Excuse me please?
I am completely self taught, not giving a complete run-down upon my history, suffice to say from about 1974 – present day have been learning as much as possible about computers. From Data General 19” Main Frame CPU`s through several different O/S to your system.
Not knowing anything about your system operation nor even knowing how to use said system. It has taken me since about the middle of February, 2021 to get to the point where I can give you some assistance on my issues.
The hacker, that attacked me on January 28, 2021, is back and in this Linux Mint Cinnamon v19.3 that I installed in my cpu, DELL INSPIRON 660 64bit. I do not know how to access ‘root’ to be able to remove these files, ‘help’ please? Whatever https://termbin.com/c51e , is, that is where my system report was sent by Linux Mint. Now for some data for you:
Am blocked from accessing any website requiring ‘user name’ and ‘password’ since about a week-ago, so far Linux Forums has not been hit, yet. Now have learned how it was done, the attached ‘Screen Shots’ posted in a previous message that seems to have been ignored and removed, listed five (5) folders with zero (empty) files (data). Taking up 1.1 mb...
This is what has been learned so far on just one folder located:
[Folder title is underlined, the symbol ‘ */ ’ lines are just separators of lines of data discovered, my separators.. The symbol ‘ # ’ is of course a delimiter from Basic programming, not a part of the data.]
Computer/file system/tmp/systemd-private-3d25da016fc54d9ca003bbcd99640945-colord.service-T22dVo
*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/
[This informatioon was discovered within my saved bookmark for one of my Secure links after the location of said link. That is from just one single line]
csidebar=true¤cy=USD&final_price=34700&is_recurring=false&payment_method=stripe&purchased=2665220&purchased_at=[u]1618510308[/u]&purchased_course_id=191390&purchased_list_price=34700&sale_id=82153787&tax_charge=0&user_?id=57084888
*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/
[Copied the below line of digits from the long line above and placed it in Text Editor and the next group of data is what resulted. Display lines of program commands. Next set of digits came from the long line above, underlined]
1618510308
# presents below data like commands in programming
csidebar
/usr/lib/firefox/libnssckbi.so
/usr/lib/firefox/libnssutil3.so
/usr/lib/firefox/libplc4.so
/usr/lib/firefox/libplds4.so
/usr/lib/firefox/libsmime3.so
/usr/lib/firefox/libsoftokn3.chk
/usr/lib/firefox/libsoftokn3.so
/usr/lib/firefox/libssl3.so
/usr/lib/firefox/libxul.so
/usr/lib/firefox/minidump-analyzer
*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/
191390
# duplicates the above 'csidebar' above
*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/
# both bellow produce nothing
82153787
57084888
*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/
The end of the first line of folder ‘hidden’ data. This has taken me several hours, maybe even days, to gain. Like mentioned there are five (5) lines of folders, four (4) more to go.
All within the same folder (tmp) the next line of data:
/tmp/systemd-private-fc1536d39f124319ae4bac8ffdd4d0ec-ModemManager.service-qXsHtP
Am presently working on this one, this is as far as my progress has given me.
Next one titled:
systemd-private-fc1536d39f124319ae4bac8ffdd4d0ec-rtkit-daemon.service-oukOrF
Next one titled:
systemd-private-fc1536d39f124319ae4bac8ffdd4d0ec-systemd-resolved.service-CCllKy
Last one titled:
systemd-private-fc1536d39f124319ae4bac8ffdd4d0ec-systemd-timesyncd.service-6UQzCj
NTxLSdon3 "LoneWanderer"
Have been hacked again, Win7 SP1 64 bit first time..
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Have been hacked again, Win7 SP1 64 bit first time..
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
'd' aka NTxLSdon3 "LoneWanderer" & "StarSeed"
Join us/U.S. live life as "ONE!"
Happy Thoughts & Wonderful Manifestations to all...
Join us/U.S. live life as "ONE!"
Happy Thoughts & Wonderful Manifestations to all...
Re: Have been hacked again, Win7 SP1 64 bit first time..
Win7 was EOL years ago. And it's completely utterly unsupported since over a year ago. Using it is a suicide mission now.
ps. any of that data you posted looks completely normal to what you could find in /tmp.
The problem of not being able to access sites with login/password seems like a plugin and/or security settings issue for the browser, all of which you can control.
ps. any of that data you posted looks completely normal to what you could find in /tmp.
The problem of not being able to access sites with login/password seems like a plugin and/or security settings issue for the browser, all of which you can control.
Re: Have been hacked again, Win7 SP1 64 bit first time..
This is not a simple to answer beginner question for finding your way around Linux Mint thus moved the topic here.
Is all the evidence that you've been hacked that you have these "systemd-private" files in your /tmp directory? These are normal files. These directories are file system namespaces for system services that need a private directory for temporary files. You should not be deleting these directories.
You could have made a topic here to ask "what are these files?" before jumping to conclusion. Or do an internet search asking what these system-private files in /tmp are, which would have found clues.
Is all the evidence that you've been hacked that you have these "systemd-private" files in your /tmp directory? These are normal files. These directories are file system namespaces for system services that need a private directory for temporary files. You should not be deleting these directories.
