Can anyone explain what is going on with the locations of the devices as shown in the screenshot which can be found on my Imgur page via this link?
In order to be complete please:
- use a new / different router - possibly the agreeable individual who will let you use their connection
- completely wipe out your UM computer
- download the UM install from your agreeable individual's computer
- leave your smartphone at your house
- do NOT connect any other device to the router other than your UM computer
good luck!
- Your Western Digital 500GB Hard drive has an unknown format type
- The OCTET-STREAM format is used for file attachments on the Web with an unknown file type. These .octet-stream files are arbitrary binary data files that may be in any multimedia format.
- The file system is consuming about 27GB with about 202 GB free space
- Boot repair is more than likely from Windows
Do you know what's the status of the remaining 220 GB?
Are you dual booting UM and Win?
How did you format the WD?
not like that ......never have don't even know how
Is this the new computer that you installed UM?
If so what choice did you make when installing?
Did it come from manufacturer with Win installed?
Rev. 1 - Updated reply to include information about google drive, collaboratory and onedrive
@ pfeiffep This isn't a new PC. It did come with Windows installed but i have long since removed Windows and installed UM. The choices I selected during install , where all the normal choices, not opting for the logical volume install with encryption and using a single partition with a UEFI boot partition. Nothing fancy or special, just trying to keep everything simplified for trouble shooting.
As I suspected, while using the PC yesterday, I powered off my phone and then when I went to either open a new web page or a new tab or the page just refreshed (I cant remember) it immediately popped up an error screen stating that it couldn't locate the proxy server I had been using. Everything is getting piped through my phone for redirection, but not all the time. I don't understand how that is possible considering I pulled out an older router which I've flashed on ddwrt firmware, went through the settings and have not connected the phone to it.
One other thing that happened I've been forgetting to post is that recently, I had uploaded a few files to my one drive and then a little while later or the next day accessed my google drive and found exactly what I had uploaded to my one drive in my google drive. I get the distinct impression that whenever I use Firefox or almost any other browser, that I am using a version of chrome with some sort of overlay for what I think I'm using for a browser. I'm not sure what could be going on there but though it may be worth mentioning. Also, late yesterday evening I decided I was going to close all of my google accounts, went into the main one that I use and deleted all of my emails. Right after deleting the emails, another paged opened up for google collaboratory (or something like that), that showed what seemed to be an account of mine but I have never heard collaboratory and definitely never created an account for this service. I will be calling google momentarily to find out more about it and what's why I have an account along with any others that I may not know about.
I'm willing to help you with the strategy I've already outlined. Providing symptoms from devices connected to a compromised network will only frustrate you. In order to 100% remedy this situation you need to start with a completely clean computer and router.
Please pick ONE computer, preferably a laptop, that you can wipe completely clean. Than proceed with proposed strategy. I strongly suggest a 2-3 day time frame to complete. This might seem extreme, but to my mind it's nothing when compared to the 2+ years that you've been suffering. You've been posting about this now for 7 days
1 Like
Research Minux. All PC's with intel chips run Minux in the background. Ever wounder why PC's got more powerful and slower? They are running 2 OS's at once. I'll bet this is where the back doors come from. Don't know what to do except, buy AMD. https://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/
Felicidando !
You address it very well !
Such an amazing job ....
1 Like
Rev. 1 - Added udisksctl output. The findmnt output is added in the next reply.
@pfeiffep I appreciate your input and help. I've been trying to find a friend willing to let me do what you've outlined, and it hasn't been easy to find someone willing. Everyone that I know, is fully aware of this problem and to be honest, they don't want anything to do with it. Thankfully, one friend gave me the green light. Over the next few days, I will be following your suggestions, step by step as you've recommended and I will report back with the results when finished, but it will take me a few days because I still need to get the equipment and I also have work to attend to.
@Johnl Strangely enough, the AMD's are more affected by this malware than the Intel design as well as the MiniX PC's, having owned one, which become infected.
Additional Events and Information to Share
In the mean time, I wanted to share that I had one of my computers (the 1st one which was infected) at a local repair shop to see if there was anything they may pickup on and or do, which I haven't already. Unfortunately, the results were unsatisfactory but they did wipe the drive, flash the BIOS and reinstalled Windows 10 (not by request). I had also given them a router which I felt had problems and possibly was infected but they reported that nothing seemed out of the ordinary.
After I got the PC home, I turned it on but before letting it boot, went in and reconfigured the BIOS, adding passwords to both boot the PC and also access the BIOS settings. The main changes in the settings included, enabling secure boot, resetting and enabling the TPM, resetting the secure boot keys, updating the date and time along with some minor changes to the power and performance configuration. I did not connect, and still have not connected, any means that will accept or transfer a wireless or IR signal and have not connected it to the internet. The only connections made have been a hardwired keyboard and mouse, two monitors, desktop speakers, incoming power and a securely wiped USB. I booted once to Windows to see that they had installed a couple of AV programs, WD disk utilities for (2) 1Tb HDD's installed in the PC, and Samsung Magician Software for (2) 500Gb SSD's also installed in the tower.
I opened the Magician software to check a couple of settings and used the utility to generate a boot-able USB (securely wiped) to securely erase that particular SSD make/model, which is a built in feature for that drive. Everything seemed to be going smoothly but I hadn't really started probing to see if any of the typical red flags were present. Next I rebooted to the BIOS settings and disabled the drive with Windows 10 installed, created a RAID 0 with the (2) WD HDD's and then installed UM there. As the PC started to boot to the trusted UM install media, the first error appeared and one that I see quite frequently, indicating a bug in the TPM and issues with the ACPI.
I proceeded with the install, recording the command line output generated in the process. I then gathered the system logs which show all of the same indicators I am accustom to seeing. I also examined the result of "udisksctl dump", finding that to be useful in the past. I've seen the information before but was just trying to make more sense of it because what is shown for the loop devices can't be seen by the command findmnt or fdisk -l , which i thought strange. Please see an example below, which shows multiple loop devices and also shows that they are part of a RAID configuration (no relation to the RAID 0 I created) and depending on which device, there are multiple symbolic links associated with each device.
Some of the symlinks are normal I'm sure but the ones that raised my eyebrows were the ones associated with the optical drive. I still haven't been able to clearly understand what is being done with the links but I believe there are malicious files hiding behind the cover of the physical optical drive device designation and are somehow protected by the symbolic links due to the fact that the link and not the file is affected when performing typical file operations. I'm sure there is more to what I am trying to elude to because I don't understand it fully but maybe there is enough of an idea shown that someone can recognize/understand what exactly is going on and whether or not it holds any significance to the problem.
Over the course of several boots and more inspection, the indicators only became more apparent and I saw most problems originating from the direction of the optical drive behavior when used with boot-able media and also from using/enabling the TPM and UEFI secure boot mode.
I know that proof of concept exists, showing vulnerabilities with the UEFI and TPM and how they can be affected and infected by malware, but I am not familiar with it being done in "the wild". Does anyone know of a specific malware that targets the UEFI/TPM? If that were to be the source of infection/persistence, does anyone know if or how to deal with removing such an infection or if it is even possible? I know clearing the TPM and resetting the secure boot keys does not do anything to help. I also noted somewhere along the course of these events that there was strong indication of problems associated with the "Rapl" driver (i may be mistaken of the name/acronym), but can't offer much more than that with respect to what was seen exactly.
Some other interesting events I think are worth mentioning are: 1. while tying to use the Magician generated boot-able USB for secure erase on one of my other PC's with the same SSD I suspect to have infected firmware, I received an error message stating that the drive does not support secure erase but I am 100% positive that it does, having done it on other of the same drives in the past and also told that it has the capability by the manufacturer. 2. While trying to confirm my theory of protected, malicious files hiding behind symlinks, I attempted to erase any such file using the dd command and directing the copy of /dev/zero to the path of the symlink(s) .
The results varied with each symlink, being successful and writing up to 5Gb of data with some of the links but the last one I made the attempt on, not being able to recall which link now, crashed the live media I was booted to almost instantly after executing the command but I gave the command with arguments to an offline device (I do remember that much), which shouldn't have cause a system crash when booted to an alternate environment.
udisksctl output
/org/freedesktop/UDisks2/Manager:
org.freedesktop.UDisks2.Manager:
SupportedFilesystems: ext2
ext3
ext4
vfat
ntfs
exfat
xfs
reiserfs
nilfs2
btrfs
minix
udf
f2fs
swap
Version: 2.8.2
/org/freedesktop/UDisks2/block_devices/loop0:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/loop0
DeviceNumber: 1792
Drive: '/'
HintAuto: false
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: true
Id:
IdLabel:
IdType: squashfs
IdUUID:
IdUsage: filesystem
IdVersion: 4.0
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/loop0
ReadOnly: true
Size: 93581312
Symlinks:
UserspaceMountOptions: x-gdu.hide
org.freedesktop.UDisks2.Filesystem:
MountPoints: /snap/core/6673
Size: 0
org.freedesktop.UDisks2.Loop:
Autoclear: true
BackingFile: /var/lib/snapd/snaps/core_6673.snap
SetupByUID: 0
/org/freedesktop/UDisks2/block_devices/loop1:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/loop1
DeviceNumber: 1793
Drive: '/'
HintAuto: false
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: true
Id:
IdLabel:
IdType: squashfs
IdUUID:
IdUsage: filesystem
IdVersion: 4.0
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/loop1
ReadOnly: true
Size: 16384
Symlinks:
UserspaceMountOptions: x-gdu.hide
org.freedesktop.UDisks2.Filesystem:
MountPoints: /snap/software-boutique/39
Size: 0
org.freedesktop.UDisks2.Loop:
Autoclear: true
BackingFile: /var/lib/snapd/snaps/software-boutique_39.snap
SetupByUID: 0
/org/freedesktop/UDisks2/block_devices/loop2:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/loop2
DeviceNumber: 1794
Drive: '/'
HintAuto: false
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: true
Id:
IdLabel:
IdType: squashfs
IdUUID:
IdUsage: filesystem
IdVersion: 4.0
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/loop2
ReadOnly: true
Size: 90845184
Symlinks:
UserspaceMountOptions: x-gdu.hide
org.freedesktop.UDisks2.Filesystem:
MountPoints: /snap/ubuntu-mate-welcome/313
Size: 0
org.freedesktop.UDisks2.Loop:
Autoclear: true
BackingFile: /var/lib/snapd/snaps/ubuntu-mate-welcome_313.snap
SetupByUID: 0
/org/freedesktop/UDisks2/block_devices/loop3:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/loop3
DeviceNumber: 1795
Drive: '/'
HintAuto: false
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: true
Id:
IdLabel:
IdType:
IdUUID:
IdUsage:
IdVersion:
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/loop3
ReadOnly: false
Size: 0
Symlinks:
UserspaceMountOptions:
org.freedesktop.UDisks2.Loop:
Autoclear: false
BackingFile:
SetupByUID: 0
/org/freedesktop/UDisks2/block_devices/loop4:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/loop4
DeviceNumber: 1796
Drive: '/'
HintAuto: false
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: true
Id:
IdLabel:
IdType:
IdUUID:
IdUsage:
IdVersion:
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/loop4
ReadOnly: false
Size: 0
Symlinks:
UserspaceMountOptions:
org.freedesktop.UDisks2.Loop:
Autoclear: false
BackingFile:
SetupByUID: 0
/org/freedesktop/UDisks2/block_devices/loop5:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/loop5
DeviceNumber: 1797
Drive: '/'
HintAuto: false
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: true
Id:
IdLabel:
IdType:
IdUUID:
IdUsage:
IdVersion:
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/loop5
ReadOnly: false
Size: 0
Symlinks:
UserspaceMountOptions:
org.freedesktop.UDisks2.Loop:
Autoclear: false
BackingFile:
SetupByUID: 0
/org/freedesktop/UDisks2/block_devices/loop6:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/loop6
DeviceNumber: 1798
Drive: '/'
HintAuto: false
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: true
Id:
IdLabel:
IdType:
IdUUID:
IdUsage:
IdVersion:
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/loop6
ReadOnly: false
Size: 0
Symlinks:
UserspaceMountOptions:
org.freedesktop.UDisks2.Loop:
Autoclear: false
BackingFile:
SetupByUID: 0
/org/freedesktop/UDisks2/block_devices/loop7:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/loop7
DeviceNumber: 1799
Drive: '/'
HintAuto: false
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: true
Id:
IdLabel:
IdType:
IdUUID:
IdUsage:
IdVersion:
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/loop7
ReadOnly: false
Size: 0
Symlinks:
UserspaceMountOptions:
org.freedesktop.UDisks2.Loop:
Autoclear: false
BackingFile:
SetupByUID: 0
/org/freedesktop/UDisks2/block_devices/sda:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/sda
DeviceNumber: 2048
Drive: '/org/freedesktop/UDisks2/drives/Samsung_SSD_850_EVO_500GB_S2RANX0J126811D'
HintAuto: false
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: true
Id: by-id-ata-Samsung_SSD_850_EVO_500GB_S2RANX0J126811D
IdLabel:
IdType:
IdUUID:
IdUsage:
IdVersion:
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/sda
ReadOnly: false
Size: 500107862016
Symlinks: /dev/disk/by-id/ata-Samsung_SSD_850_EVO_500GB_S2RANX0J126811D
/dev/disk/by-id/wwn-0x5002538d41b21caf
/dev/disk/by-path/pci-0000:00:17.0-ata-1
UserspaceMountOptions:
/org/freedesktop/UDisks2/block_devices/sdb:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/sdb
DeviceNumber: 2064
Drive: '/org/freedesktop/UDisks2/drives/External_USB_3_2e0_0000007788CF'
HintAuto: true
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: false
Id: by-id-usb-External_USB_3.0_0000007788CF-0:0
IdLabel:
IdType:
IdUUID:
IdUsage:
IdVersion:
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/sdb
ReadOnly: false
Size: 500107862016
Symlinks: /dev/disk/by-id/usb-External_USB_3.0_0000007788CF-0:0
/dev/disk/by-path/pci-0000:00:14.0-usb-0:2:1.0-scsi-0:0:0:0
UserspaceMountOptions:
org.freedesktop.UDisks2.PartitionTable:
Partitions: ['/org/freedesktop/UDisks2/block_devices/sdb1', '/org/freedesktop/UDisks2/block_devices/sdb2']
Type: gpt
/org/freedesktop/UDisks2/block_devices/sdb1:
org.freedesktop.UDisks2.Block:
Configuration: [('fstab', {'fsname': , 'dir': , 'type': , 'opts': , 'freq': <0>, 'passno': <1>})]
CryptoBackingDevice: '/'
Device: /dev/sdb1
DeviceNumber: 2065
Drive: '/org/freedesktop/UDisks2/drives/External_USB_3_2e0_0000007788CF'
HintAuto: true
HintIconName:
HintIgnore: true
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: false
Id: by-id-usb-External_USB_3.0_0000007788CF-0:0-part1
IdLabel:
IdType: vfat
IdUUID: 0B43-24E7
IdUsage: filesystem
IdVersion: FAT32
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/sdb1
ReadOnly: false
Size: 536870912
Symlinks: /dev/disk/by-id/usb-External_USB_3.0_0000007788CF-0:0-part1
/dev/disk/by-partlabel/EFI\x20System\x20Partition
/dev/disk/by-partuuid/1e1cfc67-99c3-484a-8b32-17c363879651
/dev/disk/by-path/pci-0000:00:14.0-usb-0:2:1.0-scsi-0:0:0:0-part1
/dev/disk/by-uuid/0B43-24E7
UserspaceMountOptions:
org.freedesktop.UDisks2.Filesystem:
MountPoints: /boot/efi
/org/freedesktop/UDisks2/block_devices/sdb2:
org.freedesktop.UDisks2.Block:
Configuration: [('fstab', {'fsname': , 'dir': , 'type': , 'opts': , 'freq': <0>, 'passno': <1>})]
CryptoBackingDevice: '/'
Device: /dev/sdb2
DeviceNumber: 2066
Drive: '/org/freedesktop/UDisks2/drives/External_USB_3_2e0_0000007788CF'
HintAuto: true
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: false
Id: by-id-usb-External_USB_3.0_0000007788CF-0:0-part2
IdLabel:
IdType: ext4
IdUUID: 0b400dad-73e2-4a6e-ac78-4cb3be87f730
IdUsage: filesystem
IdVersion: 1.0
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/sdb2
ReadOnly: false
Size: 499568869376
Symlinks: /dev/disk/by-id/usb-External_USB_3.0_0000007788CF-0:0-part2
/dev/disk/by-partuuid/82331e69-4b4a-4ea5-9acc-ef1cd3d1157b
/dev/disk/by-path/pci-0000:00:14.0-usb-0:2:1.0-scsi-0:0:0:0-part2
/dev/disk/by-uuid/0b400dad-73e2-4a6e-ac78-4cb3be87f730
UserspaceMountOptions:
org.freedesktop.UDisks2.Filesystem:
MountPoints: /
Size: 499568869376
org.freedesktop.UDisks2.Partition:
Flags: 0
IsContained: false
IsContainer: false
Name:
Number: 2
Offset: 537919488
Size: 499568869376
Table: '/org/freedesktop/UDisks2/block_devices/sdb'
Type: 0fc63daf-8483-4772-8e79-3d69d8477de4
UUID: 82331e69-4b4a-4ea5-9acc-ef1cd3d1157b
/org/freedesktop/UDisks2/block_devices/sr0:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/sr0
DeviceNumber: 2816
Drive: '/org/freedesktop/UDisks2/drives/hp______DVDRW__DA8AESH_4A6709918703'
HintAuto: true
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: false
HintSymbolicIconName:
HintSystem: false
Id:
IdLabel:
IdType:
IdUUID:
IdUsage:
IdVersion:
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/sr0
ReadOnly: true
Size: 0
Symlinks: /dev/cdrom
/dev/cdrw
/dev/disk/by-id/ata-hp_DVDRW_DA8AESH_4A6709918703
/dev/disk/by-path/pci-0000:00:17.0-ata-2
/dev/dvd
/dev/dvdrw
UserspaceMountOptions:
/org/freedesktop/UDisks2/drives/External_USB_3_2e0_0000007788CF:
org.freedesktop.UDisks2.Drive:
CanPowerOff: true
Configuration: {}
ConnectionBus: usb
Ejectable: false
Id: External-USB-3.0-0000007788CF
Media:
MediaAvailable: true
MediaChangeDetected: true
MediaCompatibility:
MediaRemovable: false
Model: USB 3.0
Optical: false
OpticalBlank: false
OpticalNumAudioTracks: 0
OpticalNumDataTracks: 0
OpticalNumSessions: 0
OpticalNumTracks: 0
Removable: true
Revision: 0203
RotationRate: -1
Seat: seat0
Serial: 0000007788CF
SiblingId: /sys/devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0
Size: 500107862016
SortKey: 00coldplug/12removable/sd____b
TimeDetected: 1564097153087822
TimeMediaDetected: 1564097153087822
Vendor: External
WWN:
/org/freedesktop/UDisks2/drives/Samsung_SSD_850_EVO_500GB_S2RANX0J126811D:
org.freedesktop.UDisks2.Drive:
CanPowerOff: false
Configuration: {}
ConnectionBus:
Ejectable: false
Id: Samsung-SSD-850-EVO-500GB-S2RANX0J126811D
Media:
MediaAvailable: true
MediaChangeDetected: true
MediaCompatibility:
