Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I suspect I have an infection from playing a Flash game.


  • Please log in to reply
17 replies to this topic

#1 SuperSapien64

SuperSapien64

  • Members
  • 979 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 PM

Posted 06 June 2017 - 08:07 PM

I was on Newgrounds playing some Flash games and when I loaded this one flash game the screen flashed and at first I thought it might bug, then latter on I was searching for images on DuckDuckGo and the screen kept scrolling upwards whenever I clicked on a image. I use Firefox with Firejail's private home feature I also had Eset Nod32 installed but it hasn't had an software update since 2013. Maybe this was an AV exploit or DDG was just acting buggy?

Please help.



BC AdBot (Login to Remove)

 


#2 MadmanRB

MadmanRB

    Spoon!!!!


  • Members
  • 3,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:No time for that when there is evil afoot!
  • Local time:08:22 PM

Posted 06 June 2017 - 09:51 PM

It could just be a bug or hiccup, luckily if firefox was hit by something I suggest removing its hidden files and starting with a fresh profile.

If a browser hijack it could just remain in your local browser profile and not get any farther.


You know you want me baby!

Proud Linux user and dual booter.

Proud Vivaldi user.

 

xu847p-6.png


#3 The-Toolman

The-Toolman

  • Members
  • 1,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 PM

Posted 06 June 2017 - 11:20 PM

 I also had Eset Nod32 installed but it hasn't had an software update since 2013. Maybe this was an AV exploit or DDG was just acting buggy?

Please help.

Why are you running anti-virus on Linux that in itself would seem to cause conflicts and then to be running an out dated unsupported version makes absolutely no sense to me.

 

UFW / GUFW  firewall enabled and firejail both on default gives most regular users excellent protection.


I'm grumpy because I can be not because I'm old.

 

The world is what you make of it, if it doesn't fit, you make alterations.

 

Under certain circumstances, profanity provides a relief denied even to prayer.  (Mark Twain)


#4 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 07 June 2017 - 12:16 AM

An AV program that doesn't have the latest updates is about as much use as a chocolate fireguard.

 

Most AV programs work using a blend of "signature" recognition, and heuristic detections. Of those 2 methods the signature method is the more reliable, heuristic detections produce a lot of false positives.

 

The vast majority of machines that get infected, get infected by a "current" infection, they almost never get infected by an old out of date one (although some of them are still in circulation) which is why it's so important that your AV is kept constantly updated.

 

As for your symptoms, they're far more typical of a piece of buggy code, or a faulty driver than they are of an infection, and I'd look there for the solution to your problem rather than to an infection, which in Linux is unlikely to be the cause of it.

 

Completely uninstall Firefox, and then re-install a new clean copy, and see if that resolves your problem.


Edited by Gary R, 07 June 2017 - 12:18 AM.


#5 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 979 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 PM

Posted 07 June 2017 - 02:32 PM

I restored my system with TimeShift but now when I boot into my admin account it freezes up but my nonadmin boots fine for the most part.

Can someone please walk me though how use the recovery option in Linux Mint KDE 17.2? I believe something got corrupted during the restore process with TimeShift.



#6 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 07 June 2017 - 04:59 PM

Don't have KDE, I have Mint Cinammon 17.2, but as far as I know the way to get into Recovery Mode is the same for both (or will be similar enough anyway)

 

Shut down your machine, then hold down your shift key and switch it back on. This should bring up your grub screen.

 

Select the Advanced Options and hit enter. Now select Recovery Mode and hit enter.

 

A number of terminal commands will scroll up your screen, before the recovery mode screen appears.

 

You should now be faced with a number of options ....

 

resume

clean

dpkg

fsck

grub

network

root

system-summary

 

choose dpkg to repair broken packages and fsck to check file systems for errors.

 

You can only perform one check at a time. If you perform a broken package check, you'll need to allow your filesystem to be remounted in read/write mode, which means if you need to run file system check afterwards then you'll have to reboot into recovery mode again before you can perform it.



