Results 1 to 8 of 8

Thread: Boot Sector Problems and Linux

  1. #1
    Join Date
    Oct 2021
    Beans
    4

    Boot Sector Problems and Linux

    3681 / 500

    SHORT
    QUESTION 1: I installed only Linux Mint 19.3 by formatting Windows 7 Pro on my Toshiba L500 laptop, which I suspect to be affected by Boot Sector software or virus. If my laptop has a "boot sector" software or virus, will the Linux Mint operating system be affected?
    QUESTION 2: How can I understand and learn whether the Linux Mint system I have installed is a clean installation by performing security and key tests and installing it on USB SimCar, whether it is configured remotely with administrative privileges (boot phase) or is configured remotely by an outside intervention?
    QUESTION 3: Administrator, Remote Administrator, System Administrator, etc. on our computer where the Linux operating system is installed. Is it possible to detect those connected under names in Linux operating systems?

    LONG
    I started using Linux Mint for the first time in August of 2020 by formatting Windows 10 on my HP Elitebook notebook. About 2 months later, the Linux Mint operating system in my HP Elitebook, which I personally use, is not under my control; I had noticed that it was configured like a PC connected to a business network by arranging connections to a Windows device. At that time I was thinking of asking the Linux forums for help. However, as a result of a series of mistakes I made (changing BIOS settings, black screen problem, removing and installing cmos battery,...) my notebook became unusable. (If I hadn't encrypted the HDD and probably reversed the connection of the keyboard, I was close to success). I live in such a difficult situation; opening and closing only with the help of a sled; A notebook that never shuts down without the correct HDD password; It blew me away in the process. After that, I started using my Toshiba L500 laptop, which I have never used for 3-4 years, and the Windows 7 Home Premium operating system, which was preinstalled by doing a system restore without formatting. I've been checking the Windows Event Viewer on a regular basis for about 2 weeks after some doubts. But similarly, I noticed that Windows 7 Home Premium was also configured and hacked internally or remotely. On 27.10.2021, I did the basic installation of Windows 7 Professional by backing up all my data and taking some event viewer summaries and registry editor (regedit) backups from the last 4-5 days, formatting my laptop. But I've never been connected to the internet and I haven't done any Windows updates. From the event viewer, I noticed that during the 20-30 minutes of walking my dog, the Windows system was running and changes were made in the registry editor (regedit). 1-2 hours ago, I saw that a folder on my external hard drive, which was working perfectly, from which I took the backups, was encrypted and my access was blocked. Then, in the first hours of 29.10.2021, I formatted Windows 7 Pro and installed only Linux Mint 19.3 operating system from USB. File System total size was 7.60GB when I reviewed it some time after basic installation. But when I examined it a day later, the File System was 13 GB. I couldn't get any results from my internet searches about how many GB should be in the first installation of Linux Mint 19.3 (without updates). In my previous unfortunate Linux Mint experience, since the tools and applications for system configuration come via Update Manager; I haven't done any updates and I haven't set the root password yet. For at least 11 years, maybe more, I have no hacked device and no data that I have lost. In all these matters mentioned; I'm asking for help from all Linux workers who can help. 01/11/2021

    _ _ _

    KISA TÜRKÇE



    SORU 1: Boot Sector yazılımı veya virüsünden etkilendiğinden şüphelendiğim Toshiba L500 laptobuma, Windows 7 Proyu formatlayarak, sadece Linux Mint 19.3 kurdum. Şayet laptobumda, “boot sector” yazılım veya virüsü varsa, Linux Mint işletim sistemi bundan etkilenir mi?


    SORU 2: Güvenlik ve anahtar testlerini yaparak USB SimCarda yükleyerek, kurmuş olduğum Linux Mint sisteminin temiz bir kurulum olup olmadığını, içeriden yönetici yetkileriyle (boot aşamasında) hareket eden ya da dışarıdan bir müdahaleyle uzaktan yapılandırılıp yapılandırılmadığını nasıl anlayabilirim ve öğrenebilirim?


    SORU 3: Linux işletim sisteminin kurulu olduğu bilgisayarımıza Yönetici , Uzak Yönetici , Sistem Yöneticisi, vb. adlar altında bağlananları , Linux işletim sistemlerinde tespit edebilmek mümkün müdür?


