Is my OpenSUSE linux box compromised?

1

2

While trying to download one .rar attachment from gmail; OpenSUSE 12.2 (64bit) sytem started behaving weirdly.

Thunderbird opening 5-6 tabs for one email. Ideally Thunderbird should just show the content of the email in its content panel.

Firefox not accepting anything I type and firefox making google search for term decided by firefox and rejecting my search term.

Upon reboot bios says system disabled. Error Code <some long hex code here>. Is my machine COMPROMISED?

What is the step by step procedure to follow to check if my system is compromised or not? I tried rkhunter and chkrootkit. Both show normal except root ssh is enabled.

All this lasted for 2 minutes then i removed the network cable in case keylogger is installed and then forcefully rebooted the machine. After 2 minutes or so the machine went normal and now I am inside SuSe and its showing no sign of the incident.

I had this experience in the past: Very Slow DSL (ethernet) speed [New Interesting Update]

I got this error while vising one website 5 mins ago:

The page will not be loaded The page you are looking for is temporarily not available to you.

Usually this is because:

You are connecting via a Proxy
Your IP address has been blacklisted by one or more services
Your computer is exhibiting symptoms of being infected with malware

How to fix this problem:

Proxy: Stop using a proxy and try again.  
Blacklisted IP: Check your IP address on a service like What Is My IP address blacklist check and take the necessary steps to clear the reputation of your IP address
Malware: Ensure that your computer is void of any malware by running a full virus scan.

Abhijit N

Posted 2012-12-19T13:27:35.533

Reputation: 89

Hmm. This is odd. Unfortunately I don't use Linux often anymore. Therefore, the most I can suggest is to re-install the system, but that is not a very good technique. – Josiah – 2012-12-19T14:13:54.077

Looks like this duplicates other questions already about this subject. – mdpc – 2012-12-19T17:24:39.963

2I have seem similar behaviour patterns due to memory failures. Do a careful check on your hardware; run a memory test etc. (This does not rule out a compromised system, but it's a possible alternative.) – s-m-e – 2012-12-19T18:38:32.470

@mdpc amm? you mean to say everyone is getting hacked in the same way and they are posting their issues on superuser and when I was posting the question the autosearch did not shown me any already posted issue? – Abhijit N – 2012-12-20T05:20:46.237

did you run an antivirus check? – golimar – 2013-07-19T08:52:22.367

Answers

2

From what you have described, it sounds like there are a lot of issues going on. I'll included a troubleshooting checklist, then provide some specific recommendations.

Just like going to the Doctor, there are some questions that must first be answered.

1. What is the specific problem?
2. Can you reproduce the problem?
3. When did it start happening?
4. What has changed since it last worked?

You must be able to answer these questions before proceeding.

Once these questions have been answered, start with the most fundamental components, and work towards the least essential. The most fundamental being the hardware.

1. Is the hardware malfunctioning?
- Replace the hardware
- Try a different OS, on the same hardware

2. Is the software malfunctioning?
- Update the software
- Uninstall and Reinstall the software
- Scan for viruses / spyware - Create a new user account - Try a fresh OS

Specific Recommendations

Bios Warning
First of all, from the bios error you reported, it sounds like you might have a hardware issue (bad ram, bad motherboard). It's hard to tell without knowing the exact error message, but there is likely a hardware error.

Recommendations: Take the computer to a computer repair store for further diagnosing.

Firefox not accepting input
This error is hard to visualize without seeing it in action, but if firefox is acting weird, there are a few likely scenarios.

  • Corrupted Firefox Install
  • Incompatible Browser plugin

This also is unlikely to be a side affect of a compromised system.

Recommendations: Disable add-ons, update firefox, uninstall & reinstall firefox, try and reproduce in a different browser

Proxy Warnings If you are getting this error, then you are likely using a proxy. In firefox, go to Advanced -> Network -> Settings, and make sure it is set to 'use system settings'. enter image description here

Then go to YAST, and verify that you do not have a proxy configured.

Final Notes If you have followed all these steps, and are still unable to verify the source of the problem, proceed with these steps.

Create a new user account, see if the firefox, thunderbird, and proxy settings go away. Boot to a live cd, and see if the issues persists.

Contact your ISP and ask them if they are seeing any suspicious activity from your network. You could have a vm or another computer that could be causing issues.

spuder

Posted 2012-12-19T13:27:35.533

Reputation: 8 755

good advices, just about "Upon reboot bios says system disabled Error Code...." this shows to the hardware failure, but can be just because of hard reset... – Dee – 2013-07-24T19:46:27.250

Asked: 2012-12-19T13:27:35.533

Viewed: 258 times

Active: 2013-07-24T17:30:43.623