#7 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 979 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 PM

Posted 07 June 2017 - 05:40 PM

I chose dpkg it said it fixed a couple of things, but I was forced to do a forced shut down because I didn't see any option to shut down my computer.

Is this the same with fsck? How do I shut down my computer in fsck or dpkg? And how does fsck fix file systems for errors?



#8 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 08 June 2017 - 02:21 AM

When the dpkg process has finished you should see the Recovery Mode screen again (the one with the 8 options I listed in my last post), at which point you choose the resume option and hit enter.

 

This will cause your machine to continue booting up into "normal mode", and when it's finished you can either continue using your machine, or shut down as you normally would.

 

You follow the same procedure if/when you perform the fsck file system check.



#9 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 979 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 PM

Posted 08 June 2017 - 11:47 AM

When the dpkg process has finished you should see the Recovery Mode screen again (the one with the 8 options I listed in my last post), at which point you choose the resume option and hit enter.

 

This will cause your machine to continue booting up into "normal mode", and when it's finished you can either continue using your machine, or shut down as you normally would.

 

You follow the same procedure if/when you perform the fsck file system check.

For some dpkg didn't boot me back into the Recovery Mode screen again.:(



#10 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 08 June 2017 - 05:04 PM

It doesn't boot you back into the Recovery Mode screen, you're already in Recovery Mode, so when dpkg finishes running it just brings up the list screen again.

 

If you've selected the dpkg option, and then accepted the prompt to remount your file system as read/write, then you need to wait for the process to finish. If it hasn't brought up the list screen, then that would suggest that it hasn't finished trying to recover your broken packages, and that you need to give it more time.

 

Alternatively one of the files necessary to run the check may be missing or damaged, so it might be worth running a fsck file system check first, and then try running the dpkg option again, and seeing if it finishes this time.

 

You'll need to reboot between running one test and running the next.



#11 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 979 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 PM

Posted 15 June 2017 - 07:03 PM

I think I know why my desktop isn't working properly. Because someone stole my 1TB Windows HDD and copied it onto my 2TB Linux HDD. I don't know who, how or when they managed to do this but its gone. :(



#12 pcpunk

pcpunk

  • Members
  • 6,106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:22 PM

Posted 15 June 2017 - 10:03 PM

Wait, that sounds wildly crazy, how or who would do that to you and where was this done, at work, home?  Wow! some one needs a good beaten.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#13 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 979 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 PM

Posted 15 June 2017 - 10:35 PM

Wait, that sounds wildly crazy, how or who would do that to you and where was this done, at work, home?  Wow! some one needs a good beaten.

At my apartment, maybe it was one of my neighbors that or one of neighbors called the authorities because of my psychosis and told them I'm on drugs and the authorities took my HDD to look for evidence of drug purchases on the darkweb (because I have outburst occasionally) and to them that means I'm on drugs which I'm not. And agree someone needs there butt kicked. :devil: :angry:



#14 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:22 PM

Posted 20 June 2017 - 06:12 AM

I think I know why my desktop isn't working properly. Because someone stole my 1TB Windows HDD and copied it onto my 2TB Linux HDD. I don't know who, how or when they managed to do this but its gone. :(

 

Wow, that took quite a bit of effort & enormous risk to accomplish, you obviously have a certain timeframe of being away & someone took that opportunity to do this. :angry:

 

99.9% of thieves would had outright stolen the drive (or the whole computer) & ran with it, not taken the risk of being caught in the midst of a break-in, which can have very bad consequences. Let me come home & catch a thief here in the act, there'll be no need for an ambulance, call for a body bag, because when I go somewhere, even if I can't carry in a weapon in an establishment, will leave it in the car & put back a coat of some type that I always wear outdoors upon getting back in. 

