some mail apps has optional dependency on spamassassin which you may have opted to install
So you see - not rembering is not an excuse - I mean - I have a bad memory too - I have years I cannot remember due to stress thus creating massive holes in my memory.
The pacman log can be a help to lookup when certain packages was synced.
So obviously that rabbitmq package was installed as a dependency for some other package. If I search for rabbitmq in pamac and look at its info, it says
install reason: installed as a dependency for another package
Is there a way to find out which is that another package that installed it in the first place?
By the way, rabbitmq is not available in the start menu, and neither can it be run from the terminal. If I type in rabbitmq in the terminal it says command not found.
Well, Only the first command gives some information, but itās the same information that can be seen in pamacās graphical interface. It just says that itās a dependency for another package, but it doesnāt say which package.
The other two commands just give rabbitmq as the output without any other details
[ben71@ben-inspiron3521 ~]$ pacman -Qi rabbitmq
Name : rabbitmq
Version : 3.11.16-1
Description : Highly reliable and performant enterprise messaging
implementation of AMQP written in Erlang/OTP
Architecture : any
URL : https://rabbitmq.com
Licenses : MPL
Groups : None
Provides : None
Depends On : util-linux inetutils erlang-nox socat
Optional Deps : rabbitmqadmin: CLI management tool
logrotate: rotate log files [installed]
Required By : None
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 27.22 MiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Mon 15 May 2023 06:50:43 PM CEST
Install Date : Thu 08 Jun 2023 12:13:22 AM CEST
Install Reason : Installed as a dependency for another package
Install Script : Yes
Validated By : Signature
[ben71@ben-inspiron3521 ~]$ pactree -ro rabbitmq
rabbitmq
[ben71@ben-inspiron3521 ~]$ pactree -r rabbitmq
rabbitmq
Thank you for providing me with the answers so far Linux-aarhus. Looking at the transactions on that date and around that time I cannot figure out which package installed rabbitmq. But perhaps that is not the culprit.
I donāt know if you noticed that I edited my first post and added that chkrootkit found something as well. It mentions the same files that you told me might be an indication of infection.
Searching for Linux.Xor.DDoS ... /usr/bin/chkrootkit: command substitution: line 1287: syntax error near unexpected token `)'
/usr/bin/chkrootkit: command substitution: line 1287: `${ls} ${ROOTDIR}etc/cron.hourly/udev.sh ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)'
INFECTED: Possible Malicious Linux.Xor.DDoS installed
This is your original concern.
Address it.
Itās easy.
I told you how.
You essentially create a new browser profile that way.
There are other ways to achieve the same.
rkhunter is a tool you donāt know how to use
and a tool the use of which is only justified by taking for granted your assumptions ā¦
and the use of which after the fact is not how it is supposed to be used
You donāt have a virus or a malware infested system.
Fix your browser profile.
You are on the wrong track with this.
Good luck anyway! - I said I would keep out but could not resist to make this final comment.
To answer my own question - it appears that chkrootkit actually found that code in itself, in its own files. Kind of dumb for a program that is supposed to detect rootkitsā¦
A similar, or same issue appears in this forum thread:
This is something new to me, because I ran chkrootkit many times in the past, both on this one and other laptops, and it never found that āsuspicious thingā in its own files. But what do I know?
This is your original concern.
Address it.
Itās easy.
I told you how.
You essentially create a new browser profile that way.
There are other ways to achieve the same.
Okay thank you, I will try what you proposed with chrome. I already tried to reset its settings to default values from its settings menu, but that didnāt solve the issues.
I do not profess to be knowledgeable about rkhunter, but neither are 90% of other users who use it. Thatās why these forums exist, so that we can ask questions and hopefully get answers from those people who know more than us.
I realise that that program can have many false positives, and the same situation is with chkrootkit, but at least those detection tools can notify us if there is a real problem, so that we can check with other programs and other methods, and with other people who know more. I donāt take their positives at face value, and I always try to check, first on Google and then on forums like this.
While I experienced only mocking and derission when I said that I had another Linux laptop infected with rootkits and Trojans, I can only say that I assure you that it really happened. I tried to find the post where I explained that issue in great detail, but it seems that it was posted in the old Manjaro forum, which (as I understand) doesnāt exist anymore.