    UZUN TÜRKÇE



    İlk defa Linum Mint’i, 2020 yılının Ağustos ayında, HP Elitebook notebookumda Windows 10’u formatlayarak kullanmaya başlamıştım. Yaklaşık 2 ay sonra tamamen bana ait bireysel olarak kullandığım HP Elitebookumdaki Linux Mint işletim sisteminin benim kontrolümde olmadığını; bir Windows cihaza bağlantılar düzenlenerek bir iş ağına bağlı PC gibi yapılandırıldığını farketmiştim. O tarihlerde Linux forumlarından yardım istemeyi düşünüyordum. Fakat kendi yaptığım bir dizi hata sonucu (BIOS ayarlarını değiştirmek, siyah ekran sorunu, cmos bataryayı söküp takma,...) notebookum kullanılmaz hale gelmişti. (HDD’yi şifrelememiş olsaydım ve de keybordun bağlantısını da galiba ters takmışım; başarılı olmama ramak kalmıştı). Yaşadığım böylesi zor bir durumda; sadece bir kızak yardımıyla açılıp kapanan; HDD şifresi doğru girilmeden asla kapanmayan bir notebook; beni o süreçte mahvetmiştir.
    Bundan sonra, 3-4 yıldır hiç kullanmadığım Toshiba L500 laptobumu ve hiç formatlamadan sadece sistem geri yükleme yaparak hazır kurulu olan Windows 7 Home Premium işletim sistemini kullanmaya başladım. Bazı kuşkular üzerine yaklaşık 2 haftadır hergün düzenli olarak Windows Olay Görüntüleyicisini incelemeye aldım. Fakat aynı benzer şekilde, Windows 7 Home Premium’un da içerden veya uzaktan yapılandırılmış ve hacklenmiş olduğunu farkettim.
    27.10.2021 tarihinde tüm verilerimi yedekleyerek ve kimi son 4 – 5 güne ait olay görüntüleyicisi özetleri ile kayıt defteri düzenleyicisi (regedit) yedeklemelerini alıp, laptobumu formatlayarak Windows 7 Professional’ın temel kurulumunu yaptım. Fakat hiç internete bağlanmadım ve Windows güncellemelerini yapmadım. Olay görüntüleyicisinden, köpeğimi gezdirdiğim 20 – 30 dakikalık zamana denk gelen zamanlarda, Windows sisteminin çalışmaya geçtiğini, kayıt defteri düzenleyicisinde (regedit) değişikliklerin yapıldığını farkettim. 1-2 saat önce kusursuz çalışan harici harddiskimin içindeki yedeklemeleri aldığım bir klasörün şifrelendiğini ve erişimimin engellenmiş olduğunu gördüm.
    Bunun üzerine 29.10.2021 tarihinin ilk saatlerinde Windows 7 Pro’yu formatlayarak USB’den sadece Linux Mint 19.3 işletim sistemini kurdum. Temel kurulumdan bir süre sonra incelediğimde File System toplam boyut 7,60 GB idi. Fakat bir gün sonra incelediğimde File System 13 GB idi. Linux Mint 19.3’ün ilk kurulumunda (güncellemeler olmadan ) kaç GB olması gerektiğine ilişkin yaptığım internet aramalarından bir sonuç alamadım. Önceki talihsiz Linux Mint deneyimimde, sistem yapılandırmasına ilişkin araçlar ve uygulamalar Güncelleme Yöneticisi üzerinden geldiği için ; hiçbir güncelleme yapmadım ve de yönetici (root) parolasını da halen daha ayarlamadım.


    En az 11 yıldır belki daha fazla, hacklenmeyen cihazım ve kaybetmediğim veri (data) kalmadı.


    Bahsi geçen tüm bu konularda ; yardım edebilecek tüm Linux emekçilerinden yardım talep ediyorum. 01/11/2021

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Boot Sector Problems and Linux

    Quote Originally Posted by ozgurozturk1234 View Post
    3681 / 500

    SHORT
    QUESTION 1: I installed only Linux Mint 19.3 by formatting Windows 7 Pro on my Toshiba L500 laptop, which I suspect to be affected by Boot Sector software or virus. If my laptop has a "boot sector" software or virus, will the Linux Mint operating system be affected?
    QUESTION 2: How can I understand and learn whether the Linux Mint system I have installed is a clean installation by performing security and key tests and installing it on USB SimCar, whether it is configured remotely with administrative privileges (boot phase) or is configured remotely by an outside intervention?
    QUESTION 3: Administrator, Remote Administrator, System Administrator, etc. on our computer where the Linux operating system is installed. Is it possible to detect those connected under names in Linux operating systems?
    I can't help with Windows. Sorry.
    I'm not too familiar with Linux Mint, but have a few friends who love it for a number of good reasons.

