I've tried installing and reinstalling different versions of linux but I can't seem to get rid of what of one (or several) crackers. I've even used programs like dban and nwipe without success. I'm relatively new to linux, so I really don't know what to think or do. I've also tried HDDerase, but it doesn't seem to work (the hdderase command is not recognized and the version of the program is from 98'; similarly, when I try to install different versions of linux, I always start out with an outdated kernel). When I've been able to install chkrootkit, I've found one, and that's just the tip of the iceberg as far as weird behavior. I'll structure the rest of my post according to the suggestion here: http://ubuntuforums.org/showthread.php?t=1897765. 1. My laptop came with windows 8, but I replaced it entirely with ubuntu (though, whenever I partition, there's /dev/sda (500GB disk space) and /dev/sdb (32GB disk space), and I normally partition the latter as FAT32: not really sure what purpose that serves, but that's what was recommended to me). I don't think my computer is networked with other computers, but again, I'm new to linux. Maybe the output of netstat -tulnp will help:2. Well, there's the rootkit, the fact that my computer will only run so long after a fresh install before becoming non-functional (for any number of reasons: let me know if I should be more precise), and here's auth.log:root@ubuntu:~# netstat -tulnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 5715/vino-server tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 4375/dnsmasq tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1711/cupsd tcp6 0 0 :::5900 :::* LISTEN 5715/vino-server tcp6 0 0 ::1:631 :::* LISTEN 1711/cupsd tcp6 0 0 :::5800 :::* LISTEN 5715/vino-server udp 0 0 0.0.0.0:59360 0.0.0.0:* 1412/avahi-daemon: udp 0 0 127.0.0.1:53 0.0.0.0:* 4375/dnsmasq udp 0 0 0.0.0.0:68 0.0.0.0:* 4371/dhclient udp 0 0 0.0.0.0:5353 0.0.0.0:* 1412/avahi-daemon: udp6 0 0 :::58010 :::* 1412/avahi-daemon: udp6 0 0 :::5353 :::* 1412/avahi-daemon:Here's boot.log:Apr 11 02:42:34 ubuntu login[1952]: pam_unix(login:session): session opened for user ubuntu by (uid=0) Apr 11 02:42:34 ubuntu login[1948]: pam_unix(login:session): session opened for user ubuntu by (uid=0) Apr 11 02:42:34 ubuntu login[1963]: pam_unix(login:session): session opened for user ubuntu by (uid=0) Apr 11 02:42:34 ubuntu login[1960]: pam_unix(login:session): session opened for user ubuntu by (uid=0) Apr 11 02:42:34 ubuntu login[1961]: pam_unix(login:session): session opened for user ubuntu by (uid=0) Apr 11 02:42:44 ubuntu login[2553]: pam_unix(login:session): session opened for user ubuntu by (uid=0) Apr 11 02:42:46 ubuntu lightdm: pam_unix(lightdm-autologin:session): session opened for user ubuntu by (uid=0) Apr 11 02:42:46 ubuntu lightdm: pam_ck_connector(lightdm-autologin:session): nox11 mode, ignoring PAM_TTY :0 Apr 11 02:43:18 ubuntu polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session7 (system bus name :1.33 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Apr 11 02:44:07 ubuntu dbus[1394]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.52" (uid=999 pid=3583 comm="/usr/lib/indicator-datetime/indicator-datetime-ser") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.14" (uid=0 pid=2244 comm="/usr/sbin/console-kit-daemon --no-daemon ") Apr 11 02:48:31 ubuntu dbus[1394]: [system] Rejected send message, 2 matched rules; type="method_return", sender=":1.2" (uid=0 pid=1406 comm="/usr/sbin/bluetoothd ") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.60" (uid=999 pid=3418 comm="bluetooth-applet ") Apr 11 02:48:46 ubuntu sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/apt-get remove --purge xserver-xorg-core-lts-quantal Apr 11 02:48:46 ubuntu sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=999) Apr 11 02:49:13 ubuntu sudo: pam_unix(sudo:session): session closed for user root Apr 11 02:50:21 ubuntu sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/bin/bash