Troubleshooting computer startup with Terminal... Hopefully. Kind input appreciated. {newbie trying to learn}

[whistleblower]

Newbie trying to sort through this... Please bear with me because I'm trying to learn but don't know nearly enough...yet.
With your kindness, I'm hoping I can get some answers so I know what to do about this...

Can any of you tell me what I should do first to rid this computer of whatever is saved in it somewhere that's screwing up every OS I try to use?

• Running a freshly created TAILS live USB (verified on separate computer -- booted perfectly first as a live USB on separate computer with no issues)
• Put said fresh new TAILS live USB (or live Parrot USB) into the bad computer... it looks normal when first booting, then the log starts scrolling on the screen, and it gets to "rootfs" and mentions squashfs and then it hangs up for a long time... Screen goes gray, and everything changes. The same TAILS USB (or Parrot USB) that just booted perfectly on the clean computer looks and runs differently on this one
• Examples of computer issues: desktop background and even the icons appear slightly different, permissions are restricted and different, synaptic package manager has a ton of packages on it, date/time altered to wrong time, specific functions like netstat are disabled, iptables has crazy configuration that overrides the ufw that I can handle as a newbie, and even if I set an Administrator password on TAILS or Parrot live distro USB, when I'm running Linux, I'm locked out of viewing several folders and functions on the desktop, saying that I don't have Administrator privileges/or my password is invalid, and I get warnings from cloud services I need for work everyday that I'm signed on from two locations or I'm not working on the latest version of my file or I have to do extra security steps because they think my computer has been hacked... I get notices that over 1500 dpkgs need to be updated, but if I let them go through, even more stuff gets restricted and changed. My email accounts and online phone number account shows messages as received/read when I haven't logged in, etc. When viewing the various files and folders on the desktop, a very large number of files are there, and a Windows Network appears, etc., but I'm not permitted to even open any of those files or even something if I save to my own desktop... And the freaky thing right now is that on Parrot, there's this clipboard on the taskbar saving random things I type, and I can't make it go away... URLs, phrases that have to do with computer issues, etc... and it doesn't matter which live distro I use, even if it's freshly created and tests perfectly on different machines right before I use it on the one in question... I'm sure I'm forgetting something, but that's what I can rattle off for now...
• Based on tutorials, I tried to flash a manufacturer's updated BIOS with a burned ISO on a USB, but it didn't appear to make any changes (manufacturer put out a new BIOS in .exe format and did my best to convert it and flash it, not sure)
• Tried to follow YouTube tutorial on "shorting" the U22 spot on the motherboard to reset the BIOS/CMOS(?) but that didn't change anything either to my knowledge. But seeing the inside of a computer and taking a good look at the motherboard was a cool experience... Anyway...
• Computer tech replaced my hard drive and reset Windows after what he called a rootkit/bootkit situation last summer, but the problems persisted, so I deleted Windows OS and switched to running a live Linux USB only without a hard drive for now while I figure this out. It used to be that a fresh live USB would work for a couple days before it went haywire, but now it's as soon as I boot it on this particular machine in question... Months later, I'm still having significant issues but I can't afford to buy another computer at the moment <pounds head on desk in frustration>
• Tried to go through DPKG in terminal and google each dpkg and remove the bad ones that appear on this machine, but they come back every time I restart the machine (meaning that if I run TAILS on a clean computer, there are just the good dpkgs, but if I run it on the bad computer, there's a huge quantity of dpkgs that appear in the terminal, even if I never plug in the ethernet cable) For example, following a forum thread I learned that: sudo apt-get remove -y --purge zenity* will make hundreds of dpkgs delete, and even more when I do the apt autoremove command after it. Same with libmoosex* and librevenge* and other ones. But I don't know the chicken from the egg to know what to handle first.
• Tried a clean live USB distro as Parrot OS, same non-distro items and tweaks to the OS are showing up, even when the computer is not connected to the internet.
• I tried removing the wifi adapter with built-in bluetooth, since a tech I'd used earlier this year said they were hacking my Windows OS through bluetooth vulnerability, but it's still happening even with an ethernet cable connection direct to cable modem with no wifi and no adapter in place.
• I don't know security well enough to understand BIOS to Kernel and such, but I'm learning as fast as I can, since this is a persistent problem.

