Just a general update, no troubleshoot needed

Status
Not open for further replies.

Mikez77

New Member
Joined
Mar 27, 2023
Messages
25
Reaction score
1
Credits
302
So, after having completely wiped, sanitized both my drives and clean install, it took only about 1.5 hours for it to re/establish itself with full force. Thats 1.4 hours longer than usual though, but still. ESET smart security scanner said it\s an UEFI variant of CompuTrace, so its not only a virus, but a remote hacker implementing an uefi virus/hijacking the uefi.
I thought of a few solution and at the moment one of them is working quite well.

1. I pulled out the wifi card from laptop, I dont want wifi or bluetooth near my life ever again, so those two are gone, feels good.
2. I encrypted an ubuntu live usb along with fully encrypting my two hard drives. No matter how much UEFI this virus is hijacking, it has no power unless it can be supplemented by an OS. So im using Virtualbox within the bootable ubuntu while the two drives are full encrypted, so far i have not seen a trace of any hacker or virus for many hours. Im not going to say its a success until at least a week or more has gone though. Kind of silly, but funny.

The other option was to re-claim the UEFI using Chipsec, but it seemed very risky and also quite complicated as im still only like 5 days in to using linux overall, I feel im too old to learn new things, I get super frustrated by how hard it is to just install something in comparison to windows, there is no double clicking and let it run, well sometimes I guess but for the most part you need to install 7 different dependencies in terminal just to launch one single app, like qtorrent or similar. I know, the benefits outweighs the cons long term most likely and Im just being grumpy.
The security and overall free hands you have in linux seems vastly much better than windows. I feel like I have much better overview of whats going on with my connection, using the netplan/connection manager, as well as being able to very simply block ports, the rdp port and ssh port got blocked real quick.

Other than that, Ill throw in a question if anyone can or wants to answer, is there a particular piece of hardware that should be replaced if it goes wrong? I feel like its going to be hard to find someone to flash the SPI physically and rather just replace some pieces as cheap as possible. Rather not buy a new computer either until I know my home is secured, because I actually believe my neighbors are hacked pretty hard and its been using those connections to get to me as well. Ive seen their routers in use frequently in my network during my "battles"
Some screenshots as well, the gkpam and exec thing was from the hacker/virus, have not seen anything from it since.
 

Attachments

  • Screenshot from 2023-03-29 22-50-39.png
    Screenshot from 2023-03-29 22-50-39.png
    44.2 KB · Views: 103
  • Screenshot from 2023-03-29 22-48-19.png
    Screenshot from 2023-03-29 22-48-19.png
    116.1 KB · Views: 110
  • Screenshot from 2023-03-29 22-48-12.png
    Screenshot from 2023-03-29 22-48-12.png
    115.2 KB · Views: 106


What did you run this on ?....which particular Linux?
I installed it and set i up immediately upon the new windows installation after installing drivers. It was working well and blocked a ton of connections in/out from a bunch of systemfiles. It always works well for a good 20 minutes, then I know whats up when the notification of my antivirus stops, its game over and the antivirus is just nothing but more fuel for the virus at that point, and I can slowly see how folders are being overtaken by first a fake TrustedInstaller, and then the SYSTEM user. (user, not service, but same permission as the service) And at that point you can just shut down and boot in to linux or try some live cd shenanigans because if you boot back in to windows, there are 200 task scheduler triggers waiting for you to click on anything to install 20 malwares per click or something. So only safe mode works, for awhile, basically just prolonging the inevidable there anyway.

How this thing works, is that when you install windows, it uses its own installation. I cant figure out how to work around that, there is a .1 second CMD flash before the usb boots in to the install media. When I used modified installations, I could tab out and use softwares like total commander etc right after the install boot, instead of installing windows, and when tabbing out I can see the windows setup.exe in the root of X: that is always being used instead of the .exe on my USB.
If I can solve that puzzle some day I think it might be purgeable. Perhaps not though, but as long as that happens its just pointless.
 
Last edited by a moderator:
I am out of this topic.....It just spews bs

Enuff
 
I dont understand the questioning, are people in general in some sort of denial because they cant comprehend it? Its rare, but it is very real. I dont know how much proof you want or need. I thought your question was genuine but you were just out to "get me" lol. I even have small video clips , but I doubt that will be sufficient for you. I can show you how my "LAN" looks like currently on my phone by the way, ill take a pic. I can scroll pretty far too, but I suspect youll have a logical explanation to why that is completely fine and normal.
From the app Pingtools
Either way, not here to cause any ruckus, just an update in general. Just fascinated over how people are in disbelief. I saw the same thing on a few other forums on some posts 2 years ago or so of people who experienced the very exact same thing as me. Disbelief, questioning etc.
 

Attachments

  • Screenshot_20230330_025638_PingTools.jpg
    Screenshot_20230330_025638_PingTools.jpg
    394.6 KB · Views: 125
Last edited:
@Mikez77:
Thank you for the update. For your sake, I hope you are pleased with the results, and your situation remains stable.

In my opinion, the reason people are "confused" and "in some sort of denial" is because your use of terminology and your descriptions do not align with their own security knowledge and experience, coupled with their understanding of how systems work.

Include me among those who are confused and in denial. Based on your previous descriptions, it is my opinion that you do not fully understand your security issues. Do not be surprised if your security problems return.
 
So, after having completely wiped, sanitized both my drives and clean install, it took only about 1.5 hours for it to re/establish itself with full force. Thats 1.4 hours longer than usual though, but still. ESET smart security scanner said it\s an UEFI variant of CompuTrace, so its not only a virus, but a remote hacker implementing an uefi virus/hijacking the uefi.

I think you're on the wrong Forum...this is a Linux Forum.
m09002.gif
 
@Mikez77:
Thank you for the update. For your sake, I hope you are pleased with the results, and your situation remains stable.

In my opinion, the reason people are "confused" and "in some sort of denial" is because your use of terminology and your descriptions do not align with their own security knowledge and experience, coupled with their understanding of how systems work.

Include me among those who are confused and in denial. Based on your previous descriptions, it is my opinion that you do not fully understand your security issues. Do not be surprised if your security problems return.
I fully agree with you on this.
 
ESET can be used with Linux. Their endpoint security software is available for Linux, though they dropped the dedicated Linux antivirus software some time ago.

You still haven't said which Linux distro you're using and your various images aren't informative - nor indicating anything in particular.

Is Linux what you're using, or are you using Windows? If so, which distro you're using is pretty basic information folks should have.

'Cause we do all sorts of things here, but we don't do Windows.

Read the 2nd link in my signature.
 
Status
Not open for further replies.

Staff online


Top