    Q1: Boot sector has been replaced by EFI partition on modern computers. If you didn't wipe the EFI partition BEFORE installing Linux, then it will be shared by the current and prior OSes. SecureBoot should prevent bogus EFI changes, but I think only Ubuntu and Redhat have valid Certs for secureboot from Microsoft. There are lots of guides around "UEFI" for all OSes. Google "UEFI Ubuntu" has a long page about it. I'd also check the Mint forums for more specific help.

    Q2: No clue about those tools. If there is any doubt at all, wipe everything and reinstall. That should just be 15 minutes of effort. In Ubuntu, no remote access is configured by default, though the first things I do is to setup an ssh-server on all my systems.

    Q3: Use the 'last' command and the 'who' command. However, that reads logs on the local system, which could be compromised. This is why Unix/Linux systems often send logs to a "log server" elsewhere on the network. Journald makes doing that much easier than it was with rsyslog, but in a home environment, that is overkill.

    Last time I was in Turkey, I learned that the govt controlled the ISPs and DNS, so you might want to use a reputable VPN with exit nodes outside Turkey for all internet connections, if that is still the situation.

  3. #3
    Join Date
    Jun 2006
    Location
    UK
    Beans
    Hidden!
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: Boot Sector Problems and Linux

    Thread moved to Mint sub-forum.
    Ubuntu 18.04 Desktop Guide - Ubuntu 20.04 Desktop Guide - Forum Guide to BBCode - Using BBCode code tags - IRC #ubuntuforums

    Member: Not Canonical Team

    If you need help with your forum account, such as SSO login issues, username changes, etc, the correct place to contact an admin is here. Please do not PM me about these matters unless you have been asked to - unsolicited PMs concerning forum accounts will be ignored.

  4. #4
    Join Date
    Oct 2021
    Beans
    4

    Re: Boot Sector Problems and Linux

    1212 / 5000






    Translation results

    Thank you TheFu for your answers; Although these were not the exact results I was looking for, I was happy that only a message I wrote in a forum was seen and answered. I tried typing "last" and "who" commands from terminal; sometimes 1 second before my system boot, sometimes 10 minutes later; first reboot and System boot information is available. As a user who has been hacked for so long, of course, I am skeptical. I have no quest to connect and communicate with Linux systems over ssh. My issue was that from my previous Linux Mint experience, my system was hijacked when I somehow installed updates via Update Manager. The results I want to achieve; Somehow entering the operating system; my computer, even though I'm only a single user; configuring my computer as if it were a computer connected to a business network; it was about events, postures and situations. The issue is that these non-virus applications; to be installed on my notebook or laptop that I use somehow, even though I don't need them, and these devices are out of my will; outside the computer I am using; It is about sharing data.





    Vermiş olduğunuz yanıtlar için teşekkür ederim TheFu ; tam aradığım sonuçlar bunlar olmasa da, sadece bir forumda yazdığım bir mesajın görülmüş ve yanıt verilmiş olması beni mutlu etti.
    Terminalden "last" ve "who" komutlarını yazarak denedim; benim sistem açılışından bazen 1 saniye önce, bazen 10 dakika sonra açılan; önce reboot ve System boot bilgisi mevcuttur. Bunca zamandır saldırıya maruz kalmış bir kullanıcı olarak elbetteki şüphe duyuyorum.
    Benim Linux sistemlerini ssh üzerinden birbirine bağlama ve iletişim kurma gibi bir arayışım yoktur. Benim meselem, önceki Linux Mint deneyimim üzerinden, Güncelleme Yöneticisi üzerinden bir şekilde güncellemeleri yüklediğimde sistemimin ele geçirilmesiydi.
    Benim ulaşmak istediğim sonuçlar ; Bir şekilde işletim sistemine giren; benim bilgisayarımı, sadece tekil bir kullanıcı olduğum halde; bilgisayarımı bir iş ağına bağlı bir bilgisayarmış gibi yapılandıran; olay, duruş ve durumlara ilişkindi.
    Mesele, virüs olmayan bu uygulamaların; benim ihtiyacım olmadığı halde bir şekilde kullandığım notebook veya laptobuma yüklenmesi ve bu cihazların benim iradem dışında; benim kullanmakta olduğum bilgisayarın dışına; veri (data) paylaşımı yapması üzerinedir.

  5. #5
    Join Date
    Jun 2014
    Beans
    6,419

    Re: Boot Sector Problems and Linux

    I installed only Linux Mint 19.3 by formatting Windows 7 Pro on my Toshiba L500 laptop, which I suspect to be affected by Boot Sector software or virus. If my laptop has a "boot sector" software or virus, will the Linux Mint operating system be affected?
    Why exactly do you suspect your machine to be affected by a boot sector virus. Do you mean in the windows boot sector? The term 'virus' used in relation to computer software simply means an execuatble file that performs some action or activity the user does not want nor expect it to do. Windows executable files won;t run on Linux nor will Linux executables run on windows.

