Mageia forum

[demos95]

message to delete

[demos95]

Hello,

Sorry for the late reply.
There are several points I would like to mention.

We were discussing a possible trojan infection, although nothing has been confirmed so far.
Regarding antivirus checks, we talked about using ClamAV. I also went to an IT shop and consulted a penetration testing expert.

We tested several antivirus solutions. Two of them performed bootable CD scans (Dr.Web and Kaspersky), and we also carried out an investigation using McAfee. Nothing was detected on the system.
However, I noticed an issue where a user appeared to be connected ( See previous message with Screenshot )
The person were connected at the same time as my CPU fan was running at a high level and my mouse cursor was moving on its own.

I would like to mention that after I reported this, no users were visible anymore in the who or w commands. Despite this, the issue continued.

Yesterday, I experienced the problem again while working on my personal website, which is hosted externally. The issue only occurred when using Firefox, specifically while working on WordPress.

This behaviour is very strange. The issue keeps reappearing and seems polymorphic, as it sometimes happens when I am connected to my WordPress website. I suspect that someone may have identified my IP address and is attempting to access my computer. Interestingly, the issue did not occur when I used Konqueror to access my personal website. However, my website is not fully accessible via Konqueror.
I believe there are multiple possibilities, and this issue has existed for quite some time (around one and a half years, I believe since March–April 2024). It could potentially be a brute-force attack after collecting my personal IP address.

I also noticed that when I use Microsoft Teams in Firefox, my network connection briefly goes down and then comes back up within a couple of seconds.

Because of this, and also due to yesterday’s issue with WordPress, I suspect there may be a problem with Firefox itself, but I cannot be certain. At the moment, I no longer see any connected users, yet the CPU fan still becomes noisy and the cursor continues to move.
It is difficult for me to draw a clear conclusion.

Thank you for sending me some commands earlier; I appreciate it. I will try them next time, although the issue with visible users is no longer occurring.
(Just to explain briefly) the issue appears to be polymorphic and changes behaviour over time.
At the beginning, the CPU fan was constantly running at a high level. Now, the fan increases, then decreases, then increases again. Each time I report something, the issue seems to change. I would be very grateful if I could receive help from an expert.

Additionally,
With the objective of the next Mageia release,

Can you please confirm whether you are Mageia staff when replying,
as I would like guidance on where to go for further expert analysis.

I would like to receive help from a professional, and I am willing to take my laptop to a specialist for a deeper investigation. I am also willing to pay if necessary.
I am based in the UK.
Could you please advise where I could go for a professional investigation?
I would like to help avoid any potential issues. ( But with investigation Face to Face on my laptop ) (It's long time now I'm investigating, and not so much improvement, I tried lot of things )
I believe this could be checked with help from Mozilla, but I am not sure how to proceed.

Overview (summary points):
- Suspected malware or trojan infection, but no confirmation after extensive antivirus checks (ClamAV, Dr.Web, Kaspersky, McAfee, including bootable scans).
- Unusual system behaviour observed: high CPU fan activity, mouse cursor moving on its own, and previously seeing unknown users via who / w.
- After reporting the issue, no users(External) are now visible, but abnormal behaviour continues.
- Recent issues mainly occur when using Firefox, especially while working on a WordPress site; the issue does not appear when using Konqueror.
- In the past, the issue sometimes disappeared when the Ethernet cable
- Wi-Fi is allways deactivated in Bioa and also not activated in Plasma/Dolphin in connection interface
- All other Bluetooth devices drivers are not installed. and not visible in Bios so I don't think there is bluetooth on my laptop
- Possible suspicion that the issue may be network-related, potentially involving IP exposure or brute-force attempts.
- Network instability noticed when using Microsoft Teams in Firefox (connection briefly drops and reconnects).
- Issue appears intermittent and persistent over time, making diagnosis difficult.
- User is seeking professional, in-depth investigation in the UK and is willing to pay for expert assistance.
- Linux system is fully updated with the latest version installed.

Thank you,
Demos95

[Germ]

Have a look here:
https://linuxsecurity.com/features/the- ... or-malware

Uninstall firefox, delete your profile, and start clean with firefox. Seems like the problem is related to firefox.

The Mageia team is all volunteer from the top of the organization to the bottom. From what you have said, I seriously doubt the problem is with the distro.

Other than that, I can't think of anything.

[doktor5000]

As you seem to be ignoring all the suggestions in this thread, I'm locking this thread.

If you need professional services, you can just google them for the city where you live.
You could also ask members of your local linux user group, see e.g. https://lug.org.uk/