You could have made a topic here to ask "what are these files?" before jumping to conclusion. Or do an internet search asking what these system-private files in /tmp are, which would have found clues.
For those that want to know more: system services can be configured to have a new file system namespace for their processes which mounts private /tmp/ and /var/tmp/ directories that are not shared by processes outside of the namespace. This is useful to secure access to temporary files of the process, but makes sharing between processes via /tmp/ or /var/tmp/ impossible. All temporary files created by a service in these directories will be removed after the service is stopped. See the "PrivateTmp" configuration parameter in the systemd.exec manpage. There is quite a list of services that have this enabled. A
These directories are entirely unrelated to whatever is causing your website logins not to work. Which is highly unlikely to be due to a hack. More likely this is related to your web browser configuration. Suggest to create a new user account through Users & Groups, log out then log in to the new account and then try the web browser there to see if the same is present on that. Or try a different web browser.grep -Rl PrivateTmp /{etc,usr/lib}/systemd
will find most of them.Re: Have been hacked again, Win7 SP1 64 bit first time..
zcot & xenopeek,
Thank you both for the posts, a newbie, yes. Have been on Linux about a month and half. Do not know all of the ins and outs to fully use and enjoy your system. Have been on Windows since it was created about 1985 or 6, worked from a command line for years. You are not correct in me being a newbie, just because I am a curious animal and investigate things and finding out as I go is how to learn. I am a Journeyman Electronics Tech with over 70 years experience retired from Civil Service with DoD, US Air Force base, 30 years of service. Also assembled a battery operated AM radio at the age of nine (9) in 1948 on my own, my Father taught me from about age five (5).
Cannot get any secure passwords created by your software, only keyrings, nor edit on any screen shots. Spent the last week and half working on those features. Linux Mint Cinnamon v19.3 is the only software on my system, when hacked, last January Windows 7 was ended, that computer is dead as well as any other version of that bad system by Microbarf.
xenopeek,
Thank you for the info on those folders being normal. Can you tell me how to clear my cache when the 1.1 MB will not go away. This is the fist time this has occurred where not all were removed, even after closing FF and even system OFF then back on.
THANK YOU very much for this information. Now back to work learning this system.
NTxLSdon3 "LoneWanderer"
Join us/U.S. live life as "ONE"!
Thank you both for the posts, a newbie, yes. Have been on Linux about a month and half. Do not know all of the ins and outs to fully use and enjoy your system. Have been on Windows since it was created about 1985 or 6, worked from a command line for years. You are not correct in me being a newbie, just because I am a curious animal and investigate things and finding out as I go is how to learn. I am a Journeyman Electronics Tech with over 70 years experience retired from Civil Service with DoD, US Air Force base, 30 years of service. Also assembled a battery operated AM radio at the age of nine (9) in 1948 on my own, my Father taught me from about age five (5).
Cannot get any secure passwords created by your software, only keyrings, nor edit on any screen shots. Spent the last week and half working on those features. Linux Mint Cinnamon v19.3 is the only software on my system, when hacked, last January Windows 7 was ended, that computer is dead as well as any other version of that bad system by Microbarf.
xenopeek,
Thank you for the info on those folders being normal. Can you tell me how to clear my cache when the 1.1 MB will not go away. This is the fist time this has occurred where not all were removed, even after closing FF and even system OFF then back on.
THANK YOU very much for this information. Now back to work learning this system.
NTxLSdon3 "LoneWanderer"
Join us/U.S. live life as "ONE"!
'd' aka NTxLSdon3 "LoneWanderer" & "StarSeed"
Join us/U.S. live life as "ONE!"
Happy Thoughts & Wonderful Manifestations to all...
Join us/U.S. live life as "ONE!"
Happy Thoughts & Wonderful Manifestations to all...
Re: Have been hacked again, Win7 SP1 64 bit first time..
easiest way to test this "hack" --> go grab the installation media, and launch firefox from it. Try logging into one of the websites that doesn't work.
Re: Have been hacked again, Win7 SP1 64 bit first time..
Re: "This is not a simple to answer beginner question for finding your way around Linux Mint thus moved the topic here." I'm 67. been around computer Engineers since college. Learned just enough to get myself in trouble. If I had searched for "remove systemd-private" rather than just "systemd-private" I would have found this sooner and not have thrown away two perfectly good thumb drives I thought were infected. I had the exact same thing happen that NTxLSdon3 had and thought I'd been hacked. Only I started out thinking "Casper" and "quiet splash" were the problem and was searching the web and this forum for those key words. When I found they were "clean" I focused on systemd-private. I don't know enough to say leaving this on the newbie page would have helped. Maybe in two places, here and newbie? Maybe that wouldn't make any difference. The rules say no personal messages so that is why I am posting here. I teach English and we have what we call false beginners. They know intermediate or advanced phrases but not some of the basics they need to get out of the beginner stage. That is what I think I am here. A false beginner stumbling into questions who's answers are often beyond my ability to understand w/o a lot of research. I want to thank xenopeek and all the others who have helped or tried to help me in this forum. Researching your answers has taught me a lot. Among other things, I now know my computers are not infected.