    The Mint Live/Install iso is clean on the official repository but since we need to download the iso from the Mint repository to our computer, that means it (the iso) has to travel over hundreds of miles of wire to get to your computer. This is the reason it is always suggested that a user do an md5 checksum on the download iso file before putting it on a DVD or USB.

    Once you have done this, you will be in charge of the installation, installing software, creating direcctories and files and assignine owners:groups and permissions. Many new Linux users have difficulty with the concept of Linux being a multiuser system which they almost all are. You have the normal user and the root user (in the case of Mint, there is no separate root user by default but the primary user created during the install will have root privileges by the use of sudo so I would definitely read up on sudo usage in Ubuntu/Mint.

    Some confusing things about your posts are that you began with windows 10 then went to Mint. Some things you will need to know is your drive a GPT drive (likely if 10 was preinstalled or the older msdos type drive. If it is GPT windows will need to be set up to boot in EFI mode as will Mint. Some general information on this is available at theUbuntu Documentation site below which should also apply to Mint. Try readingit and getting a basic understanding.

    https://help.ubuntu.com/community/UEFI

  6. #6
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Boot Sector Problems and Linux

    Any programs loaded from the Canonical repos is cryptographically validated. Failure to pass the validation will cause an error and it will not be installed. If you have somehow added other repos, that is on you, but all PPAs are also cryptographically validated - not just for trust and security, but as validation that the download was unmolested.

    Programs don't magically show up on Ubuntu, unless you did something. If you only use the package manager and only use normal programs that have been well-used by millions of other people, the risk of any corruption is extremely low ... nearly zero. The crypto-math doesn't fail.

    If you actually believe your system has been hacked, somehow, much more proof will be necessary. Also, you should only run as a fully-encrypted install and take proactive steps to prevent an "evil maid" attack when you aren't with the computer. That means powering it off completely and keeping the boot files with you. LUKS encryption hasn't been hacked to my knowledge (I don't see this happening) and for the truly paranoid, like myself, you can use 2FA devices from reputable sources in a challenge-response mode to limit who can access the encrypted storage. I can be inconvenient, but that is often the price of security. I use a yubikey to unlock the storage on my laptop and when I travel to places in the world known for snooping (orgs or govts), I'll have a separate flash drive used to boot with me. Both those USB devices are never out of my sight or off my person and I power down the computer if I'm not in the same room.

  7. #7
    Join Date
    Oct 2021
    Beans
    4

    Re: Boot Sector Problems and Linux

    First of all, thank you for your answers, Yancek with TheFu. It seems as if there are some misunderstandings in our mutual communication process. I have not the slightest doubt about the security and updates of Linux Operating systems; if these updates are being sent to me from Linux Mint's main distribution networks. I installed Linux Mint on a USB Simcar by performing integrity check, md5 checksum and all security key checks. The Linux Mint operating system that I used on my HP notebook last year had been hacked definitively and understandably. I don't know exactly why. I want to learn how and where I am doing wrong and solve it. In the Toshiba laptop I am currently using, I think that the information and records regarding Windows somehow stored in the computer somehow affect the computer we are using and the operating system. (Especially via the registry editor that was hacked and changed against our will) But I can't be absolutely sure about this...

    Öncelikle vermiş olduğunuz yanıtlar için sizlere teşekkür ederim TheFu ile yancek. Sanki karşılıklı olarak yapılan iletişim sürecimimizde bazı yanlış anlamalar var gibi görünüyor. Benim Linux İşletim sistemlerinin güvenliğine ve güncellemelerine ilişkin en ufak bir şüphem yok ; eğer bu güncellemeler tarafıma, Linux Mint’in ana dağıtım ağlarından gönderiliyorsa.
    Ben Linux Mint’i bir USB Simcarda , integrity check, md5 checksum ve bütün güvenlik anahtar kontrollerini yaparak yüklemiştim.
    Geçen sene HP noteboookumda kullandığım Linux Mint işletim sistemi kesin ve anlaşılabilir şekilde hacklenmişti. Bunun sebebini tam olarak bilmiyorum.
    Ben nasıl ne şekilde nerede yanlış yapmakta olduğumu öğrenmek ve çözmek istiyorum.
    Şu an kullanmakta olduğum Toshiba laptopta da, bilgisayar içinde bir şekilde saklanan Windows’a ilişkin bilgi ve kayıtların, kullanmakta olduğumuz bilgisayarı ve de işletim sistemini bir şekilde etkilediğini düşünüyorum. (Özellikle saldırıya uğramış ve bizim irademiz dışında değişikliklere uğramış kayıt defteri düzenleyicisi üzerinden) Ama bunlardan kesin olarak emin olamam...

