this post was submitted on 05 Aug 2023
1955 points (97.2% liked)

linuxmemes

21222 readers
113 users here now

Hint: :q!

Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
    • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
    • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

    • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
    poopsmith@lemmy.world
    zephyr@lemmy.world
    rtxn@lemmy.world
    1955
    Well that didn't go as expected... (programming.dev)
    submitted 1 year ago by gogosempai@programming.dev to c/linuxmemes@lemmy.world
    193 comments fedilink hide all child comments
     

    For those who are wondering, yes, Wine is malware compatible so be careful about the EXEs you run!

    https://wiki.winehq.org/FAQ#Is_Wine_malware-compatible.3F

    you are viewing a single comment's thread
    view the rest of the comments
    [–] Pyroglyph@lemmy.world 94 points 1 year ago (2 children)

    This happened to me not long ago when I found a monero miner running on my laptop. Being a highly technical person, I feel unbounded shame.

    [–] Tangent5280@lemmy.world 24 points 1 year ago* (last edited 1 year ago) (2 children)

    How did you figure out it was running? How did you confirm? Teach me your methods

    Please

    [–] Pyroglyph@lemmy.world 22 points 1 year ago (1 children)

    It was pretty easy to spot in htop since it had really high CPU usage. Plus, the command line args it launched with included the word "Monero" multiple times, so that was a bit of a giveaway haha

    [–] Tangent5280@lemmy.world 1 points 1 year ago (1 children)

    I sometimes leave my laptop on, but the monitor turned off when I go to sleep. Sometimes when I wake up, the fans on the laptop will be running full speed, which dies down soon after I turn the monitor on and use the laptop for a little while. Do you think this might be a symptom of some covertware running on my laptop?

    [–] Pyroglyph@lemmy.world 2 points 1 year ago (1 children)

    Perhaps.

    There may be easier ways to test for this, but what comes to mind is if you install your current OS again on another partition and then leave it as you usually do, and see if the fans do the same thing. If they do, it might just be a fault with the fan control or sleep state or something.

    If it doesn't happen, I'd assume something fishy is going on. Maybe try and set up a script to log your CPU usage and what's using the most every few minutes. That might catch something?
    I've just now had another thought. If it's trying to be covert, maybe just leave your task manager / htop open and don't touch anything for a while, it might think you're afk and start running again. If it doesn't, it could be checking to see if common monitoring tools are running and stopping itself to avoid detection, if that's the case you'll have to be a bit smarter about trying to catch it.

    tl;dr Maybe. Run a virus scan if you can, or try and find it yourself if you think you can. If all else fails, nuke the OS and start again.

    [–] Tangent5280@lemmy.world 1 points 1 year ago

    That makes sense. In the end I guess it depends on what level any malware expects the user to search for it on. Thanks.

    [–] And009@reddthat.com 3 points 1 year ago

    I might be able to find a weird service or background app at most. Figuring out what is actually happening is beyond me.

    [–] havokdj@lemmy.world 8 points 1 year ago (2 children)

    Was it still through WINE? I'd feel bad for the miner as well as it likely couldn't have done the MSR mod so low hashrate lol.

    [–] Kittenstix@lemmy.world 8 points 1 year ago (1 children)

    Feeling bad that a scammer couldn't scam hard enough is hilarious. Only in a Linux forum.

    [–] havokdj@lemmy.world 6 points 1 year ago (1 children)

    Tbf, if you get an OOTB distro infected, that is most definitely user error

    [–] ditherwither@lemmy.world 1 points 1 year ago (1 children)

    If you (somehow) manage to get gentoo or lfs infected, I'd still consider it user error lol

    [–] havokdj@lemmy.world 1 points 1 year ago

    LFS maybe, but gentoo or arch is understandable because you have to set the security up yourself.

    [–] Pyroglyph@lemmy.world 5 points 1 year ago

    Yes it was, I run Zorin (Ubuntu-based) on my laptop.