Root Terminal - systemctl output:

┌─[root@parrot]─[/home/user]
└──╼ #systemctl
  UNIT                      LOAD   ACTIVE SUB       DESCRIPTION             
  proc-sys-fs-binfmt_misc.automount loaded active running   Arbitrary Executab
  sys-devices-pci0000:00-0000:00:0e.0-sound-card0.device loaded active plugged
  sys-devices-pci0000:00-0000:00:12.0-ata2-host1-target1:0:0-1:0:0:0-block-sr0
  sys-devices-pci0000:00-0000:00:14.0-0000:01:00.0-net-eth0.device loaded acti
  sys-devices-pci0000:00-0000:00:15.0-usb1-1\x2d2-1\x2d2:1.0-host2-target2:0:0
  sys-devices-pci0000:00-0000:00:15.0-usb1-1\x2d2-1\x2d2:1.0-host2-target2:0:0
  sys-devices-platform-serial8250-tty-ttyS0.device loaded active plugged   /sy
  sys-devices-platform-serial8250-tty-ttyS1.device loaded active plugged   /sy
  sys-devices-platform-serial8250-tty-ttyS2.device loaded active plugged   /sy
  sys-devices-platform-serial8250-tty-ttyS3.device loaded active plugged   /sy
  sys-devices-virtual-block-loop0.device loaded active plugged   /sys/devices/
  sys-devices-virtual-block-pktcdvd0.device loaded active plugged   /sys/devic
  sys-devices-virtual-misc-rfkill.device loaded active plugged   /sys/devices/
  sys-subsystem-net-devices-eth0.device loaded active plugged   RTL810xE PCI E
  -.mount                   loaded active mounted   /                       
  dev-hugepages.mount       loaded active mounted   Huge Pages File System  
  dev-mqueue.mount          loaded active mounted   POSIX Message Queue File
  proc-sys-fs-binfmt_misc.mount loaded active mounted   Arbitrary Executable F
  run-live-medium.mount     loaded active mounted   /run/live/medium        
  run-live-overlay.mount    loaded active mounted   /run/live/overlay       
  run-live-rootfs-filesystem.squashfs.mount loaded active mounted   /run/live/
  run-user-1000.mount       loaded active mounted   /run/user/1000          
  sys-kernel-debug.mount    loaded active mounted   Kernel Debug File System
  tmp.mount                 loaded active mounted   /tmp                    
  usr-lib-live-mount-medium.mount loaded active mounted   /usr/lib/live/mount/
  usr-lib-live-mount-overlay.mount loaded active mounted   /usr/lib/live/mount
  usr-lib-live-mount-rootfs-filesystem.squashfs.mount loaded active mounted  
  usr-lib-live-mount.mount  loaded active mounted   /usr/lib/live/mount     
  systemd-ask-password-console.path loaded active waiting   Dispatch Password
  systemd-ask-password-wall.path loaded active waiting   Forward Password Requ
  init.scope                loaded active running   System and Service Manage
  session-1.scope           loaded active running   Session 1 of user user  
  session-3.scope           loaded active running   Session 3 of user user  
  accounts-daemon.service   loaded active running   Accounts Service        
  alsa-restore.service      loaded active exited    Save/Restore Sound Card S
  alsa-state.service        loaded active running   Manage Sound Card State (
  arpwatch.service          loaded active exited    arpwatch service        
● beef-xss.service          loaded failed failed    beef-xss                
  binfmt-support.service    loaded active exited    Enable support for additi
  blk-availability.service  loaded active exited    Availability of block dev
● console-setup.service     loaded failed failed    Set console font and keym
  cron.service              loaded active running   Regular background progra
  dbus.service              loaded active running   D-Bus System Message Bus
  [email protected]        loaded active running   Getty on tty1           
  haveged.service           loaded active running   Entropy daemon using the
● hostapd-wpe.service       loaded failed failed    hostapd-wpe - Modified ho
  ifupdown-pre.service      loaded active exited    Helper to synchronize boo
  keyboard-setup.service    loaded active exited    Set the console keyboard
  kmod-static-nodes.service loaded active exited    Create list of required s
  lightdm.service           loaded active running   Light Display Manager   
  live-config.service       loaded active exited    live-config configures a
  lvm2-monitor.service      loaded active exited    Monitoring of LVM2 mirror
  ModemManager.service      loaded active running   Modem Manager           
  networking.service        loaded active exited    Raise network interfaces
  NetworkManager.service    loaded active running   Network Manager         
  polkit.service            loaded active running   Authorization Manager   
  resolvconf.service        loaded active exited    Nameserver information ma
  rngd.service              loaded active running   Start entropy gathering d
  rsyslog.service           loaded active running   System Logging Service  
  rtkit-daemon.service      loaded active running   RealtimeKit Scheduling Po
  selinux-autorelabel-mark.service loaded active exited    Mark the need to re
● smartd.service            loaded failed failed    Self Monitoring and Repor
  snapd.seeded.service      loaded active exited    Wait until snapd is fully
  sysstat.service           loaded active exited    Resets System Activity Da