Apr 11 02:50:21 ubuntu sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=999) Apr 11 03:17:01 ubuntu CRON[5730]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 11 03:17:01 ubuntu CRON[5730]: pam_unix(cron:session): session closed for user root Apr 11 03:25:03 ubuntu sudo: ubuntu : TTY=pts/2 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/bin/bashI may have botched the ending, so just to be sure it terminates with:stdin: error 0 Generating locales... en_US.UTF-8... done Generation complete. pwconv: failed to change the mode of /etc/passwd- to 0600 /usr/lib/python2.7/dist-packages/LanguageSelector/LocaleInfo.py:256: UserWarning: Failed to connect to socket /var/run/dbus/system_bus_socket: No suc$ warnings.warn(msg.args[0].encode('UTF-8')) Using CD-ROM mount point /cdrom/ Identifying.. [d0c57d030ca18c0bb771d2916a23b3e7-2] Scanning disc for index files.. Found 4 package indexes, 0 source indexes, 0 translation indexes and 1 signatures Found label 'Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release amd64 (20130213)' This disc is called: 'Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release amd64 (20130213)' Copying package lists...gpgv: Signature made Wed Feb 13 22:21:17 2013 UTC using DSA key ID FBB75451 gpgv: Good signature from "Ubuntu CD Image Automatic Signing Key " Reading Package Indexes... 0% Reading Package Indexes... 11% Reading Package Indexes... Done Writing new source list Source list entries for this disc are: deb cdrom:[Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release amd64 (20130213)]/ dists/precise/main/binary-i386/ deb cdrom:[Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release amd64 (20130213)]/ dists/precise/restricted/binary-i386/ deb cdrom:[Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release amd64 (20130213)]/ precise main restricted Repeat this process for the rest of the CDs in your set. W: Skipping nonexistent file /cdrom/dists/precise/main/binary-amd64/Packages W: Skipping nonexistent file /cdrom/dists/precise/main/binary-i386/Packages W: Skipping nonexistent file /cdrom/dists/precise/restricted/binary-amd64/Packages W: Skipping nonexistent file /cdrom/dists/precise/restricted/binary-i386/Packages Adding 'diversion of /usr/bin/bluetooth-applet to /usr/bin/bluetooth-applet.orig by casper' * Starting mDNS/DNS-SD daemon^[[164G[ OK ] * Starting load fallback graphics devices^[[164G[ OK ] * Stopping load fallback graphics devices^[[164G[ OK ] * Starting configure network device security^[[164G[ OK ] * Starting Uncomplicated firewall^[[164G[ OK ] * Starting bluetooth daemon^[[164G[ OK ] * Starting Mount network filesystems^[[164G[ OK ] * Starting Failsafe Boot Delay^[[164G[ OK ] * Stopping Mount network filesystems^[[164G[ OK ] * Starting Bridge socket events into upstart^[[164G[ OK ] * Starting CUPS printing spooler/server^[[164G[ OK ] * Stopping Failsafe Boot Delay^[[164G[ OK ] * Starting System V initialisation compatibility^[[164G[ OK ] * Starting set sysctls from /etc/sysctl.conf^[[164G[ OK ] * Starting configure network device security^[[164G[ OK ] * Starting configure network device^[[164G[ OK ] * Stopping set sysctls from /etc/sysctl.conf^[[164G[ OK ] * Starting modem connection manager^[[164G[ OK ] * Stopping load fallback graphics devices^[[164G[ OK ] * Starting configure network device security^[[164G[ OK ] * Starting Uncomplicated firewall^[[164G[ OK ] * Starting bluetooth daemon^[[164G[ OK ] * Starting Mount network filesystems^[[164G[ OK ] * Starting Failsafe Boot Delay^[[164G[ OK ] * Stopping Mount network filesystems^[[164G[ OK ] * Starting Bridge socket events into upstart^[[164G[ OK ] * Starting CUPS printing spooler/server^[[164G[ OK ] * Stopping Failsafe Boot Delay^[[164G[ OK ] * Starting System V initialisation compatibility^[[164G[ OK ] * Starting set sysctls from /etc/sysctl.conf^[[164G[ OK ] * Starting configure network device security^[[164G[ OK ] * Starting configure network device^[[164G[ OK ] * Stopping set