Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 12 Jun 2006 20:41:54 +0200
From:      Philip Lykke Carlsen <plcplc@gmail.com>
To:        freebsd-hackers@freebsd.org
Subject:   Re: Strange keyboard (viral?) behaviour
Message-ID:  <200606122042.00928.plcplc@gmail.com>
In-Reply-To: <200606121849.45538.plcplc@gmail.com>
References:  <200606121849.45538.plcplc@gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hm. A little more research seems to have narrowed it down a bit.

Apparently the text come from my sisters windows pc and is transmitted 
realtime to my freebsd machine, peculiar as it may sound. but at least now I 
have the means to look at the problem more carefully.

But I am still at a loss as to explain how it continued typing even after I 
unplugged the network card (it's a laptop..), and how it was able to continue 
even in singleuser mode before the network had been properly set up (let 
alone plugged in at all).

mandag 12 juni 2006 18:49 skrev Philip Lykke Carlsen:
> Hello all.
>
> I don't want to cry wolf, but i think this calls for some sort of
> attention :-/
>
> Around yesterday my computer suddenly stared acting really strange :s
> It started typing on its own.
> and it seemed to be typing things that I had been typing over GAIM a week
> or so ago, complete with typo's beeing corrected the same way that i had
> made them originally.
>
> At first I thought that i might be some attacker from outside, but after
> unplugging the network, the typing persisted.
>
> I also noted that it was bound to "pressing" the actual buttons on the
> keyboard, rather than the resulting strings, as it was total nonsense at
> first (given that I had been using another keyboard layout the day of
> writing the text, that it was now printing on the screen), but when I
> changed the layout back i recognised the text as the chat messages that I
> had been writing a week before in the past.
>
> Then I ran ps -ax as root thinking it most probable to be a virus, but I
> couldn't find anything suspicious.
>
> And even more alarming, the typing persisted when I rebooted the machine in
> singleuser mode, totally distrupting the terminal.
>
> But this at least singles out the location of the virus to be on / and not
> on /usr, since it wasn't mounted at the time because of a filesystem
> inconsistency.
>
> Then I installed both f-prot and clamav, but they have yet to discover
> anything. f-prot however seems to hang when it
> scans /libexec/ld-elf.so.1.old, whose origin is unknown to me, though it
> may have been created when i last recompiled the base system and kernel to
> upgrade to 6.1. I don't know if this is of any importance however.. it's
> probably just a bug in f-prot.
>
> I tried searching for it on google, but no-one seem to have experienced
> anything quite like this.
> Personally it's my first ever virus infection on freebsd, so naturally I
> wasn't prepared for it at all.
>
> As the virus only seems to be outputting old chat messages, it's not
> actually dangerous but just damn irritating. untill it starts outputting
> shell commands, which it has yet to do.
>
> It appears to me that I may have gotten the virus from Gaim, but this is
> rather unlikely, as I'm the only one on my contact list running FreeBSD,
> let alone gaim in the first place.
>
> Any help or input would be greatly appreaciated. :-/
>
> -PLC



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606122042.00928.plcplc>