LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-31-2021, 12:13 PM   #31
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 19,872
Blog Entries: 12

Rep: Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053

I'm slightly amused that one very similar thread was just closed, and now this one being bumped.
I hope user A-Okay, who did the bumping, will look through all the output OP provided for them.

But, once again, stated many times in this thread now:
Look at the most likely explanations first, and only then go searching for unicorns.
 
1 members found this post helpful.
Old 08-31-2021, 02:31 PM   #32
A-Okay
LQ Newbie
 
Registered: Mar 2021
Posts: 22

Rep: Reputation: Disabled
Hi, you need to use parameters to localize it.

How at all are you thinking, you're the victim of a RAT?

The only thing I would check for is the "snpp" but i can't see anything unsual going on in your post.

If you already wiped your HD/SSD and reinstalled the OS, I think the RAT would be gone, unless some1 has access to your wlan,eth0 or router.

Correct me, if I'm wrong!

Edit: I did not check all of your logs. Since the commands I gave you where just ideas. You need to use parameters. You'll find a lot of information by googling the commands or just use: man <cmd>

Last edited by A-Okay; 08-31-2021 at 02:39 PM.
 
1 members found this post helpful.
Old 08-31-2021, 05:16 PM   #33
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,200

Rep: Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307
Quote:
Originally Posted by whois1230 View Post
Is it possible for a RAT to hide in the BIOS
Nope

Last edited by dugan; 08-31-2021 at 05:20 PM.
 
1 members found this post helpful.
Old 09-14-2021, 02:14 PM   #34
SlowCoder
Senior Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Debian based
Posts: 1,250

Rep: Reputation: 164Reputation: 164
Some very good points here.

If I ever thought that my PC has malware, it would be an automatic wipe and reinstall of all OSs.

I'm hoping that the phish was a valuable learning experience for you (I mean that constructively). As a rule, if I ever suspect a phish attempt, I will contact the actual company by phone before clicking any link in the correspondence. As well, the SMS from your carrier that you'd been hacked was actually your carrier, and not another phish.

I'd like to add that if your hard drive has bad sectors, you'll probably be wanting to replace it. Usually once they start failing, they're untrustworthy and continue to get worse.
 
Old 09-14-2021, 02:41 PM   #35
maw_walker
Member
 
Registered: Jul 2021
Posts: 119

Rep: Reputation: Disabled
So, the fact the phish was on the phone but the suspected trojan was on the PC is setting off red flags to me in terms of fake post, or lack of understanding how malware works. This thread, IMHO, falls into the controversial "I think I was hacked" category. Could be OP literally has no idea how malware works and is making the assumption that one affected device can infect others. That's plausible. Maybe I am being too harsh and need to go back to my corner...
 
Old 09-20-2021, 01:04 PM   #36
whois1230
Member
 
Registered: Sep 2018
Posts: 214

Original Poster
Rep: Reputation: Disabled
Today I checked some of the files on my desktop by clicking on 'properties'. I found 2 files which were accessed today which I did not open. How could this be explained?
 
Old 09-20-2021, 01:57 PM   #37
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,200

Rep: Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307
Many ways. Obviously, we don’t have enough information.
 
2 members found this post helpful.
Old 09-20-2021, 02:01 PM   #38
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,553

Rep: Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946
Quote:
Originally Posted by whois1230 View Post
Today I checked some of the files on my desktop by clicking on 'properties'. I found 2 files which were accessed today which I did not open. How could this be explained?
Again, since you provide no relevant details, what do you think we can tell you?? For all we know, those are system files, shortcuts that were re-generated during an update, or something else.

AGAIN, since you're continuing to miss the point; you ARE NOT 'hacked', understand??? There is *ZERO* that you have posted in all of your (several) threads about this, that indicates you're compromised in any way...do you understand??? Continuing to ask over and over isn't going to change the answer.

If you're so concerned, throw your computer in the trash along with your backups (after all, they may ALSO contain the mystery hacker-virus-rat files), buy a new computer and use Windows. It'll ask you a zillion questions whenever you want to do anything, and you can load 50 different anti-virus/malware programs all at once to 'protect' yourself.
 
2 members found this post helpful.
Old 09-20-2021, 02:18 PM   #39
maw_walker
Member
 
Registered: Jul 2021
Posts: 119

Rep: Reputation: Disabled
Quote:
Originally Posted by whois1230 View Post
Today I checked some of the files on my desktop by clicking on 'properties'. I found 2 files which were accessed today which I did not open. How could this be explained?
This won't do any good and I am sure I am completely wasting my time, but as a hacker (white hat), I don't care about an individual. Even if I were a cybercriminal, I still wouldn't care about individuals, unless they had something to offer, like $, or if they were a hated political figure and I wanted to do something malicious to their online presence.

I am not going to waste my time getting a single person to install malware, and then controlling their PC to change the file access date on 2 of their files. Most self respecting cybercriminals have much better things to do.

There, I wasted a few electrons and now I feel better.
 
2 members found this post helpful.
Old 09-21-2021, 05:13 PM   #40
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,200

Rep: Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307
Quote:
Originally Posted by whois1230 View Post
Today I checked some of the files on my desktop by clicking on 'properties'. I found 2 files which were accessed today which I did not open. How could this be explained?
They were opened and indexed by your distribution's desktop search tool?
 
3 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
rat not working with etch miggins Debian 2 08-18-2005 02:14 AM
suse is kind of a rat foodhater SUSE / openSUSE 20 04-26-2005 01:56 AM
Rat Brain Pilot AvePtah General 9 11-05-2004 08:14 PM
Danger, Danger, Danger. Dead Rat Killed My Slack vdemuth General 2 07-12-2004 03:54 PM
Fedora(Dead Rat test) pains vs. Gentoo RacerD Linux - Newbie 14 04-18-2004 08:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration