Can anyone explain what is going on with the locations of the devices as shown in the screenshot which can be found on my Imgur page via this link?
In order to be complete please:
- use a new / different router - possibly the agreeable individual who will let you use their connection
- completely wipe out your UM computer
- download the UM install from your agreeable individual's computer
- leave your smartphone at your house
- do NOT connect any other device to the router other than your UM computer
good luck!
- Your Western Digital 500GB Hard drive has an unknown format type
- The OCTET-STREAM format is used for file attachments on the Web with an unknown file type. These .octet-stream files are arbitrary binary data files that may be in any multimedia format.
- The file system is consuming about 27GB with about 202 GB free space
- Boot repair is more than likely from Windows
Do you know what's the status of the remaining 220 GB?
Are you dual booting UM and Win?
How did you format the WD?
not like that ......never have don't even know how
Is this the new computer that you installed UM?
If so what choice did you make when installing?
Did it come from manufacturer with Win installed?
Rev. 1 - Updated reply to include information about google drive, collaboratory and onedrive
@ pfeiffep This isn't a new PC. It did come with Windows installed but i have long since removed Windows and installed UM. The choices I selected during install , where all the normal choices, not opting for the logical volume install with encryption and using a single partition with a UEFI boot partition. Nothing fancy or special, just trying to keep everything simplified for trouble shooting.
As I suspected, while using the PC yesterday, I powered off my phone and then when I went to either open a new web page or a new tab or the page just refreshed (I cant remember) it immediately popped up an error screen stating that it couldn't locate the proxy server I had been using. Everything is getting piped through my phone for redirection, but not all the time. I don't understand how that is possible considering I pulled out an older router which I've flashed on ddwrt firmware, went through the settings and have not connected the phone to it.
One other thing that happened I've been forgetting to post is that recently, I had uploaded a few files to my one drive and then a little while later or the next day accessed my google drive and found exactly what I had uploaded to my one drive in my google drive. I get the distinct impression that whenever I use Firefox or almost any other browser, that I am using a version of chrome with some sort of overlay for what I think I'm using for a browser. I'm not sure what could be going on there but though it may be worth mentioning. Also, late yesterday evening I decided I was going to close all of my google accounts, went into the main one that I use and deleted all of my emails. Right after deleting the emails, another paged opened up for google collaboratory (or something like that), that showed what seemed to be an account of mine but I have never heard collaboratory and definitely never created an account for this service. I will be calling google momentarily to find out more about it and what's why I have an account along with any others that I may not know about.
I'm willing to help you with the strategy I've already outlined. Providing symptoms from devices connected to a compromised network will only frustrate you. In order to 100% remedy this situation you need to start with a completely clean computer and router.
Please pick ONE computer, preferably a laptop, that you can wipe completely clean. Than proceed with proposed strategy. I strongly suggest a 2-3 day time frame to complete. This might seem extreme, but to my mind it's nothing when compared to the 2+ years that you've been suffering. You've been posting about this now for 7 days
Research Minux. All PC's with intel chips run Minux in the background. Ever wounder why PC's got more powerful and slower? They are running 2 OS's at once. I'll bet this is where the back doors come from. Don't know what to do except, buy AMD. https://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/
Felicidando !
You address it very well !
Such an amazing job ....
Rev. 1 - Added udisksctl output. The findmnt output is added in the next reply.
@pfeiffep I appreciate your input and help. I've been trying to find a friend willing to let me do what you've outlined, and it hasn't been easy to find someone willing. Everyone that I know, is fully aware of this problem and to be honest, they don't want anything to do with it. Thankfully, one friend gave me the green light. Over the next few days, I will be following your suggestions, step by step as you've recommended and I will report back with the results when finished, but it will take me a few days because I still need to get the equipment and I also have work to attend to.
@Johnl Strangely enough, the AMD's are more affected by this malware than the Intel design as well as the MiniX PC's, having owned one, which become infected.
Additional Events and Information to Share
In the mean time, I wanted to share that I had one of my computers (the 1st one which was infected) at a local repair shop to see if there was anything they may pickup on and or do, which I haven't already. Unfortunately, the results were unsatisfactory but they did wipe the drive, flash the BIOS and reinstalled Windows 10 (not by request). I had also given them a router which I felt had problems and possibly was infected but they reported that nothing seemed out of the ordinary.
After I got the PC home, I turned it on but before letting it boot, went in and reconfigured the BIOS, adding passwords to both boot the PC and also access the BIOS settings. The main changes in the settings included, enabling secure boot, resetting and enabling the TPM, resetting the secure boot keys, updating the date and time along with some minor changes to the power and performance configuration. I did not connect, and still have not connected, any means that will accept or transfer a wireless or IR signal and have not connected it to the internet. The only connections made have been a hardwired keyboard and mouse, two monitors, desktop speakers, incoming power and a securely wiped USB. I booted once to Windows to see that they had installed a couple of AV programs, WD disk utilities for (2) 1Tb HDD's installed in the PC, and Samsung Magician Software for (2) 500Gb SSD's also installed in the tower.
I opened the Magician software to check a couple of settings and used the utility to generate a boot-able USB (securely wiped) to securely erase that particular SSD make/model, which is a built in feature for that drive. Everything seemed to be going smoothly but I hadn't really started probing to see if any of the typical red flags were present. Next I rebooted to the BIOS settings and disabled the drive with Windows 10 installed, created a RAID 0 with the (2) WD HDD's and then installed UM there. As the PC started to boot to the trusted UM install media, the first error appeared and one that I see quite frequently, indicating a bug in the TPM and issues with the ACPI.
I proceeded with the install, recording the command line output generated in the process. I then gathered the system logs which show all of the same indicators I am accustom to seeing. I also examined the result of "udisksctl dump", finding that to be useful in the past. I've seen the information before but was just trying to make more sense of it because what is shown for the loop devices can't be seen by the command findmnt or fdisk -l , which i thought strange. Please see an example below, which shows multiple loop devices and also shows that they are part of a RAID configuration (no relation to the RAID 0 I created) and depending on which device, there are multiple symbolic links associated with each device.
Some of the symlinks are normal I'm sure but the ones that raised my eyebrows were the ones associated with the optical drive. I still haven't been able to clearly understand what is being done with the links but I believe there are malicious files hiding behind the cover of the physical optical drive device designation and are somehow protected by the symbolic links due to the fact that the link and not the file is affected when performing typical file operations. I'm sure there is more to what I am trying to elude to because I don't understand it fully but maybe there is enough of an idea shown that someone can recognize/understand what exactly is going on and whether or not it holds any significance to the problem.
Over the course of several boots and more inspection, the indicators only became more apparent and I saw most problems originating from the direction of the optical drive behavior when used with boot-able media and also from using/enabling the TPM and UEFI secure boot mode.
I know that proof of concept exists, showing vulnerabilities with the UEFI and TPM and how they can be affected and infected by malware, but I am not familiar with it being done in "the wild". Does anyone know of a specific malware that targets the UEFI/TPM? If that were to be the source of infection/persistence, does anyone know if or how to deal with removing such an infection or if it is even possible? I know clearing the TPM and resetting the secure boot keys does not do anything to help. I also noted somewhere along the course of these events that there was strong indication of problems associated with the "Rapl" driver (i may be mistaken of the name/acronym), but can't offer much more than that with respect to what was seen exactly.
Some other interesting events I think are worth mentioning are: 1. while tying to use the Magician generated boot-able USB for secure erase on one of my other PC's with the same SSD I suspect to have infected firmware, I received an error message stating that the drive does not support secure erase but I am 100% positive that it does, having done it on other of the same drives in the past and also told that it has the capability by the manufacturer. 2. While trying to confirm my theory of protected, malicious files hiding behind symlinks, I attempted to erase any such file using the dd command and directing the copy of /dev/zero to the path of the symlink(s) .
