this post was submitted on 05 Aug 2023
1941 points (97.3% liked)

linuxmemes

21434 readers
796 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
  •  

    Please report posts and comments that break these rules!


    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.

    founded 1 year ago
    MODERATORS
     

    For those who are wondering, yes, Wine is malware compatible so be careful about the EXEs you run!

    https://wiki.winehq.org/FAQ#Is_Wine_malware-compatible.3F

    you are viewing a single comment's thread
    view the rest of the comments
    [–] [email protected] 97 points 1 year ago (2 children)

    This happened to me not long ago when I found a monero miner running on my laptop. Being a highly technical person, I feel unbounded shame.

    [–] [email protected] 25 points 1 year ago (2 children)

    How did you figure out it was running? How did you confirm? Teach me your methods please

    [–] [email protected] 23 points 1 year ago (1 children)

    It was pretty easy to spot in htop since it had really high CPU usage. Plus, the command line args it launched with included the word "Monero" multiple times, so that was a bit of a giveaway haha

    [–] [email protected] 1 points 1 year ago (1 children)

    I sometimes leave my laptop on, but the monitor turned off when I go to sleep. Sometimes when I wake up, the fans on the laptop will be running full speed, which dies down soon after I turn the monitor on and use the laptop for a little while. Do you think this might be a symptom of some covertware running on my laptop?

    [–] [email protected] 2 points 1 year ago (1 children)

    Perhaps.

    There may be easier ways to test for this, but what comes to mind is if you install your current OS again on another partition and then leave it as you usually do, and see if the fans do the same thing. If they do, it might just be a fault with the fan control or sleep state or something.

    If it doesn't happen, I'd assume something fishy is going on. Maybe try and set up a script to log your CPU usage and what's using the most every few minutes. That might catch something?
    I've just now had another thought. If it's trying to be covert, maybe just leave your task manager / htop open and don't touch anything for a while, it might think you're afk and start running again. If it doesn't, it could be checking to see if common monitoring tools are running and stopping itself to avoid detection, if that's the case you'll have to be a bit smarter about trying to catch it.

    tl;dr Maybe. Run a virus scan if you can, or try and find it yourself if you think you can. If all else fails, nuke the OS and start again.

    [–] [email protected] 1 points 1 year ago

    That makes sense. In the end I guess it depends on what level any malware expects the user to search for it on. Thanks.

    [–] [email protected] 4 points 1 year ago

    I might be able to find a weird service or background app at most. Figuring out what is actually happening is beyond me.

    [–] [email protected] 8 points 1 year ago (2 children)

    Was it still through WINE? I'd feel bad for the miner as well as it likely couldn't have done the MSR mod so low hashrate lol.

    [–] [email protected] 8 points 1 year ago (1 children)

    Feeling bad that a scammer couldn't scam hard enough is hilarious. Only in a Linux forum.

    [–] [email protected] 6 points 1 year ago (1 children)

    Tbf, if you get an OOTB distro infected, that is most definitely user error

    [–] [email protected] 1 points 1 year ago (1 children)

    If you (somehow) manage to get gentoo or lfs infected, I'd still consider it user error lol

    [–] [email protected] 1 points 1 year ago

    LFS maybe, but gentoo or arch is understandable because you have to set the security up yourself.

    [–] [email protected] 6 points 1 year ago

    Yes it was, I run Zorin (Ubuntu-based) on my laptop.