of them point to flaky or dying hardware....what exactly do you THINK you should do????
Either live with your (many) supposed hacking events, or buy a new laptop. Pick one.
I ran Universal Boot CD and there was a tool inside which successfully remaped my Hard Drive. After that I didn't have any more problems with the HDD. I ran Lenovo Diagnostic Tool and all was well.
Does not address the cited obvious reasons at all, and rather proves my point.
Quote:
Originally Posted by whois1230
I received a text message from my carrier that my phone was hacked through phishing. I received a text message posing as a delivery service with a link to track the "shipment". Once I clicked on this link the phone was infected. So the carrier stopped my SMS messages and told me to do a factory reset on my Smartphone before allowing me to send text messages again. My phone is Motorola G8 Power and it has Android 11. I am not sure whether this malware could have infected my laptop as well. Is it possible for a RAT to hide in the BIOS and would reflashing the BIOS make it go away?
Again, suspecting esoteric BS instead of addressing the more obvious things.
I recently read somewhere that that's a named disorder, some sort of inability to recognize obvious explanations, and always slipping back into the unlikely and mythical? You know, hearing hooves but thinking of Zebras and Unicorns instead of horses?
Try to identify where the traffic of the RAT goes to. I assume it is a reverse shell so maybe it's a good thing to kill all ports and ips,
where it is connecting to and giving yourself time to analyze the situation.
netstat
ss
tcpdump
wireshark
/var/log
Try to find unusual processes.
ps -eF
ps auxw
pidstat
top
htop
If the RAT is running on windows, i would recommend to reinstall the OS completely.
Try to identify where the traffic of the RAT goes to. I assume it is a reverse shell so maybe it's a good thing to kill all ports and ips,
where it is connecting to and giving yourself time to analyze the situation.
netstat
ss
tcpdump
wireshark
/var/log
Try to find unusual processes.
ps -eF
ps auxw
pidstat
top
htop
If the RAT is running on windows, i would recommend to reinstall the OS completely.
Hello, I already wiped the hard drive and installed Kubuntu 20.04 and am now running it as my only OS. I no longer have Windows. Sorry for being uninformed, but are these commands for Windows command prompt or for the Linux terminal?
Hello, I already wiped the hard drive and installed Kubuntu 20.04 and am now running it as my only OS. I no longer have Windows. Sorry for being uninformed, but are these commands for Windows command prompt or for the Linux terminal?
They are all Linux commands. And none of them will help with your issue, since nothing you've posted indicates you have any problems besides flaky hardware, as you've been told multiple times.
Try to identify where the traffic of the RAT goes to. I assume it is a reverse shell so maybe it's a good thing to kill all ports and ips,
where it is connecting to and giving yourself time to analyze the situation.
netstat
ss
tcpdump
wireshark
/var/log
Try to find unusual processes.
ps -eF
ps auxw
pidstat
top
htop
If the RAT is running on windows, i would recommend to reinstall the OS completely.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.