 

I've been broken into once & learned a lesson. There are several of us neighbors who watches one another, from the front, side & rear, all we have to do is pick up the phone call any of the others when leaving for awhile & will get a call if something's funky going on, as well as 911 if a crime is taking place. I promise that #1, should I arrive before the cops, no one will be shot in the back fleeing to make me the criminal, one way in & too many obstacles (very hidden window & patio door locks other than the latch) not to meet face to face trying to flee & #2, will wait until the suspect is under full control before calling 911, if not on the way. A break-in is just that & we have a lawful right, approved by our own Sheriff to stand our ground. :thumbsup:

 

Plus being disabled, no jury would find me guilty upon sight of my physical condition, as long as it's a face to face confrontation, plus have webcams installed & am adding a couple more. 

 

In your case, I suggest to #1, find a safer area to live & #2, establish contacts with trustworthy neighbors, preferably homeowners who are long established residents to watch when you're away. 

 

As far as the crime goes, no doubt the criminal either is someone you know & may trust, or another you don't know that monitors when you come & go, still a very odd & high risk crime. Breaking & Entering into a home is a felony in progress, often termed 'midnight burglary' if anyone's at home, a more serious offence, the one doing so carries a huge risk in spending that much time in your residence. 

 

So I suggest to reevaluate who your friends/contacts are & if you can't move, secure your living area better. There's ways to fully secure your place for under $100 in parts, to include deadbolts on the doors with the plate on the other side having two very long screws drilled deep into the studs (after a few inches, pull the bit out & squirt plenty of Locktite in & finish), add hidden locks in windows, a couple of secret, yet well concealed & strong pins per window. And don't show anyone where these are. Friends, family, neighbors and/or the accomplices of any are often the ones that took the chance described here. Not a typical criminal where the goal is a 'quick & dirty' execution of a crime & get out of the area as quick as possible to avoid capture. 

 

To answer the above, I also don't believe that the police would go through that much trouble to seize your HDD over an alleged crime (hearsay). You would have had been served with a search warrant & any computers, external drives to include USB sticks, as well as optical media, would had been seized in your presence, provided that had you been there, no violence would had been predicted. At any rate, you (or a known family member, if none known, then your landlord, on your behalf) would had been notified in some way that your HDD was seized as evidence to investigate for possible crime(s). A suspect of a crime has full rights until conviction, to include being present with attorney during search & seizure of property. If you believe this to be the case, you need to contact your local law enforcement agency & ask if you're under any investigation. If so, most any attorney worth retaining would agree that your rights as a citizen has been violated by this type of search & seizure of property. 

 

Only in the case of (suspected) high crimes committed against the nation, would law enforcement seize your computer equipment & most likely, you as well.

 

Sounds like someone you trust has pulled a dirty prank, although note that this is only my opinion, and yes, whoever done it needs a good 'wake-up' call in the form of a butt kicking. It's been close to three years back, that's exactly what happened when a relative stole a USB stick from me that had been used as a portable Malware scanner. There were a lot of infected files quarantined, he stole & traded it to a local store owner for a pack of cigarettes. Not only did he receive a severe butt kicking from that man for his PC being infected, when my other relative (his mother) demanded who done it, he told her, she went to the store & demanded to know why, he told her straight up what happened & showed the USB stick. At that moment, she knew it was mine (made of metal with a streak of red nail polish he didn't remove first), as I had just cleaned up her computer days earlier. When she returned home, he got at least two more whacks across the head with a broom handle for being a thief & called me to pick up my USB stick. She knew I was looking for it because I called & asked if I had left it laying on her desk, a couple of others also knew it was missing. 

 

So I suspect something of that nature, someone you may know & trust, did this to you, not the local authorities. :)

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#15 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 979 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 PM

Posted 20 June 2017 - 11:57 AM

@ cat1092

 

Good point. In fact I had some neighbors who had someone repeatedly break into the apartment and steal things or break things (they moved out eventually). Its probably the same person.

The only problem the landlord told them they were delusional when they told her what happened. :devil:  :angry:  And know what she'll tell me, Is that why did you remove your HDD? Why would I prank myself first of all I don't even know how to copy my Windows HDD to my Linux HDD which also messed up my UEFI secondly I'd have to be pretty sick in the head to do that to myself.


Edited by SuperSapien64, 20 June 2017 - 05:19 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users