Need actual general linux expertise now

Status
Not open for further replies.

Mikez77

New Member
Joined
Mar 27, 2023
Messages
25
Reaction score
1
Credits
302
Well. Looks like im still playing in the hackers playground. Its sick.

Whatever ive been wiping over and over hasnt been my hdd. Its been some virtual bollocks all along.

I see now how he keeps having this insane advantage no matter what i do.

He is in control of my actual hard drive and it has around 170k files, all linux based and only 8gb. Mostlly based around the polkit exploit (pwnkit) which isnt too big of a deal but whats a big deal is that its impossible to get rid of this loop0 that is always the actual root whenever i install stuff. Its filled with symlinks. I tried unlink on a ubuntu install, the bin folder. Boom, cant use sudo or do anything.

Actually 340k files 140tb...? How is it possible?
 


You're running Tails - a LIVE Linux distribution. I'm seeing no evidence of a hacker or any kind of hacking/intrusion/malware in any of those screenshots. That loop is part of the running TAILS OS. SquashFS is a file-system used by Linux Live environments. It's all completely normal from what I can see. So without wishing to be punny, you appear to be chasing your own tail here.

When you're running a LIVE distribution, the root of the file-system will be a virtual/live environment, running in RAM. Your HDD should NOT be getting used for anything. Your systems main HDD/SDD shouldn't even be mounted,unless you open it up with your file manager.

If you're concerned that your main system is somehow infected - you should be able to nuke it quite simply via TAILS. I haven't used TAILS for a long time, but I'm pretty certain it has a disk utility, probably GNOME disks or gparted, or something?!

Open up Gnome disks, or gparted, or whatever disk utilities you have in TAILS, select your hard disk and re-format it! From the list of devices in the disk management tools, you should easily be able to identify which device you're running TAILS on and which one your main OS is installed on.
Select the one containing your main OS and re-format it.
BOOM and your entire disk is wiped. Before doing that, you might want to make sure you have a live-installer for whatever distro you want to install so you can re-install something useful on there.

I imagine what you've been doing is messing with files that are running in the live TAILS environment.
Then when you reboot, things are coming back because they're immutably stored on the actual USB device (or CD/DVD, if you're running TAILS from optical media). So you've just been trying to delete parts of the TAILS system. NOT your actual HDD/SDD.


I took a look at your other threads and it seems there may be some genuine concern about an intrusion.
But from what I can see with what you've posted in this particular thread, from TAILS - it all looks normal.
 
I looked at all the photos as well I am not seeing anything weird, looks like all normal Tails stuff to me, so I agree with @JasKinasis - plus the odds of Tails getting infected would be practically impossible to say the least
 
Im quite speechless.
I'll just attach this screenshot, and if you tell me this is normal on a newly formatted and newly installed ubuntu on an SSD, I will move on
I was running every version of linux I could find. Did you fail to see the symlink picture of 340k files 140TB? That is on a NEW FORMATTED ssd. And every package you could possibly think of related to being able to remote control. Plus, his efivars kernel having the HOTPLUG enabled, which is insane, that enables him to work on my machine offline and then sync it.


The denial in the human brain is amazing, the self protecting mechanism
 

Attachments

  • Screenshot from 2023-03-31 21-45-06.png
    Screenshot from 2023-03-31 21-45-06.png
    117.7 KB · Views: 131
I can only get to his efivars kernel when I had installed Lubuntu, his scripts or whatever had not prepared for lubuntu package managers so it was easier for me to get full access to everything there. I ended up self-wrecking though since i'm a bit too reckless at this point. I also read that I can brick my own machine if im not careful removing stuff on efivars, which is insane.
 
I'll just attach this screenshot, and if you tell me this is normal on a newly formatted and newly installed ubuntu on an SSD, I will move on
It looks like this post explains exactly what you're seeing:

Personally, I would recommend that if you don't understand something on your system, maybe you could fo some research on it, rather than immediately assuming hackers. I mean, do you even have 140 Tb on your system? Seems like something doesn't add up, right?

Have you thought about taking a computer class?

having the HOTPLUG enabled, which is insane, that enables him to work on my machine offline and then sync it.
No, I don't think that's what that means.
 
Did you fail to see the symlink picture of 340k files 140TB?
Yes I saw that , but it does not mean your infected that counts the size of all files in your file system. Your file system isn't the same thing as your hard disk. In your file system for example are also /dev, /proc, and /sys, which are all virtual directories--these don't exist on your hard disk but are parts of your computer represented as files by the Linux kernel. They don't take up any actual space and the contents of the directories and files is generated by the Linux kernel as you, or a program you use, browses them.
There is a virtual file /proc/kcore, which represents the total amount of memory theoretically addressable on your computer. For 64 bit installations, that's 140 TB. You can check with:
Code:
ls -l /proc/kcore
The file should be 140737471590400 bytes big or close to it which is 140TBs - that is what you are seeing
 
Last edited by a moderator:
I do not really see anything that even remotely suggests the presence of malicious software, let alone a hacker, from the screenshots that you took in Tails either.

