this post was submitted on 05 Aug 2023
1941 points (97.3% liked)
linuxmemes
21434 readers
796 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack members of the community for any reason.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
- These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudo
in Windows. - No porn. Even if you watch it on a Linux machine.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This happened to me not long ago when I found a monero miner running on my laptop. Being a highly technical person, I feel unbounded shame.
How did you figure out it was running? How did you confirm? Teach me your methods please
It was pretty easy to spot in
htop
since it had really high CPU usage. Plus, the command line args it launched with included the word "Monero" multiple times, so that was a bit of a giveaway hahaI sometimes leave my laptop on, but the monitor turned off when I go to sleep. Sometimes when I wake up, the fans on the laptop will be running full speed, which dies down soon after I turn the monitor on and use the laptop for a little while. Do you think this might be a symptom of some covertware running on my laptop?
Perhaps.
There may be easier ways to test for this, but what comes to mind is if you install your current OS again on another partition and then leave it as you usually do, and see if the fans do the same thing. If they do, it might just be a fault with the fan control or sleep state or something.
If it doesn't happen, I'd assume something fishy is going on. Maybe try and set up a script to log your CPU usage and what's using the most every few minutes. That might catch something?
I've just now had another thought. If it's trying to be covert, maybe just leave your task manager / htop open and don't touch anything for a while, it might think you're afk and start running again. If it doesn't, it could be checking to see if common monitoring tools are running and stopping itself to avoid detection, if that's the case you'll have to be a bit smarter about trying to catch it.
tl;dr Maybe. Run a virus scan if you can, or try and find it yourself if you think you can. If all else fails, nuke the OS and start again.
That makes sense. In the end I guess it depends on what level any malware expects the user to search for it on. Thanks.
I might be able to find a weird service or background app at most. Figuring out what is actually happening is beyond me.
Was it still through WINE? I'd feel bad for the miner as well as it likely couldn't have done the MSR mod so low hashrate lol.
Feeling bad that a scammer couldn't scam hard enough is hilarious. Only in a Linux forum.
Tbf, if you get an OOTB distro infected, that is most definitely user error
If you (somehow) manage to get gentoo or lfs infected, I'd still consider it user error lol
LFS maybe, but gentoo or arch is understandable because you have to set the security up yourself.
Yes it was, I run Zorin (Ubuntu-based) on my laptop.