Escaping major Win virus. It nearly got into Linux Mint via Update

Welcome to newcomers! Don't hesitate to introduce yourself.
Forum rules
Topics in this forum are automatically closed 6 months after creation.
Post Reply
Maor
Level 1
Level 1
Posts: 3
Joined: Fri Mar 29, 2024 3:17 pm

Escaping major Win virus. It nearly got into Linux Mint via Update

Post by Maor »

I have been wrestling with a major self-adapting virus in Win 10/11 for 10 months.
It falls into the 10-20% of viruses that are not detectible by most AV software.
Only Catchpulse flagged unsigned Win files attempting to get by.
I have decided it has an element of AI, given how it adapts to every situation quickly,
and uses social engineering to get admin privileges.

I am writing here, as I truly appreciate Linux Mint, and am just moving to it...and I want to let people know
that my invisible opponent, (on a 2nd machine I had drained and reset the BIOS) and installed a new 2TB SSD,
interfered with the second installation via bootable usb, and later emerged after the installation was verified, complete
and fully updated, to offer on-the-fly, a list of seemingly appropriate updates, which thinking I was in the clear, I accepted,
only to watch my Firewall shut down, which I flipped back on, and this back and forth went on about 10 reps....
I shut the machine down, and tried to delete the SSD...the first partition is write protected.

The point is, watch the updates carefully...I don't recall having to verify them.
And if they had succeeded to install and run, my external opponent, whoever/whatever it is,
would have had admin privileges on my machine..

Knowing what I know now about UEFI BIOS manufacturers now flashing the entire BIOS ROM,
10 months ago, I should have bought all new hardware and moved to Linux Mint.
User avatar
coffee412
Level 8
Level 8
Posts: 2251
Joined: Mon Nov 12, 2012 7:38 pm
Location: I dont know
Contact:

Re: Escaping major Win virus. It nearly got into Linux Mint via Update

Post by coffee412 »

I have to kinda doubt that a virus that ran on windows would also run on linux. If I understand this right, You got "some unknown" software installed (i.e. this virus) when doing updates?

If you post your hardware profile we can all see what repos you have active. That would be somewhere to start.
Ryzen x1800 Asus Prime x370-Pro 32 gigs Ram RX480 graphics
Dell PE T610, Dell PE T710
- List your hardware Profile: inxi -Fxpmrz
MeshCentral * Virtualbox * Debian * InvoiceNinja * NextCloud * Linux since kernel 2.0.36
Maor
Level 1
Level 1
Posts: 3
Joined: Fri Mar 29, 2024 3:17 pm

Re: Escaping major Win virus. It nearly got into Linux Mint via Update

Post by Maor »

Hi,

The first computer I installed LM on was an ancient (2007) Dell E1505 which surprised me by being 64 bit capable.

Everything went well. I saw no virus activity on this machine, after BIOS reset, and new drive installation.
I started using it to make bootable USB drives

The second installation, after BIOS reset and new drive was on a Lenovo Ideapad 5 laptop 15 ILL05
I used LVM encryption as before, and am wondering if that might have resulted in the first partition being write protected.

I know well that Linux viruses are few and far between. I did experience a cross-platform virus back circa 2017-8.
It's behavior was different in Windows, where it lurked to destroy backups, than in Linux (on the Dell again,)
where it interfered with my reformatting the infected drive.

The current virus on the Win side has been very insidious., stemming from an inside attack,
...then surreptitiously taking control of my password managers, and adapting to every countermove on my part.
...throwing up code embedded into webpages or redirecting me to false webpages...eg false Cloudfare down pages
false notifications that a given new protonmail email was not available,
...controlling my password managers in hidden ways...

So while normally a Win virus will not affect a Linux machine, it appears to me that
this is an age of AI being integrated into (KALI?) Linux based attacks,
and that such attacks "could "enter Linux Mint with Admin privileges through socially engineering false updates,
especially if true updates are not verified before upload.