  systemd-journal-flush.service loaded active exited    Flush Journal to Persi
  systemd-journald.service  loaded active running   Journal Service         
  systemd-logind.service    loaded active running   Login Service           
  systemd-modules-load.service loaded active exited    Load Kernel Modules   
  systemd-random-seed.service loaded active exited    Load/Save Random Seed  
  systemd-remount-fs.service loaded active exited    Remount Root and Kernel F
  systemd-sysctl.service    loaded active exited    Apply Kernel Variables  
  systemd-sysusers.service  loaded active exited    Create System Users     
  systemd-tmpfiles-setup-dev.service loaded active exited    Create Static Dev
  systemd-tmpfiles-setup.service loaded active exited    Create Volatile Files
  systemd-udev-trigger.service loaded active exited    udev Coldplug all Devic
  systemd-udevd.service     loaded active running   udev Kernel Device Manage
  systemd-update-utmp.service loaded active exited    Update UTMP about System
  systemd-user-sessions.service loaded active exited    Permit User Sessions 
  udisks2.service           loaded active running   Disk Manager            
  ufw.service               loaded active exited    Uncomplicated firewall  
  unattended-upgrades.service loaded active running   Unattended Upgrades Shut
  upower.service            loaded active running   Daemon for power manageme
  [email protected] loaded active exited    User Runtime Directory
  [email protected]         loaded active running   User Manager for UID 1000
  wpa_supplicant.service    loaded active running   WPA supplicant          
  xplico.service            loaded active running   Xplico                  
  -.slice                   loaded active active    Root Slice              
  system-getty.slice        loaded active active    system-getty.slice      
  system.slice              loaded active active    System Slice            
  user-1000.slice           loaded active active    User Slice of UID 1000  
  user.slice                loaded active active    User and Session Slice  
  dbus.socket               loaded active running   D-Bus System Message Bus
  dm-event.socket           loaded active listening Device-mapper event daemo
  lvm2-lvmpolld.socket      loaded active listening LVM2 poll daemon socket 
  pcscd.socket              loaded active listening PC/SC Smart Card Daemon A
  snapd.socket              loaded active listening Socket activation for sna
  syslog.socket             loaded active running   Syslog Socket           
  systemd-initctl.socket    loaded active listening initctl Compatibility Nam
  systemd-journald-audit.socket loaded active running   Journal Audit Socket 
  systemd-journald-dev-log.socket loaded active running   Journal Socket (/dev
  systemd-journald.socket   loaded active running   Journal Socket          
  systemd-rfkill.socket     loaded active listening Load/Save RF Kill Switch
  systemd-udevd-control.socket loaded active running   udev Control Socket   
  systemd-udevd-kernel.socket loaded active running   udev Kernel Socket     
  uuidd.socket              loaded active listening UUID daemon activation so
  basic.target              loaded active active    Basic System            
  cryptsetup.target         loaded active active    Local Encrypted Volumes 
  getty.target              loaded active active    Login Prompts           
  graphical.target          loaded active active    Graphical Interface     
  local-fs-pre.target       loaded active active    Local File Systems (Pre)
  local-fs.target           loaded active active    Local File Systems      
  multi-user.target         loaded active active    Multi-User System       
  network.target            loaded active active    Network                 
  nss-user-lookup.target    loaded active active    User and Group Name Looku
  paths.target              loaded active active    Paths                   
  remote-fs.target          loaded active active    Remote File Systems     
  slices.target             loaded active active    Slices                  
  sockets.target            loaded active active    Sockets                 
  sound.target              loaded active active    Sound Card              
  swap.target               loaded active active    Swap                    
  sysinit.target            loaded active active    System Initialization   
  time-set.target           loaded active active    System Time Set         
  time-sync.target          loaded active active    System Time Synchronized
  timers.target             loaded active active    Timers                  
  apt-daily.timer           loaded active waiting   Daily apt download activi
  e2scrub_all.timer         loaded active waiting   Periodic ext4 Online Meta
  exim4-base.timer          loaded active waiting   Daily exim4-base housekee
  logrotate.timer           loaded active waiting   Daily rotation of log fil
  man-db.timer              loaded active waiting   Daily man-db regeneration
  systemd-tmpfiles-clean.timer loaded active waiting   Daily Cleanup of Tempor

