Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm slightly amused that one very similar thread was just closed, and now this one being bumped.
I hope user A-Okay, who did the bumping, will look through all the output OP provided for them.
But, once again, stated many times in this thread now:
Look at the most likely explanations first, and only then go searching for unicorns.
How at all are you thinking, you're the victim of a RAT?
The only thing I would check for is the "snpp" but i can't see anything unsual going on in your post.
If you already wiped your HD/SSD and reinstalled the OS, I think the RAT would be gone, unless some1 has access to your wlan,eth0 or router.
Correct me, if I'm wrong!
Edit: I did not check all of your logs. Since the commands I gave you where just ideas. You need to use parameters. You'll find a lot of information by googling the commands or just use: man <cmd>
If I ever thought that my PC has malware, it would be an automatic wipe and reinstall of all OSs.
I'm hoping that the phish was a valuable learning experience for you (I mean that constructively). As a rule, if I ever suspect a phish attempt, I will contact the actual company by phone before clicking any link in the correspondence. As well, the SMS from your carrier that you'd been hacked was actually your carrier, and not another phish.
I'd like to add that if your hard drive has bad sectors, you'll probably be wanting to replace it. Usually once they start failing, they're untrustworthy and continue to get worse.
So, the fact the phish was on the phone but the suspected trojan was on the PC is setting off red flags to me in terms of fake post, or lack of understanding how malware works. This thread, IMHO, falls into the controversial "I think I was hacked" category. Could be OP literally has no idea how malware works and is making the assumption that one affected device can infect others. That's plausible. Maybe I am being too harsh and need to go back to my corner...
Today I checked some of the files on my desktop by clicking on 'properties'. I found 2 files which were accessed today which I did not open. How could this be explained?
Today I checked some of the files on my desktop by clicking on 'properties'. I found 2 files which were accessed today which I did not open. How could this be explained?
Again, since you provide no relevant details, what do you think we can tell you?? For all we know, those are system files, shortcuts that were re-generated during an update, or something else.
AGAIN, since you're continuing to miss the point; you ARE NOT 'hacked', understand??? There is *ZERO* that you have posted in all of your (several) threads about this, that indicates you're compromised in any way...do you understand??? Continuing to ask over and over isn't going to change the answer.
If you're so concerned, throw your computer in the trash along with your backups (after all, they may ALSO contain the mystery hacker-virus-rat files), buy a new computer and use Windows. It'll ask you a zillion questions whenever you want to do anything, and you can load 50 different anti-virus/malware programs all at once to 'protect' yourself.
Today I checked some of the files on my desktop by clicking on 'properties'. I found 2 files which were accessed today which I did not open. How could this be explained?
This won't do any good and I am sure I am completely wasting my time, but as a hacker (white hat), I don't care about an individual. Even if I were a cybercriminal, I still wouldn't care about individuals, unless they had something to offer, like $, or if they were a hated political figure and I wanted to do something malicious to their online presence.
I am not going to waste my time getting a single person to install malware, and then controlling their PC to change the file access date on 2 of their files. Most self respecting cybercriminals have much better things to do.
There, I wasted a few electrons and now I feel better.
Today I checked some of the files on my desktop by clicking on 'properties'. I found 2 files which were accessed today which I did not open. How could this be explained?
They were opened and indexed by your distribution's desktop search tool?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.