Date: Mon, 12 Jun 2006 18:49:43 +0200 From: Philip Lykke Carlsen <plcplc@gmail.com> To: freebsd-hackers@freebsd.org Subject: Strange keyboard (viral?) behaviour Message-ID: <200606121849.45538.plcplc@gmail.com>
next in thread | raw e-mail | index | archive | help
Hello all. I don't want to cry wolf, but i think this calls for some sort of attention :-/ Around yesterday my computer suddenly stared acting really strange :s It started typing on its own. and it seemed to be typing things that I had been typing over GAIM a week or so ago, complete with typo's beeing corrected the same way that i had made them originally. At first I thought that i might be some attacker from outside, but after unplugging the network, the typing persisted. I also noted that it was bound to "pressing" the actual buttons on the keyboard, rather than the resulting strings, as it was total nonsense at first (given that I had been using another keyboard layout the day of writing the text, that it was now printing on the screen), but when I changed the layout back i recognised the text as the chat messages that I had been writing a week before in the past. Then I ran ps -ax as root thinking it most probable to be a virus, but I couldn't find anything suspicious. And even more alarming, the typing persisted when I rebooted the machine in singleuser mode, totally distrupting the terminal. But this at least singles out the location of the virus to be on / and not on /usr, since it wasn't mounted at the time because of a filesystem inconsistency. Then I installed both f-prot and clamav, but they have yet to discover anything. f-prot however seems to hang when it scans /libexec/ld-elf.so.1.old, whose origin is unknown to me, though it may have been created when i last recompiled the base system and kernel to upgrade to 6.1. I don't know if this is of any importance however.. it's probably just a bug in f-prot. I tried searching for it on google, but no-one seem to have experienced anything quite like this. Personally it's my first ever virus infection on freebsd, so naturally I wasn't prepared for it at all. As the virus only seems to be outputting old chat messages, it's not actually dangerous but just damn irritating. untill it starts outputting shell commands, which it has yet to do. It appears to me that I may have gotten the virus from Gaim, but this is rather unlikely, as I'm the only one on my contact list running FreeBSD, let alone gaim in the first place. Any help or input would be greatly appreaciated. :-/ -PLC
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606121849.45538.plcplc>