I always like to err on the side of caution and give people who seem to be in need of help the benefit of the doubt, but I can not help but feel that there might be a serious misunderstanding about how computer hardware and software works on your part, especially after taking a thorough, scrutinizing look at your previous posts.

Just as Matt suggested before me, I do wholly encourage and recommend taking computer classes, they can certainly go a long way towards furthering one's understanding of computers, and I would personally also recommend experimenting with Linux in a more thorough fashion, it is a truly worthwhile and enjoyable adventure if you give it a chance.

If I was even slightly cynical, I would think that you are pulling our tail here, but I believe that is really all that I have to say on this subject, and I will take my leave from this thread.
 
It is sometimes called..."using the best brains in the business for your own amusement"

Me..?....I am not amused. Not in the slightest.

As @Zev said above..."
I will take my leave from this thread.
Ditto from me.

'Unwatched' as of now
 
Quoting from my second post in the original thread:
In my opinion, @Mikez77 must find a local expert to assist him, someone who can troubleshoot the problems in a systematic way and give Mike good, practical security advice.

I stand by that statement and will restate it here:

-> Mike needs a real live person to look at his equipment and help him configure it securely.

I know that people here want to help, but the communications issues, lack of response to direct questions, and incomplete information make it impossible. That is independent of whether those communications issues are unintentional or deliberate.
 
I know the issue now, LOL.
Ive been playing in a manipulated pool of junk, every single formatting. He is using Udisks2 , which apparently can manipulate whole disks, so i'm installing, formatting and running around in these virtual disks, while he has both of my real disks completely under his control. Although I can access them with root I have no idea what to do really, does anyone have experience with this? I think this is as clear as it gets. Udisks2/disk manipulating in linux, how to work around that and get one or two real formats in on the real drives = problem solved and hes gone
This is a drive i thought I had full control over and my plan B was to remove my ssd 256gb drive from the computer and install on my cleaned, encrypted one. Well, as it turns out (using Manjaro now), what i've encrypted is a manipulated disk, and he's in full control of the real one of course.


Sorry about the language, but Okänd = unknown
Either way, that explains so much. I have root access, I can access every and each of his file on those disks. Any guidance? I have 5 days of linux experience.
 
Quoting from my second post in the original thread:
In my opinion, @Mikez77 must find a local expert to assist him, someone who can troubleshoot the problems in a systematic way and give Mike good, practical security advice.

I stand by that statement and will restate it here:

-> Mike needs a real live person to look at his equipment and help him configure it securely.

I know that people here want to help, but the communications issues, lack of response to direct questions, and incomplete information make it impossible. That is independent of whether those communications issues are unintentional or deliberate.
Look at the replies, there are no questions, only questionings. I see where you are coming from, but you are not being fair here. Also, in my previous post Its super clear what the issue is. And as I'm very rookie with linux, Im hoping someone can come with an idea on how to clean format the real drives when I have full access. I can't seem to launch or reinstall udisks2 though, i think they are under some protection - its these things that I get lost in, all the configs and shit he can protect his apps and restrict them with even if im root
 
Look at the replies, there are no questions, only questionings. I see where you are coming from, but you are not being fair here. Also, in my previous post Its super clear what the issue is. And as I'm very rookie with linux, Im hoping someone can come with an idea on how to clean format the real drives when I have full access. I can't seem to launch or reinstall udisks2 though, i think they are under some protection - its these things that I get lost in, all the configs and shit he can protect his apps and restrict them with even if im root
I appreciate your reply and admire your persistence, but I stand by my statements. This is your third thread on what appears to be the same set of issues, and we are no closer to solving them.

-> In my opinion, you need someone local who can help you. I won't bother to repeat it again. Good luck!
 
@Mikez77 I was the first here, IIRC, to say

To that end, and in addition to the advice posted above, I would, if it were me


  1. Contact the cyber crime authorities in my state or nation and ask what I can do
  2. Subject to their advice Contact a cyber professional who can clean my systems and implement safeguards for the future.
I also note he said elsewhere that he may lose his job over this, and that is something only he can weigh up.

That was at https://www.linux.org/threads/willi...ugh-this-monster-rat-hacket.44432/post-187703

Your use of the word

Okänd = unknown

opened the door to allowing me to divulge you are from Sweden. I would find it hard to believe if you say that a nation as technologically advanced as Sweden does not have its fair share of cyber professionals for you to choose one who can attend onsite.

3 threads now (one I have already locked) and nothing has changed, other than for me to say skip 1. and go straight to 2.

If that option is beyond your budget then less expensive might be to write off your rig and get a different computer.

You have already had access to some of the best brains in our site (and I do not include myself in that category) and no one else is likely to come along with an answer that works for you. If they do, they can converse with me.

I am locking this thread and the one about the update.

Please do not open any more threads on this subject.

You are certainly welcome to remain a Member and learn more about GNU/Linux, just no more of these type of Threads.

Thank you, and as always, thanks to all Helpers.

Chris Turner
wizardfromoz
 
Status
Not open for further replies.

Members online


Top