MediaRemovable: false
Model: Samsung SSD 850 EVO 500GB
Optical: false
OpticalBlank: false
OpticalNumAudioTracks: 0
OpticalNumDataTracks: 0
OpticalNumSessions: 0
OpticalNumTracks: 0
Removable: false
Revision: EMT02B6Q
RotationRate: 0
Seat: seat0
Serial: S2RANX0J126811D
SiblingId:
Size: 500107862016
SortKey: 00coldplug/00fixed/sd____a
TimeDetected: 1564097153087507
TimeMediaDetected: 1564097153087507
Vendor:
WWN: 0x5002538d41b21caf
org.freedesktop.UDisks2.Drive.Ata:
AamEnabled: false
AamSupported: false
AamVendorRecommendedValue: 0
ApmEnabled: false
ApmSupported: false
PmEnabled: true
PmSupported: true
ReadLookaheadEnabled: true
ReadLookaheadSupported: true
SecurityEnhancedEraseUnitMinutes: 0
SecurityEraseUnitMinutes: 0
SecurityFrozen: false
SmartEnabled: true
SmartFailing: false
SmartNumAttributesFailedInThePast: 0
SmartNumAttributesFailing: 0
SmartNumBadSectors: 0
SmartPowerOnSeconds: 19357200
SmartSelftestPercentRemaining: 0
SmartSelftestStatus: success
SmartSupported: true
SmartTemperature: 301.15000000000003
SmartUpdated: 1564133914
WriteCacheEnabled: true
WriteCacheSupported: true
/org/freedesktop/UDisks2/drives/hp______DVDRW__DA8AESH_4A6709918703:
org.freedesktop.UDisks2.Drive:
CanPowerOff: false
Configuration: {}
ConnectionBus:
Ejectable: true
Id: hp------DVDRW--DA8AESH-4A6709918703
Media:
MediaAvailable: false
MediaChangeDetected: true
MediaCompatibility: optical_cd
optical_cd_r
optical_cd_rw
optical_dvd
optical_dvd_plus_r
optical_dvd_plus_r_dl
optical_dvd_plus_rw
optical_dvd_r
optical_dvd_ram
optical_dvd_rw
optical_mrw
optical_mrw_w
MediaRemovable: true
Model: hp DVDRW DA8AESH
Optical: false
OpticalBlank: false
OpticalNumAudioTracks: 0
OpticalNumDataTracks: 0
OpticalNumSessions: 0
OpticalNumTracks: 0
Removable: true
Revision: XH61
RotationRate: -1
Seat: seat0
Serial: 4A6709918703
SiblingId:
Size: 0
SortKey: 00coldplug/11removable/sr0
TimeDetected: 1564097153222522
TimeMediaDetected: 0
Vendor:
WWN:
org.freedesktop.UDisks2.Drive.Ata:
AamEnabled: false
AamSupported: false
AamVendorRecommendedValue: 0
ApmEnabled: false
ApmSupported: false
PmEnabled: false
PmSupported: false
ReadLookaheadEnabled: false
ReadLookaheadSupported: false
SecurityEnhancedEraseUnitMinutes: 0
SecurityEraseUnitMinutes: 0
SecurityFrozen: false
SmartEnabled: false
SmartFailing: false
SmartNumAttributesFailedInThePast: -1
SmartNumAttributesFailing: -1
SmartNumBadSectors: 1
SmartPowerOnSeconds: 0
SmartSelftestPercentRemaining: -1
SmartSelftestStatus:
SmartSupported: false
SmartTemperature: 0.0
SmartUpdated: 0
WriteCacheEnabled: false
WriteCacheSupported: false
(END)
findmnt output
TARGET SOURCE FSTYPE OPTIONS / /dev/sdb2 ext4 rw,relatime,errors=remount-ro ├─/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/kernel/security securityfs securityfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/fs/cgroup tmpfs tmpfs ro,nosuid,nodev,noexec,mode=755 │ │ ├─/sys/fs/cgroup/unified cgroup2 cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate │ │ ├─/sys/fs/cgroup/systemd cgroup cgroup rw,nosuid,nodev,noexec,relatime,xattr,name=systemd │ │ ├─/sys/fs/cgroup/cpu,cpuacct cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct │ │ ├─/sys/fs/cgroup/pids cgroup cgroup rw,nosuid,nodev,noexec,relatime,pids │ │ ├─/sys/fs/cgroup/net_cls,net_prio cgroup cgroup rw,nosuid,nodev,noexec,relatime,net_cls,net_prio │ │ ├─/sys/fs/cgroup/devices cgroup cgroup rw,nosuid,nodev,noexec,relatime,devices │ │ ├─/sys/fs/cgroup/freezer cgroup cgroup rw,nosuid,nodev,noexec,relatime,freezer │ │ ├─/sys/fs/cgroup/rdma cgroup cgroup rw,nosuid,nodev,noexec,relatime,rdma │ │ ├─/sys/fs/cgroup/perf_event cgroup cgroup rw,nosuid,nodev,noexec,relatime,perf_event │ │ ├─/sys/fs/cgroup/hugetlb cgroup cgroup rw,nosuid,nodev,noexec,relatime,hugetlb │ │ ├─/sys/fs/cgroup/memory cgroup cgroup rw,nosuid,nodev,noexec,relatime,memory │ │ ├─/sys/fs/cgroup/cpuset cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuset │ │ └─/sys/fs/cgroup/blkio cgroup cgroup rw,nosuid,nodev,noexec,relatime,blkio │ ├─/sys/fs/pstore pstore pstore rw,nosuid,nodev,noexec,relatime │ ├─/sys/firmware/efi/efivars efivarfs efivarfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/fs/bpf bpf bpf rw,nosuid,nodev,noexec,relatime,mode=700 │ ├─/sys/kernel/debug debugfs debugfs rw,relatime │ │ └─/sys/kernel/debug/tracing tracefs tracefs rw,relatime │ ├─/sys/fs/fuse/connections fusectl fusectl rw,relatime │ └─/sys/kernel/config configfs configfs rw,relatime ├─/proc proc proc rw,nosuid,nodev,noexec,relatime │ └─/proc/sys/fs/binfmt_misc systemd-1 autofs rw,relatime,fd=26,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=15261 │ └─/proc/sys/fs/binfmt_misc binfmt_misc binfmt_misc rw,relatime ├─/dev udev devtmpfs rw,nosuid,relatime,size=3991528k,nr_inodes=997882,mode=755 │ ├─/dev/pts devpts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 │ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev │ ├─/dev/mqueue mqueue mqueue rw,relatime │ └─/dev/hugepages hugetlbfs hugetlbfs rw,relatime,pagesize=2M ├─/run tmpfs tmpfs rw,nosuid,noexec,relatime,size=805320k,mode=755 │ ├─/run/lock tmpfs tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k │ └─/run/user/1000 tmpfs tmpfs rw,nosuid,nodev,relatime,size=805320k,mode=700,uid=1000,gid=1000 │ └─/run/user/1000/gvfs gvfsd-fuse fuse.gvfsd-fus rw,nosuid,nodev,relatime,user_id=1000,group_id=1000 ├─/boot/efi /dev/sdb1 vfat rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=iso8859-1,shortname=mixed,er ├─/snap/software-boutique/39 /dev/loop1 squashfs ro,nodev,relatime ├─/snap/ubuntu-mate-welcome/313 /dev/loop2 squashfs ro,nodev,relatime └─/snap/core/6673 /dev/loop0 squashfs ro,nodev,relatime
LOL I suspected as much. You could try a Raspberry PI. There is a Kali pin testing OS for PI. They are cheap. It may be in all chips or, OS's though. Ethernet chips from china were reported as spyware in 1 article I read. Actually they said they send a signal to China. They did not know what it was for. P.S. Minux is the second OS on all intel chips. It runs in secret. AMD is probably no different. AMD and Intel had a joint operation to develop next gen processors. It could be at the processor level.
1 Like
If you don't have anything positive to add to the post, why are you even replying?
ROTFL Answers are help weather you see it or not. It may be in the chips, gives a new possibility he may not have considered. If it is the problem, he will spend lots of time trying to find a solution, that does not exist. I'd say malware you can't ferret out is, most likely embedded in the hardware or the OS. The latter can be solved the prior cannot unless you make and program the chips/processors.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.