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

130 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

┌─[✗]─[root@parrot]─[/home/user]
└──╼ #
[code]

 

[arochester]

It is normal on Forums to ask ONE question in a thread. Asking too many questions could result in tl;dr

 

[Condobloke]

G'day whistleblower, and Welcome to linux.org

Well....you really do have a LOT on your plate !

Far too much to tackle in one go...agree totally with @arochester \

As a newbie, your worst enemy is yourself.

You will lose interest fast by attempting to tackle stuff that seasoned pro's would baulk at.

1. what are the differences between the 'clean' pc and the one that is giving trouble. Specs please. brand, model, etc etc

There are several people who will sign on here later @dos2unix among them....they will have a far better idea than I will. Gather your info....post it here.....and pray that they dont give it the flick because it is tl;dr

(btw, "converting" an exe file that is going to flash a bios would not be for the faint hearted.....akin to burrowing ones way down a rabbitt hole !!! )

 

[Nik-Ken-Bah]

G'day @whistleblower
Welcome to the community.
Sorry I cannot help as I am relative new to the Linux World myself. The only advice that I can give is listen to what @arochester and @Condobloke say and follow their instructions.
In the words of Rudyard Kipling " Your a braver man than I Gunga Din". Messing around with the bios!

 

[Vrai]

Is this a laptop or desktop machine?
Flashing the BIOS and/or resetting it via the jumpers should remove any BIOS type malware. Although I have heard of one variant which writes itself to ROM and then sets the ROM to read only which can survive a re-flash. That seems unlikely though.
If you truly believe someone is hacking into your computer then report it to the authorities.
If the hard drive was replaced that should preclude any malware from a previous install. If in doubt I would erase the drive with something like DBAN (Darik's Boot And Nuke) and start fresh. This will erase everything on the drive! CAUTION
Are you 100% sure ALL network access is cut off? Wireless, Bluetooth, etc?
Does this machine have an optical disc drive? If so, try a Live DVD of a run-of-the-mill distro such as Linux Mint. The computer will not be able to write anything to the DVD after the .iso is burned to it and finalized.
If you can get a Live DVD to boot and run you can try running the "Memtest" from the Live disc. I think that is still one of the boot options.

 

[dos2unix]

Sorry, I must have missed this. Where are we?
I see permissions on files, and I see reflashing the BIOS and I see resetting the BIOS via removing a jumper.

First, why are we re-doing the BIOS? What do we expect it to change?
Second, where are you booting from? A USB drive, the hard drive, or a VM?
Third, who are you logging in as? What commands are trying to run?

I don't know if this is the problem yet... but what could be happening...
Someone created some files or directories as root or another user.
Your Linux disro see's these files somehow (I don't know how yet).
but you don't have permission to do anything with them.

Are you wanting to wipe out the hard drive on the computer?