sysctls from /etc/sysctl.conf^[[164G[ OK ] * Starting modem connection manager^[[164G[ OK ] * Starting configure network device security^[[164G[ OK ] * Starting configure network device^[[164G[ OK ] * Starting network connection manager^[[164G[ OK ] * Stopping System V initialisation compatibility^[[164G[ OK ] * Starting System V runlevel compatibility^[[164G[ OK ] * Starting restore sound card(s') mixer state(s)^[[164G[ OK ] * Starting ACPI daemon^[[164G[ OK ] * Starting save kernel messages^[[164G[ OK ] * Starting Ubuntu live CD installer^[[164G[ OK ] * Starting automatic crash report generation^[[164G[ OK ] * Starting regular background program processing daemon^[[164G[ OK ] * Starting deferred execution scheduler^[[164G[ OK ] * Stopping Ubuntu live CD installer^[[164G[ OK ] * Starting LightDM Display Manager^[[164G[ OK ] * Starting CPU interrupts balancing daemon^[[164G[ OK ] speech-dispatcher disabled; edit /etc/default/speech-dispatcher * Starting crash report submission daemon^[[164G[ OK ] * Stopping save kernel messages^[[164G[ OK ] * Starting network connection manager^[[164G[ OK ] * Stopping System V initialisation compatibility^[[164G[ OK ] * Starting System V runlevel compatibility^[[164G[ OK ] * Starting restore sound card(s') mixer state(s)^[[164G[ OK ] * Starting ACPI daemon^[[164G[ OK ] * Starting save kernel messages^[[164G[ OK ] * Starting Ubuntu live CD installer^[[164G[ OK ] * Starting automatic crash report generation^[[164G[ OK ] * Starting regular background program processing daemon^[[164G[ OK ] * Starting deferred execution scheduler^[[164G[ OK ] * Stopping Ubuntu live CD installer^[[164G[ OK ] * Starting LightDM Display Manager^[[164G[ OK ] * Starting CPU interrupts balancing daemon^[[164G[ OK ] speech-dispatcher disabled; edit /etc/default/speech-dispatcher * Starting crash report submission daemon^[[164G[ OK ] * Stopping save kernel messages^[[164G[ OK ] saned disabled; edit /etc/default/saned3. There was some odd behavior on my mom's computer (we're sharing the same, password-protected wifi, but she has a mac): downloads such as hdderase wouldn't complete, the .Trashes folder that macs put on flashdrives contained a lot of strange files (sorry I can't name them: was a while ago), etc. 4. I'm the only user. 5. SSH, VNC, FTP, MySQL, Apache HTTP: all of these services seem to come preinstalled: though, I'm installing ubuntu desktop, not ubuntu server or cloud. 6. I think that my sources are trustworthy: just the standard sources.list fomat, no ppa. 7. Pretty sure it's WPA-protected wifi but will check in the morning. 8. I've been using ufw. Apparmor seems to come preinstalled, but maybe I should look into its configuration. 9. The computer is brand-new, always passes diagnostics tests. 10. The packages that come preinstalled, the presence of a rootkit, the faulty downloads (for instance, trying to install Debian, I get version 4 point something): all repeatable. Happy to provide more info, and thanks!* Starting configure network device security^[[164G[ OK ] * Starting configure network device^[[164G[ OK ] * Starting network connection manager^[[164G[ OK ] * Stopping System V initialisation compatibility^[[164G[ OK ] * Starting System V runlevel compatibility^[[164G[ OK ] * Starting restore sound card(s') mixer state(s)^[[164G[ OK ] * Starting ACPI daemon^[[164G[ OK ] * Starting save kernel messages^[[164G[ OK ] * Starting Ubuntu live CD installer^[[164G[ OK ] * Starting automatic crash report generation^[[164G[ OK ] * Starting regular background program processing daemon^[[164G[ OK ] * Starting deferred execution scheduler^[[164G[ OK ] * Stopping Ubuntu live CD installer^[[164G[ OK ] * Starting LightDM Display Manager^[[164G[ OK ] * Starting CPU interrupts balancing daemon^[[164G[ OK ] speech-dispatcher disabled; edit /etc/default/speech-dispatcher * Starting crash report submission daemon^[[164G[ OK ] * Stopping save kernel messages^[[164G[ OK ] saned disabled; edit /etc/default/saned
Bookmarks