Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a virus or someone has hacked my computer with a USB device and is swapping and deleting my files. There are at least 4 unknown guests in my computer. I am missing files. It says I don't have the authority to remove the programs, as I have been trying for weeks. Please help. I am not the real computer savy, a friend put this on my system to prevent a security breach. This is a home pc. This would be done by someone personal looking to watch my account, or find things to use against me in court.
I appreciate any help. It may be cryptovirus and someone said it was from attaching an android phone and manipulating the files, which I haven't done. I had a "friend" tell me to download some anti-malware software and it said there were 19 files I have labeled as "quarantine". However, the majority of the problem is still here.
Thank you.
Last edited by unSpawn; 03-19-2016 at 05:44 AM.
Reason: //Email address removed. No need to post it.
I am not the real computer savy (..) I have been trying for weeks
...then take a deep breath and be prepared to answer some questions first. You may find there's no breach of security and the problem can be fixed given enough knowledge and time. (And maybe a backup?)
Quote:
Originally Posted by apples45
This would be done by someone personal looking to watch my account, or find things to use against me in court.
...also do not unduly interpret things: focus on getting the technical details to us first.
Quote:
Originally Posted by apples45
I have a virus or someone has hacked my computer with a USB device and is swapping and deleting my files. There are at least 4 unknown guests in my computer. I am missing files. It says I don't have the authority to remove the programs, as I have been trying for weeks.
- What makes you think the cause was "an USB device"?
- What software installs or updates, system or service reconfiguration happened weeks ago?
- What symptoms showed up when you first noticed problems weeks ago?
- What files are missing? List them?
Quote:
Originally Posted by apples45
I had a "friend" tell me to download some anti-malware software and it said there were 19 files I have labeled as "quarantine".
- List the product used and the file names?
Also check your log files in /var/log for errors and post anything else you think is relevant: the more (detailed!) technical information the better.
the problem was noticed when after i was looking at some questionable websites. However, that's when I noticed it. I don't have authority to access my backup cache and there are usually 4 unknown guests logged into my system at a time. I have turned off my wifi unless i am using it to see if that helps. I don't have anything incredibly private, its just annoying that there are so many users and its slowing my system down. and further, i can't access the histories of these other users i dont have authority. someone mentioned this could be from plugging in an android device, in which case, why are they accessing my computer on a regular?
does installing gnome have anything to do with this? something about freedesktop manager, and syncing file systems. i didnt have an android phone until way after this began.
who am i supposedly "swapping" with? if this is stuff ive never noticed before that is normal, let me know. i get excited about things that may be nothing.
i know the guest. he would have had to install something which is unlikely, or its something i got from being online. How do I know if this is serious, or if its just from plugging things in ... i just don't understand who and why people are logging in when im not even home. the only guest should be the one i know about, right?
its just annoying that there are so many users and its slowing my system down.
You're likely new to Linux? As in you are interpreting things? Linux uses something called separation of privileges meaning there will always be different process shown to be running by different users. I suggest you run this from a terminal window and post the output
basically, if you did not created guest account, that means someone did with root privileges if someone beside you have root access that you did not granted that`s worst case i recommend reinstalling, creating new passwords and setting up iptables.
I am Tara. There should be one guest. There are several that seem to have unlimited access. I have noticed numerous programs show up that I do not remember installing, though I could have. Most unnerving is there seems to be a theme about access to audio or something? Could you please explain the language. I will attempt to find something that legitimately shows my concern.
I could very well be interpreting things. I do take medication. However, the fact that I no longer have authority to access my files makes me wonder. There are several "files systems" I'm concerned about... I ran the command line:
I attached what it says. Just let me know if there is someone accessing my files please. If so I have more questions. I have been trying to make adjustments over the last month but things haven't changed terribly. If this is in my head, as many things are, then I thank you for your patience.
Last edited by apples45; 03-22-2016 at 06:53 AM.
Reason: too long
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.