Date: Mon, 12 Jun 2006 20:41:54 +0200 From: Philip Lykke Carlsen <plcplc@gmail.com> To: freebsd-hackers@freebsd.org Subject: Re: Strange keyboard (viral?) behaviour Message-ID: <200606122042.00928.plcplc@gmail.com> In-Reply-To: <200606121849.45538.plcplc@gmail.com> References: <200606121849.45538.plcplc@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hm. A little more research seems to have narrowed it down a bit. Apparently the text come from my sisters windows pc and is transmitted realtime to my freebsd machine, peculiar as it may sound. but at least now I have the means to look at the problem more carefully. But I am still at a loss as to explain how it continued typing even after I unplugged the network card (it's a laptop..), and how it was able to continue even in singleuser mode before the network had been properly set up (let alone plugged in at all). mandag 12 juni 2006 18:49 skrev Philip Lykke Carlsen: > Hello all. > > I don't want to cry wolf, but i think this calls for some sort of > attention :-/ > > Around yesterday my computer suddenly stared acting really strange :s > It started typing on its own. > and it seemed to be typing things that I had been typing over GAIM a week > or so ago, complete with typo's beeing corrected the same way that i had > made them originally. > > At first I thought that i might be some attacker from outside, but after > unplugging the network, the typing persisted. > > I also noted that it was bound to "pressing" the actual buttons on the > keyboard, rather than the resulting strings, as it was total nonsense at > first (given that I had been using another keyboard layout the day of > writing the text, that it was now printing on the screen), but when I > changed the layout back i recognised the text as the chat messages that I > had been writing a week before in the past. > > Then I ran ps -ax as root thinking it most probable to be a virus, but I > couldn't find anything suspicious. > > And even more alarming, the typing persisted when I rebooted the machine in > singleuser mode, totally distrupting the terminal. > > But this at least singles out the location of the virus to be on / and not > on /usr, since it wasn't mounted at the time because of a filesystem > inconsistency. > > Then I installed both f-prot and clamav, but they have yet to discover > anything. f-prot however seems to hang when it > scans /libexec/ld-elf.so.1.old, whose origin is unknown to me, though it > may have been created when i last recompiled the base system and kernel to > upgrade to 6.1. I don't know if this is of any importance however.. it's > probably just a bug in f-prot. > > I tried searching for it on google, but no-one seem to have experienced > anything quite like this. > Personally it's my first ever virus infection on freebsd, so naturally I > wasn't prepared for it at all. > > As the virus only seems to be outputting old chat messages, it's not > actually dangerous but just damn irritating. untill it starts outputting > shell commands, which it has yet to do. > > It appears to me that I may have gotten the virus from Gaim, but this is > rather unlikely, as I'm the only one on my contact list running FreeBSD, > let alone gaim in the first place. > > Any help or input would be greatly appreaciated. :-/ > > -PLC
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606122042.00928.plcplc>