I would not wish anyone to go through the difficulties I have.
User avatar
kc1di
Level 18
Level 18
Posts: 8166
Joined: Mon Sep 08, 2008 8:44 pm
Location: Maine USA

Re: Escaping major Win virus. It nearly got into Linux Mint via Update

Post by kc1di »

Hello Maor,
Welcome to Linux Mint Forum, enjoy the journey! :)
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
User avatar
JerryF
Level 16
Level 16
Posts: 6566
Joined: Mon Jun 08, 2015 1:23 pm
Location: Rhode Island, USA

Re: Escaping major Win virus. It nearly got into Linux Mint via Update

Post by JerryF »

Please open the System Reports app and click the System Information tab on the left. Your computer's information should come up in the right pane. Click the Copy button and then paste the results into a reply window here so we can see how Linux Mint views your hardware. No need to use code tags because System Information copy button already inserts the tags when you paste.
Maor
Level 1
Level 1
Posts: 3
Joined: Fri Mar 29, 2024 3:17 pm

Re: Escaping major Win virus. It nearly got into Linux Mint via Update

Post by Maor »

Hi Jerry,

Thank you. I believe that particular machine is no longer running. The moment I began to struggle with the firewall being repeatedly shutoff, I realized that that the the webpage with the second set of updates listed had been fake....that the virus had slipped in and grabbed my linux admin privileges in some way, to ensure its spread...(It openly reveals itself only in survival/spread situations). ...and I shut down the computer and immediately attempted to wipe the drive.
.
Been there, done this too way many times...7 Win10/11 computers since last May.

That said maybe the write-protected first partition might boot. I will try it this afternoon.

I appreciate your support.

Cheers!
User avatar
spamegg
Level 13
Level 13
Posts: 4994
Joined: Mon Oct 28, 2019 2:34 am
Contact:

Re: Escaping major Win virus. It nearly got into Linux Mint via Update

Post by spamegg »

Maor wrote: Fri Mar 29, 2024 6:27 pm Hi,

The first computer I installed LM on was an ancient (2007) Dell E1505 which surprised me by being 64 bit capable.

Everything went well. I saw no virus activity on this machine, after BIOS reset, and new drive installation.
I started using it to make bootable USB drives

The second installation, after BIOS reset and new drive was on a Lenovo Ideapad 5 laptop 15 ILL05
I used LVM encryption as before, and am wondering if that might have resulted in the first partition being write protected.

I know well that Linux viruses are few and far between. I did experience a cross-platform virus back circa 2017-8.
It's behavior was different in Windows, where it lurked to destroy backups, than in Linux (on the Dell again,)
where it interfered with my reformatting the infected drive.

The current virus on the Win side has been very insidious., stemming from an inside attack,
...then surreptitiously taking control of my password managers, and adapting to every countermove on my part.
...throwing up code embedded into webpages or redirecting me to false webpages...eg false Cloudfare down pages
false notifications that a given new protonmail email was not available,
...controlling my password managers in hidden ways...

So while normally a Win virus will not affect a Linux machine, it appears to me that
this is an age of AI being integrated into (KALI?) Linux based attacks,
and that such attacks "could "enter Linux Mint with Admin privileges through socially engineering false updates,
especially if true updates are not verified before upload.

I would not wish anyone to go through the difficulties I have.
This sounds like a nightmare. I think you should just ditch that system. Format, reinstall, start over. Just get rid of Windows completely.
User avatar
Pierre
Level 21
Level 21
Posts: 13211
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: Escaping major Win virus. It nearly got into Linux Mint via Update

Post by Pierre »

that is why most of us, have moved to an Linux System,
and then, after some playing around with Linux
- we all wound up using this LinuxMint System -
8)
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.
User avatar
JerryF
Level 16
Level 16
Posts: 6566
Joined: Mon Jun 08, 2015 1:23 pm
Location: Rhode Island, USA

Re: Escaping major Win virus. It nearly got into Linux Mint via Update

Post by JerryF »

spamegg wrote: Mon Apr 01, 2024 5:04 am ...
This sounds like a nightmare. I think you should just ditch that system. Format, reinstall, start over. Just get rid of Windows completely.
or, if Windows is really needed for something, set up a virtual machine of Windows.
Post Reply

Return to “Introduce Yourself”