Yes, but it needed access to my filesystem to work with yabridge the wrapper that allows you to use windows vsts on Linux and my samples folder which was on my desktop. The authenticator required network access whenever I used it to validate the license so I gave it access to the filesystem and to Network. Suggest me a program anything that I can use to view the Malware. I’m on a wild goose chase, give me something to catch the geese.
Well, I’m not really trying to convince you of anything friend. Also, I did immediately caveat that I was making assumptions in the first line, so please don’t be under the impression I’m trying to prove anything to you. I already discovered and removed the schroot environment that was established on the 29th of January and was over 128tb in size. You’re asking me for evidence that this happened, but I didn’t start documenting what I was doing and collecting that until after what had already occurred in my first post. Why would I have images of the properties of the schroot to prove it to you? You can see there when it calls 20copyfiles it includes the path of the mount of the 32x linux server that rooted me. That in conjunction with the fact I don’t use tor, or have any packages from it and I don’t use VPNs. So, privoxy has no business being there. Also the additional user groups the services that aren’t bundled with avahi. The removal of cron jobs, startup scripts and everything I went over in the first post. Yeah network drop monitor service is a part of the OS, but given that this is the only log for remote-fs that I have and it coincides with the creation of the secured change of root on the 29th. I’m not suggesting that the WINE repositories are compromised just that given that that DLL was what initially triggered the anti-virus and probably where all of these trojans proliferated.
Then upon my discovery and attempted removal of the 32x ubuntu server I was rooted into, how it wiped everything from my home folder down and all of my config files. It’s like a fresh install of kde, only uglier. I don’t use cracked software man, I’m on linux, I don’t play video games, so basically all of the programs I could ever need have a FOSS equivalent. Why would I be downloading cracked windows tools? I don’t understand what you mean by I don’t know what 20copyfiles does. You don’t know what 20copyfiles does. I think I pretty well explained what I think it does in the text. Coupled with the logs, creates a picture for me. I’m just trying to find out who did this. I don’t really care whether you believe me or not. I have nothing to gain from convincing you of anything.
Edit: Also all of these windows viruses masquerading as DLLs and the fact wine is the only program with network access and access to the filesystem that isn’t a web browser. Also it is the only program on this machine that can contain a DLL, or run literally any windows software at all. If you’d like to suggest a way for me to view this Malware when I open it up in tails like absolutely, let’s see where those connections were going. Yeah, make suggestions, I’ll actually open the shit up and see what the autorun worm does and see what these trojans do. I would also love a counter theory on how Gigabytes of windows viruses could proliferate on a Linux machine without the use of the only compatibility layer capable of running any windows software that’s installed there.
All Questions, Comments and Suggestions welcome.
As I explained, I am not who this is for this is fuck tonnes of viruses delivered at once. My first post is linked at the top. It goes into detail about, what happened, how I found it and what I did immediately afterwards. Oh completely, it is about maximising return. That’s why everything is for windows, I was just unlucky enough to have a program with both network access and filesystem access that runs windows software. That’s also, why I believe this is a series of programs that were stitched together and why I believe they fail so much in the logs, because of course it’s gonna fail i the payload is syntaxed for windows and executed on Linux. They loaded ssh keys, that I know for sure. But again, as I explained, in my very detailed follow up, I believe there’s automation in creating a virtual machine that will connect to the computer’s filesystem. That’s why I was rooted with 32x Ubuntu and my housemate was connected to a windows 10 machine. I think all of their payload for delivery is based on windows. Which would make sense, one part is written to pair the machines up. So if it’s windows 10, windows 11 windows 8 etc. That’s what you’ll be rooted with. That’s what you get. I believe that worked for me, like it created a 32x ubuntu server, but then the following procedures failed.
I do go over stuff quite extensively between these two posts here, apologies if I’m curt. I lost all my information. Immigration documents, family photos, my entire hard drive. Music collection every single one of my config files, applications I built from source, specifically tailored to my hardware. have been back and forth replying to cops for days and I HATE cops. Well, to the other gentlemen I would again, love to have a counter theory as to how I have over 10GB of windows viruses and counting that wound up in the data dump of the image I took of my ssd, if it did not proliferate through WINE? WINE is the ONLY way for these programs to run on my machine. You can load ssh keys, OS doesn’t matter then. Open SSH supports Windows, Linux, FreeBSD, Android. I didn’t download double digit gigabytes of windows malware and make up a story. I don’t think the WINE repositories are compromised, that is not what I am saying at all. But since WINE is the only program with a windows registry to edit, the only one that can run Windows software and the only thing capable of loading DLL files and given the fact that the initial detection was for a remote access trojan in a fake DLL loaded into WINE (see my first post). So, I believe that the DLL that popped initially loaded ssh keys into my machine, giving them remote access as you can see in the logs. It’s frustrating because I have actually spent days digging into this, grepped log files provided images and explanations of what I believe happened timestamps and everything. and someone else can say, I don’t think that’s likely because the package for remote filesystem access already exists on your distro.
It is just so disingenuous and I really don’t like the insinuation that I have to convince someone that this happened to me when I was there, I inspected the root myself and watched everything on my machine get wiped and I am dealing with the ongoing consequences of that. I would urge you to actually read that first post and this post, rather than dismiss what I am saying as some “low level bug” because of a single comment someone else made, when I found the root 128.7TB, I saw the ports, I closed them down I go over all the persistence I had to remove in the first post. I would have to do hours of research anyway to be able to construct a story like that. I’m not gonna do that. I created an account here, just for this, because It wasn’t gonna be fuckin reddit I run to to document this.
And if you think I’m lying, help prove me wrong. Give me a suggestion for a program to view these files. I can use less but there’s a lot that isn’t human readable, I was thinking of Cuckoo to do dynamic analysis, but I fully intend to dig through all the human readable shit I can find in them, because I am not making this up. Also, you know all the images of Windows Malware being detected by ClamAV that I included. Would be the most overt evidence of Malware. I would have thought. You know, Malware that can’t actually run on Linux without the use of the compatibility layer WINE. That is the crux of the issue here for me.