  8. #8
    Join Date
    Oct 2021
    Beans
    4

    Re: Boot Sector Problems and Linux

    In my first Linux Mint experience this year, between October 29th and November 5th; In the network connections section, I was seeing wireless internet and wired (wired connection 1) information. In front of Wired connection 1, I was seeing information such as sometimes 5 days ago, sometimes 3 hours ago. I couldn't understand this situation even though I didn't use any ethernet connected device. On November 5th, I noticed that Linux Mint firstly detects my Samsung external hard drive as Ethernet. Also, I noticed that if the clocks shown on the network connections are completely correct, it also detects my USB SimCard with Linux Mint installation as an Ethernet connection. When I examine the settings of Wired connection 1; that there are no passwords and security measures; I saw that the auto-connect and allow all users to use this network options were turned on. In addition, IPV4 and IPV6 are open and automatic dhcp; I noticed that wake-on-network is marked by default. Then I noticed that the MAC address shown for Wired connection 1 is completely different from both my laptop's MAC address and my router wifi's LAN and WAN MAC addresses. (The first 4 numbers or letters of my laptop's MAC address were the same, but all the remaining numbers or letters were completely different). In the past weeks, I remember seeing that my Samsung external hard drive was defined as Ethernet somewhere in the registry in Windows, which I have been using on this laptop. Now, I couldn't understand why Linux Mint also detects these devices as Ethernet connections. I immediately installed Linux Mint when I realized that the Windows I was installing 10 days ago was hacked on the same day even though I had never been connected to the internet. Linux Mint is a simple format of completely deleted Windows; can it be affected by the registry editor (regedit) changed against my will; i don't know that at all. Then I turned off all the settings and access paths of wired connection 1. I have repeatedly unplugged and plugged my Samsung external hard drive. The wired connection was no longer detected as 1. But this time, my Samsung external hard drive started to be difficult to open and would not turn off when I wanted to turn it off. When I clicked on the home directory, it gave an error and opened, albeit forcibly. Slowdowns and freezes started in my operating system. That day, I immediately formatted Linux Mint and reinstalled Linux Mint. Before starting the installation of the usb simcard Linux Mint, I went to the installation phase by entering the wired connection 1 settings in the setup usbsi and making sure that all the settings were turned off. In my 2-3 week observations, another issue is related to the "traffic statistics" data of my Router wifi. I was seeing that the WAN protocol, which has been using the 192.168.3.252 IP address for a long time, communicates with my internet every day, usually between 04.00 - 04.30 in the morning and 10.00 - 11.00 in the morning. I also don't know if the WAN protocol has anything to do with the Ethernet protocol. The reason why I focus on the WAN protocol; In the last two weeks I've been using Windows, when I left my laptop in sleep mode when I wasn't using it, it would wake up from sleep between 10:00 am and 11:00 am most days. Self-study of the system by waking up from sleep; Sometimes the application called MSINSTALLER would install new applications or updates on my computer without my knowledge. Via CMD commands; I have learned before that there is no timer application on my computer to wake my computer and the only factor that can wake it from sleep is the mouse. When I entered the router wifi web page today, I saw that the WAN protocol's communication hours with my internet were changed very regularly in the last 48 hours, and it was shown as 09.32 and 21.32 hours every day. In my Linux Mint experience last year (July 29 – November 5, 2020); Among the things that make me think my system has been hacked; First of all, I no longer had access to all of my external hard drives and USB sticks, which were all healthy before. In the Linux Mint system that I am using for personal use, I am not able to do many operations and actions that I could do using the command line in the normal user account in the first days, like a user with more and more privileges. The day has come and I have come to a stage where I have to do everything with just the sudo user account commands. Just like in my Windows experiences, I thought the Update Manager might have been hacked somehow. I was installing all incoming updates. Although I don't remember very well (all the screenshots I took are inside the HP notebook), the recent updates have been overwhelming, mostly samba, microsoft, printer, skype, libre office, google, etc. was on it. At that time, in my review on Linux Mint on my notebook, I noticed that both the samba applications I downloaded and the Linux Mint web pages had some applications that were shipped with Linux Mint by default and that it is not recommended to be configured for users who do not know how to use it. I didn't configure any apps either. I haven't touched any of the updates I've saved. I saved the incoming updates just to keep my system safe.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •