Nightmare! Badly need help! [solved]

[wakish]

I got a bad shock today!! (I have mandriva2006 - i686)

It all started when i was browsing the net with opera 9.01..

Just suddenly, everything was not under my control... i could not click on anything..and my browser went mad.. i tried to close..after some 5tries, it closed!

But then when i attempted to re-boot from start-menu..all my clicks was not working..

So, i put-off main power and re-start my pc..

I thought it was ok this time..but damm.. my system went CRAZY!!!! Even my bash shell wnet mad.. I have something exactly like this on my bash-shell:

,,,,,,,,,,,,,,,,,,,,[wakish@localhost,,,,,,,,,,,,,,,,,],,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, (this "," went on FOREVER and EVER!!)

 

Now, i cannot re-boot from the linux OS..so i use main power to shut-down.

My next reflex is to RE_INSTALL linux..BUT this time

I'M TERRIFIED!!!!!!!!!!!!!

I have severals partitions on my pc..out of which i run linux for main purposes and for internet.. and i have a winXP os for my course-works..etc.. I CANNOT EVEn run my winXP.

Even when i re-boot from main power, i CANNOT access my BIOS!!!! An unsual screen just pop-up instantly showing a weird boot menu..but i CANNOT STILL do anything..everything is just like freezed!!

Also note that, i use ranish boot manager..and each time i have to get that boot manager to pop-up to choose my os.. but now cannot see that boot manager since i get the thing said above.

 

All that happen early this morning..i really really desperate.. i need my pc, i have IMPORTANT projects to submit for my course..and alll work to do..

 

Please guys/friends try to help me out.. i'm really in a bad state...

Edited September 30, 2006 by wakish

[ianw1974]

I can only think you had some ports open and shorewall configured to allow these ports through, and someone connected to your machine over SSH and did something.

 

Either that, or your machine has got screwed up some other way.

 

If someone did get into your machine, then you better do a fresh install. I would however, attempt booting the Mandriva CD1 and then booting into rescue mode. Press ESC at the loading screen, and when you see the menu, mount all your partitions and exit to the prompt.

 

Then take a look in the /mnt/var/log directory to find out if anyone has connected to your machine. Main ones are /var/log/messages but there are also others that will relate to security and access to your machine.

[neddie]

Also make sure your comma key on your keyboard isn't stuck down. Give it a wiggle and check your keyboard connection isn't loose.

[wakish]

Guys the problem is that, i CANNOT boot on an OS now..

As soon as my pc boots, it get by-passed and it freezes.. i cannot even go on my bios to even run a live distro...

I'm thinking i should reset CMOS?

 

Damm...crackers are really sick people..

[Gowator]

wakish, unless you ran random scripts from these sites or were running as root or in Windows then I don't think that your bios was comprimised and I tend to agree with neddie....

 

Have you tried booting with a different keyboard? if the keyb is faulty then of course you can't access bios ...because you can't press the key..... this can also occur if the keyb controller chip goes so it thinks a key is stuck....

 

Try and slow down at not panick.... or you could end up doing more damage...

[wakish]

@ianw1974:

I could was not able to boot get through the logs.. but in any case if i was able, how do i know if it was compromised?

 

@Gowator

i have not run such kind of scripts Gowator...

I have tested my keyboard with another pc..it works fine..it's a recent keyboard..

 

I went un-plugging some of the parts of my pc...and re-assembled them again.. and i have reset the CMOS/ BIOS.. this way, i now can access the bios and just re-set the cylinder values of my partitions (thats the beauty of ranish rpm)

I booted from my winXP..no damage seems to have been done since i never used it for internet..and thank God my DATA partition seems to be ok too..

but my linux still had that crazy behaviour..

I have just finished re-installing linux again..now it's working..

I still cannot understand what has happened...(Any idea about this guys?)

Besides, i have used the FTP program (i think it's called gFTP) almost everyday for several hours for my web-works..

Could that have created a hole somewhere?

Damm..never saw my pc mad like this before..

 

Anywayz, But now i need to be serious about securing my pc.. till now i have just use linux without caring about avs or firewalls..just knew shorewall was here running..lol

Can you guys advice me about this?

I guess shorewall is not really good.. or perhaps i went faulty somewhere...

Edited September 29, 2006 by wakish

[ianw1974]

You can look in /var/log/messages by doing:

 

cat messages | grep ssh

 

and it will list the connections that have been done, and where they came from. By looking at the /var/log/auth.log file you can see who has used superuser mode if they created a user and logged in as a standard user.

 

However, if you've reinstalled, this won't be of any use now. But maybe for the future when you boot the livecd and check it out through here. Of course, on a livecd it will be /mnt/var/log/messages or /mnt/var/log/auth.log since the /var/log will be the livecd area.

[spinynorman]

Test your firewall at www.auditmypc.com or somewhere similar.

[Shadowchaser]

wakish,

Just wondering what kind of motherboard do you have? the reason is a couple of years ago i had the same problems it turn out to be the Bios Chip was going defective and on occasion like hot or humid days it would start behaving wierd

for instance you saw " ,,,,,,,,,,,,,,,,,,,[wakish@localhost,,,,,,,,,,,,,,,,,],,,,,,,,,,,,,,,,,,,,,,,,,,

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

,,,,,,,,,,,,,,

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, "

 

I saw this HHHHHHHHHHHHH[shadowchaser@HHHHHLocalhost]HHHHHHHHHHHHHHHHHHHHHHHHHHhhhhh etc.

the pointer arrow (mouse) would move randomly on it's own... Anyway it turn out to be the Bios Chip so you might want to get it check out...

good luck,

SC

[pmpatrick]

wakish, the chances of you being hacked in linux in the weird, destructive manner you describe and your windows and data partition being intact is practically zero IMHO. I'm fairly certain this is a hardware problem. It might be the bios chip as noted above. Other things to check, your ram(mtest) and your hard drive(manufacturer's hard drive diagnostic utilities). You may also want to check your power supply but you need special equipment for that.

[wakish]

Oh..perhaps you guys are right...i don't know..

But i don't blame linux, since i LOVE linux...and no way am i going to drop it..

My motherboard is asus and my RAM is kingstone..

 

Currently, i'm moving from winter to summer...and in the day its becoming hot..

 

Yeah it could have been a hardware temporary problem..as i said i have dettached my hard-drive, pci cards, memory ..cmos battery..etc.. and then i have re-assembled them..

After that my pc, got fine..

 

I really hope it's not a hacking/cracking problem... it's always better to have hardware issue than the latter..

Edited September 30, 2006 by wakish