The results varied with each symlink, being successful and writing up to 5Gb of data with some of the links but the last one I made the attempt on, not being able to recall which link now, crashed the live media I was booted to almost instantly after executing the command but I gave the command with arguments to an offline device (I do remember that much), which shouldn't have cause a system crash when booted to an alternate environment.
udisksctl output
/org/freedesktop/UDisks2/Manager: org.freedesktop.UDisks2.Manager: SupportedFilesystems: ext2 ext3 ext4 vfat ntfs exfat xfs reiserfs nilfs2 btrfs minix udf f2fs swap Version: 2.8.2 /org/freedesktop/UDisks2/block_devices/loop0: org.freedesktop.UDisks2.Block: Configuration: [] CryptoBackingDevice: '/' Device: /dev/loop0 DeviceNumber: 1792 Drive: '/' HintAuto: false HintIconName: HintIgnore: false HintName: HintPartitionable: true HintSymbolicIconName: HintSystem: true Id: IdLabel: IdType: squashfs IdUUID: IdUsage: filesystem IdVersion: 4.0 MDRaid: '/' MDRaidMember: '/' PreferredDevice: /dev/loop0 ReadOnly: true Size: 93581312 Symlinks: UserspaceMountOptions: x-gdu.hide org.freedesktop.UDisks2.Filesystem: MountPoints: /snap/core/6673 Size: 0 org.freedesktop.UDisks2.Loop: Autoclear: true BackingFile: /var/lib/snapd/snaps/core_6673.snap SetupByUID: 0 /org/freedesktop/UDisks2/block_devices/loop1: org.freedesktop.UDisks2.Block: Configuration: [] CryptoBackingDevice: '/' Device: /dev/loop1 DeviceNumber: 1793 Drive: '/' HintAuto: false HintIconName: HintIgnore: false HintName: HintPartitionable: true HintSymbolicIconName: HintSystem: true Id: IdLabel: IdType: squashfs IdUUID: IdUsage: filesystem IdVersion: 4.0 MDRaid: '/' MDRaidMember: '/' PreferredDevice: /dev/loop1 ReadOnly: true Size: 16384 Symlinks: UserspaceMountOptions: x-gdu.hide org.freedesktop.UDisks2.Filesystem: MountPoints: /snap/software-boutique/39 Size: 0 org.freedesktop.UDisks2.Loop: Autoclear: true BackingFile: /var/lib/snapd/snaps/software-boutique_39.snap SetupByUID: 0 /org/freedesktop/UDisks2/block_devices/loop2: org.freedesktop.UDisks2.Block: Configuration: [] CryptoBackingDevice: '/' Device: /dev/loop2 DeviceNumber: 1794 Drive: '/' HintAuto: false HintIconName: HintIgnore: false HintName: HintPartitionable: true HintSymbolicIconName: HintSystem: true Id: IdLabel: IdType: squashfs IdUUID: IdUsage: filesystem IdVersion: 4.0 MDRaid: '/' MDRaidMember: '/' PreferredDevice: /dev/loop2 ReadOnly: true Size: 90845184 Symlinks: UserspaceMountOptions: x-gdu.hide org.freedesktop.UDisks2.Filesystem: MountPoints: /snap/ubuntu-mate-welcome/313 Size: 0 org.freedesktop.UDisks2.Loop: Autoclear: true BackingFile: /var/lib/snapd/snaps/ubuntu-mate-welcome_313.snap SetupByUID: 0 /org/freedesktop/UDisks2/block_devices/loop3: org.freedesktop.UDisks2.Block: Configuration: [] CryptoBackingDevice: '/' Device: /dev/loop3 DeviceNumber: 1795 Drive: '/' HintAuto: false HintIconName: HintIgnore: false HintName: HintPartitionable: true HintSymbolicIconName: HintSystem: true Id: IdLabel: IdType: IdUUID: IdUsage: IdVersion: MDRaid: '/' MDRaidMember: '/' PreferredDevice: /dev/loop3 ReadOnly: false Size: 0 Symlinks: UserspaceMountOptions: org.freedesktop.UDisks2.Loop: Autoclear: false BackingFile: SetupByUID: 0 /org/freedesktop/UDisks2/block_devices/loop4: org.freedesktop.UDisks2.Block: Configuration: [] CryptoBackingDevice: '/' Device: /dev/loop4 DeviceNumber: 1796 Drive: '/' HintAuto: false HintIconName: HintIgnore: false HintName: HintPartitionable: true HintSymbolicIconName: HintSystem: true Id: IdLabel: IdType: IdUUID: IdUsage: IdVersion: MDRaid: '/' MDRaidMember: '/' PreferredDevice: /dev/loop4 ReadOnly: false Size: 0 Symlinks: UserspaceMountOptions: org.freedesktop.UDisks2.Loop: Autoclear: false BackingFile: SetupByUID: 0 /org/freedesktop/UDisks2/block_devices/loop5: org.freedesktop.UDisks2.Block: Configuration: [] CryptoBackingDevice: '/' Device: /dev/loop5 DeviceNumber: 1797 Drive: '/' HintAuto: false HintIconName: HintIgnore: false HintName: HintPartitionable: true HintSymbolicIconName: HintSystem: true Id: IdLabel: IdType: IdUUID: IdUsage: IdVersion: MDRaid: '/' MDRaidMember: '/' PreferredDevice: /dev/loop5 ReadOnly: false Size: 0 Symlinks: UserspaceMountOptions: org.freedesktop.UDisks2.Loop: Autoclear: false BackingFile: SetupByUID: 0 /org/freedesktop/UDisks2/block_devices/loop6: org.freedesktop.UDisks2.Block: Configuration: [] CryptoBackingDevice: '/' Device: /dev/loop6 DeviceNumber: 1798 Drive: '/' HintAuto: false HintIconName: HintIgnore: false HintName: HintPartitionable: true HintSymbolicIconName: HintSystem: true Id: IdLabel: IdType: IdUUID: IdUsage: IdVersion: MDRaid: '/' MDRaidMember: '/' PreferredDevice: /dev/loop6 ReadOnly: false Size: 0 Symlinks: UserspaceMountOptions: org.freedesktop.UDisks2.Loop: Autoclear: false BackingFile: SetupByUID: 0 /org/freedesktop/UDisks2/block_devices/loop7: org.freedesktop.UDisks2.Block: Configuration: [] CryptoBackingDevice: '/' Device: /dev/loop7 DeviceNumber: 1799 Drive: '/' HintAuto: false HintIconName: HintIgnore: false HintName: HintPartitionable: true HintSymbolicIconName: HintSystem: true Id: IdLabel: IdType: IdUUID: IdUsage: IdVersion: MDRaid: '/' MDRaidMember: '/' PreferredDevice: /dev/loop7 ReadOnly: false Size: 0 Symlinks: UserspaceMountOptions: org.freedesktop.UDisks2.Loop: Autoclear: false BackingFile: SetupByUID: 0 /org/freedesktop/UDisks2/block_devices/sda: org.freedesktop.UDisks2.Block: Configuration: [] CryptoBackingDevice: '/' Device: /dev/sda DeviceNumber: 2048 Drive: '/org/freedesktop/UDisks2/drives/Samsung_SSD_850_EVO_500GB_S2RANX0J126811D' HintAuto: false HintIconName: HintIgnore: false HintName: HintPartitionable: true HintSymbolicIconName: HintSystem: true Id: by-id-ata-Samsung_SSD_850_EVO_500GB_S2RANX0J126811D IdLabel: IdType: IdUUID: IdUsage: IdVersion: MDRaid: '/' MDRaidMember: '/' PreferredDevice: /dev/sda ReadOnly: false Size: 500107862016 Symlinks: /dev/disk/by-id/ata-Samsung_SSD_850_EVO_500GB_S2RANX0J126811D /dev/disk/by-id/wwn-0x5002538d41b21caf /dev/disk/by-path/pci-0000:00:17.0-ata-1 UserspaceMountOptions: /org/freedesktop/UDisks2/block_devices/sdb: org.freedesktop.UDisks2.Block: Configuration: [] CryptoBackingDevice: '/' Device: /dev/sdb DeviceNumber: 2064 Drive: '/org/freedesktop/UDisks2/drives/External_USB_3_2e0_0000007788CF' HintAuto: true HintIconName: HintIgnore: false HintName: HintPartitionable: true HintSymbolicIconName: HintSystem: false Id: by-id-usb-External_USB_3.0_0000007788CF-0:0 IdLabel: IdType: IdUUID: IdUsage: IdVersion: MDRaid: '/' MDRaidMember: '/' PreferredDevice: /dev/sdb ReadOnly: false Size: 500107862016 Symlinks: /dev/disk/by-id/usb-External_USB_3.0_0000007788CF-0:0 /dev/disk/by-path/pci-0000:00:14.0-usb-0:2:1.0-scsi-0:0:0:0 UserspaceMountOptions: org.freedesktop.UDisks2.PartitionTable: Partitions: ['/org/freedesktop/UDisks2/block_devices/sdb1', '/org/freedesktop/UDisks2/block_devices/sdb2'] Type: gpt /org/freedesktop/UDisks2/block_devices/sdb1: org.freedesktop.UDisks2.Block: Configuration: [('fstab', {'fsname': , 'dir': , 'type': , 'opts': , 'freq': <0>, 'passno': <1>})] CryptoBackingDevice: '/' Device: /dev/sdb1 DeviceNumber: 2065 Drive: '/org/freedesktop/UDisks2/drives/External_USB_3_2e0_0000007788CF' HintAuto: true HintIconName: HintIgnore: true HintName: HintPartitionable: true HintSymbolicIconName: HintSystem: false Id: by-id-usb-External_USB_3.0_0000007788CF-0:0-part1 IdLabel: IdType: vfat IdUUID: 0B43-24E7 IdUsage: filesystem IdVersion: FAT32 MDRaid: '/' MDRaidMember: '/' PreferredDevice: /dev/sdb1 ReadOnly: false Size: 536870912 Symlinks: /dev/disk/by-id/usb-External_USB_3.0_0000007788CF-0:0-part1 /dev/disk/by-partlabel/EFI\x20System\x20Partition /dev/disk/by-partuuid/1e1cfc67-99c3-484a-8b32-17c363879651 /dev/disk/by-path/pci-0000:00:14.0-usb-0:2:1.0-scsi-0:0:0:0-part1 /dev/disk/by-uuid/0B43-24E7 UserspaceMountOptions: org.freedesktop.UDisks2.Filesystem: MountPoints: /boot/efi /org/freedesktop/UDisks2/block_devices/sdb2: org.freedesktop.UDisks2.Block: Configuration: [('fstab', {'fsname': , 'dir': , 'type': , 'opts': , 'freq': <0>, 'passno': <1>})] CryptoBackingDevice: '/' Device: /dev/sdb2 DeviceNumber: 2066 Drive: '/org/freedesktop/UDisks2/drives/External_USB_3_2e0_0000007788CF' HintAuto: true HintIconName: HintIgnore: false HintName: HintPartitionable: true HintSymbolicIconName: HintSystem: false Id: by-id-usb-External_USB_3.0_0000007788CF-0:0-part2 IdLabel: IdType: ext4 IdUUID: 0b400dad-73e2-4a6e-ac78-4cb3be87f730 IdUsage: filesystem IdVersion: 1.0 MDRaid: '/' MDRaidMember: '/' PreferredDevice: /dev/sdb2 ReadOnly: false Size: 499568869376 Symlinks: /dev/disk/by-id/usb-External_USB_3.0_0000007788CF-0:0-part2 /dev/disk/by-partuuid/82331e69-4b4a-4ea5-9acc-ef1cd3d1157b /dev/disk/by-path/pci-0000:00:14.0-usb-0:2:1.0-scsi-0:0:0:0-part2 /dev/disk/by-uuid/0b400dad-73e2-4a6e-ac78-4cb3be87f730 UserspaceMountOptions: org.freedesktop.UDisks2.Filesystem: MountPoints: / Size: 499568869376 org.freedesktop.UDisks2.Partition: Flags: 0 IsContained: false IsContainer: false Name: Number: 2 Offset: 537919488 Size: 499568869376 Table: '/org/freedesktop/UDisks2/block_devices/sdb' Type: 0fc63daf-8483-4772-8e79-3d69d8477de4 UUID: 82331e69-4b4a-4ea5-9acc-ef1cd3d1157b /org/freedesktop/UDisks2/block_devices/sr0: org.freedesktop.UDisks2.Block: Configuration: [] CryptoBackingDevice: '/' Device: /dev/sr0 DeviceNumber: 2816 Drive: '/org/freedesktop/UDisks2/drives/hp______DVDRW__DA8AESH_4A6709918703' HintAuto: true HintIconName: HintIgnore: false HintName: HintPartitionable: false HintSymbolicIconName: HintSystem: false Id: IdLabel: IdType: IdUUID: IdUsage: IdVersion: MDRaid: '/' MDRaidMember: '/' PreferredDevice: /dev/sr0 ReadOnly: true Size: 0 Symlinks: /dev/cdrom /dev/cdrw /dev/disk/by-id/ata-hp_DVDRW_DA8AESH_4A6709918703 /dev/disk/by-path/pci-0000:00:17.0-ata-2 /dev/dvd /dev/dvdrw UserspaceMountOptions: /org/freedesktop/UDisks2/drives/External_USB_3_2e0_0000007788CF: org.freedesktop.UDisks2.Drive: CanPowerOff: true Configuration: {} ConnectionBus: usb Ejectable: false Id: External-USB-3.0-0000007788CF Media: MediaAvailable: true MediaChangeDetected: true MediaCompatibility: MediaRemovable: false Model: USB 3.0 Optical: false OpticalBlank: false OpticalNumAudioTracks: 0 OpticalNumDataTracks: 0 OpticalNumSessions: 0 OpticalNumTracks: 0 Removable: true Revision: 0203 RotationRate: -1 Seat: seat0 Serial: 0000007788CF SiblingId: /sys/devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0 Size: 500107862016 SortKey: 00coldplug/12removable/sd____b TimeDetected: 1564097153087822 TimeMediaDetected: 1564097153087822 Vendor: External WWN: /org/freedesktop/UDisks2/drives/Samsung_SSD_850_EVO_500GB_S2RANX0J126811D: org.freedesktop.UDisks2.Drive: CanPowerOff: false Configuration: {} ConnectionBus: Ejectable: false Id: Samsung-SSD-850-EVO-500GB-S2RANX0J126811D Media: MediaAvailable: true MediaChangeDetected: true MediaCompatibility: MediaRemovable: false Model: Samsung SSD 850 EVO 500GB Optical: false OpticalBlank: false OpticalNumAudioTracks: 0 OpticalNumDataTracks: 0 OpticalNumSessions: 0 OpticalNumTracks: 0 Removable: false Revision: EMT02B6Q RotationRate: 0 Seat: seat0 Serial: S2RANX0J126811D SiblingId: Size: 500107862016 SortKey: 00coldplug/00fixed/sd____a TimeDetected: 1564097153087507 TimeMediaDetected: 1564097153087507 Vendor: WWN: 0x5002538d41b21caf org.freedesktop.UDisks2.Drive.Ata: AamEnabled: false AamSupported: false AamVendorRecommendedValue: 0 ApmEnabled: false ApmSupported: false PmEnabled: true PmSupported: true ReadLookaheadEnabled: true ReadLookaheadSupported: true SecurityEnhancedEraseUnitMinutes: 0 SecurityEraseUnitMinutes: 0 SecurityFrozen: false SmartEnabled: true SmartFailing: false SmartNumAttributesFailedInThePast: 0 SmartNumAttributesFailing: 0 SmartNumBadSectors: 0 SmartPowerOnSeconds: 19357200 SmartSelftestPercentRemaining: 0 SmartSelftestStatus: success SmartSupported: true SmartTemperature: 301.15000000000003 SmartUpdated: 1564133914 WriteCacheEnabled: true WriteCacheSupported: true /org/freedesktop/UDisks2/drives/hp______DVDRW__DA8AESH_4A6709918703: org.freedesktop.UDisks2.Drive: CanPowerOff: false Configuration: {} ConnectionBus: Ejectable: true Id: hp------DVDRW--DA8AESH-4A6709918703 Media: MediaAvailable: false MediaChangeDetected: true MediaCompatibility: optical_cd optical_cd_r optical_cd_rw optical_dvd optical_dvd_plus_r optical_dvd_plus_r_dl optical_dvd_plus_rw optical_dvd_r optical_dvd_ram optical_dvd_rw optical_mrw optical_mrw_w MediaRemovable: true Model: hp DVDRW DA8AESH Optical: false OpticalBlank: false OpticalNumAudioTracks: 0 OpticalNumDataTracks: 0 OpticalNumSessions: 0 OpticalNumTracks: 0 Removable: true Revision: XH61 RotationRate: -1 Seat: seat0 Serial: 4A6709918703 SiblingId: Size: 0 SortKey: 00coldplug/11removable/sr0 TimeDetected: 1564097153222522 TimeMediaDetected: 0 Vendor: WWN: org.freedesktop.UDisks2.Drive.Ata: AamEnabled: false AamSupported: false AamVendorRecommendedValue: 0 ApmEnabled: false ApmSupported: false PmEnabled: false PmSupported: false ReadLookaheadEnabled: false ReadLookaheadSupported: false SecurityEnhancedEraseUnitMinutes: 0 SecurityEraseUnitMinutes: 0 SecurityFrozen: false SmartEnabled: false SmartFailing: false SmartNumAttributesFailedInThePast: -1 SmartNumAttributesFailing: -1 SmartNumBadSectors: 1 SmartPowerOnSeconds: 0 SmartSelftestPercentRemaining: -1 SmartSelftestStatus: SmartSupported: false SmartTemperature: 0.0 SmartUpdated: 0 WriteCacheEnabled: false WriteCacheSupported: false (END)
findmnt output
TARGET SOURCE FSTYPE OPTIONS / /dev/sdb2 ext4 rw,relatime,errors=remount-ro ├─/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/kernel/security securityfs securityfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/fs/cgroup tmpfs tmpfs ro,nosuid,nodev,noexec,mode=755 │ │ ├─/sys/fs/cgroup/unified cgroup2 cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate │ │ ├─/sys/fs/cgroup/systemd cgroup cgroup rw,nosuid,nodev,noexec,relatime,xattr,name=systemd │ │ ├─/sys/fs/cgroup/cpu,cpuacct cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct │ │ ├─/sys/fs/cgroup/pids cgroup cgroup rw,nosuid,nodev,noexec,relatime,pids │ │ ├─/sys/fs/cgroup/net_cls,net_prio cgroup cgroup rw,nosuid,nodev,noexec,relatime,net_cls,net_prio │ │ ├─/sys/fs/cgroup/devices cgroup cgroup rw,nosuid,nodev,noexec,relatime,devices │ │ ├─/sys/fs/cgroup/freezer cgroup cgroup rw,nosuid,nodev,noexec,relatime,freezer │ │ ├─/sys/fs/cgroup/rdma cgroup cgroup rw,nosuid,nodev,noexec,relatime,rdma │ │ ├─/sys/fs/cgroup/perf_event cgroup cgroup rw,nosuid,nodev,noexec,relatime,perf_event │ │ ├─/sys/fs/cgroup/hugetlb cgroup cgroup rw,nosuid,nodev,noexec,relatime,hugetlb │ │ ├─/sys/fs/cgroup/memory cgroup cgroup rw,nosuid,nodev,noexec,relatime,memory │ │ ├─/sys/fs/cgroup/cpuset cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuset │ │ └─/sys/fs/cgroup/blkio cgroup cgroup rw,nosuid,nodev,noexec,relatime,blkio │ ├─/sys/fs/pstore pstore pstore rw,nosuid,nodev,noexec,relatime │ ├─/sys/firmware/efi/efivars efivarfs efivarfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/fs/bpf bpf bpf rw,nosuid,nodev,noexec,relatime,mode=700 │ ├─/sys/kernel/debug debugfs debugfs rw,relatime │ │ └─/sys/kernel/debug/tracing tracefs tracefs rw,relatime │ ├─/sys/fs/fuse/connections fusectl fusectl rw,relatime │ └─/sys/kernel/config configfs configfs rw,relatime ├─/proc proc proc rw,nosuid,nodev,noexec,relatime │ └─/proc/sys/fs/binfmt_misc systemd-1 autofs rw,relatime,fd=26,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=15261 │ └─/proc/sys/fs/binfmt_misc binfmt_misc binfmt_misc rw,relatime ├─/dev udev devtmpfs rw,nosuid,relatime,size=3991528k,nr_inodes=997882,mode=755 │ ├─/dev/pts devpts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 │ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev │ ├─/dev/mqueue mqueue mqueue rw,relatime │ └─/dev/hugepages hugetlbfs hugetlbfs rw,relatime,pagesize=2M ├─/run tmpfs tmpfs rw,nosuid,noexec,relatime,size=805320k,mode=755 │ ├─/run/lock tmpfs tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k │ └─/run/user/1000 tmpfs tmpfs rw,nosuid,nodev,relatime,size=805320k,mode=700,uid=1000,gid=1000 │ └─/run/user/1000/gvfs gvfsd-fuse fuse.gvfsd-fus rw,nosuid,nodev,relatime,user_id=1000,group_id=1000 ├─/boot/efi /dev/sdb1 vfat rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=iso8859-1,shortname=mixed,er ├─/snap/software-boutique/39 /dev/loop1 squashfs ro,nodev,relatime ├─/snap/ubuntu-mate-welcome/313 /dev/loop2 squashfs ro,nodev,relatime └─/snap/core/6673 /dev/loop0 squashfs ro,nodev,relatime
LOL I suspected as much. You could try a Raspberry PI. There is a Kali pin testing OS for PI. They are cheap. It may be in all chips or, OS's though. Ethernet chips from china were reported as spyware in 1 article I read. Actually they said they send a signal to China. They did not know what it was for. P.S. Minux is the second OS on all intel chips. It runs in secret. AMD is probably no different. AMD and Intel had a joint operation to develop next gen processors. It could be at the processor level.
If you don't have anything positive to add to the post, why are you even replying?
ROTFL Answers are help weather you see it or not. It may be in the chips, gives a new possibility he may not have considered. If it is the problem, he will spend lots of time trying to find a solution, that does not exist. I'd say malware you can't ferret out is, most likely embedded in the hardware or the OS. The latter can be solved the prior cannot unless you make and program the chips/processors.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.