It happened on a different laptop, and the signs that made me think there was a rootkit included things such as:
in many cases when I downloaded a file with Firefox, only a few minutes after the file was downloaded to a specific folder, it would simply vanish, as if it was deleted, and it couldnāt be found anymore in that folder. The proof that the file has been really downloaded was still in firefoxes downloaded files screen, but it would be missing from the folder where it was supposed to be placed.
Songs and entire playlists were deleted continuously from Audacious.
Sometimes I would hear a ringing sound, like from an old fashioned telephone coming from my computer.
At one point I couldnāt even access the terminal. When I clicked the terminal icon in the start menu or in the quick access menu in Linux Mint (I had Linux Mint on that laptop), nothing would happen and the terminal wouldnāt open.
This strange behavior would continue even if I deleted the entire hard disk with something like parted magic, using its erase hard disk tool and then if I installed a fresh installation of Linux Mint. In the first few days everything would seem normal with this new Linux mint installation, and then the strange behavior would start again. One by one, all of these weird things would happen again. And yes, rkhunter and chkrootkit DID report that there were infected files.
This problem plagued me for at least one year on that laptop. Eventually, I decided to flash the BIOS with the latest version for that laptop, and that seemed to have solved the problem.
After a few months that laptop broke down because of faulty hardware, so I didnāt have enough time to test it properly. But I think I found the culprit in its BIOS. Itās as if somebody flashed the BIOS so that it would reinfect every new installation of any operating system that was installed on it.
I donāt know of any other way to infect the computerās BIOS except if somebody had physical access to that computer.
you first run it on a system that is known to be āgoodā.
(I referred you to the user guide/readme ā¦)
Then you may expect the tool to find and alert you of certain changes (to that original condition).
That is not how you used the tool.
ā¦ your other older laptop died of hardware failure (as you said)
In my mind it is reasonable that whatever issues you experienced before that where early signs of that happening - not of a rootkit or something like that.
But weāll never know about the veracity of that now, obviously.
Just speculation - not useful at all.
After reading these AI essays in combination with paranoia, i just cant help to
@Antarmanu71 let me take an educated guess:
When you reinstalled your OS and it seemed to work fine, it started to act weird AFTER you installed your rootkit check programs right?
Has it ever occurred in your mind that your own actions like installing that kind of programs is the actual cause of those āweird thingsā
Actually, I accidentally dropped that laptop, and after it hit the ground its screen stopped working. However, as I already said, it did function for about three or four months perfectly after I flashed its BIOS.
So, no, I donāt think that its possible to explain the strange behavior on that laptop with any hardware issue. After all, it was a completely new laptop, it was bought only a couple years ago, whereas the laptop that I now use is 10 years old.
I also experienced other signs (which have nothing to do with computers) that there were intruders in my apartment . For example, two of my armchairs were moved almost three meters away from the place where I left them. Second example- after I returned from a longer holiday, I found a wine cork and that plastic wrapping that goes above the cork on a wine bottle - in my bathtub! Of course I didnāt place it there, but who did?
Or, an even weirder example, once I found my kitchen knife in my fridge. That is something that I would never never ever do myself. Nobody puts a knife in the fridge, except if somebody wants to make you paranoid and harass you.
All these things are indicative of the phenomenon called gangstalking. But that is a completely different topic and this forum is hardly a proper place to discuss it. But Iām just mentioning it because I know for a fact that it is a very real phenomenon. Hacking computers is among the first things on their list to do if they want to target you.
I once had a computer that could reprogram itself, it was thought by aliens i swearā¦in fact one night i saw glimps of those aliens taking off in the skyā¦
I donāt think you read my post carefully enough. If you are talking about my old computer, the one that is not functional anymore, the āweird thingsā would start happening a few days after every new installation of the operating system. I wouldnāt have to install rkhunter or chkrootkit in order to notice that the āweird thingsā started happening again. Actually it was only late in the game, a few months before I flashed its BIOS, that I heard about RKHunter and chkrootkit and tried them on that laptop.
And no, this is not related to any paranoia. I think we should all listen to each other more carefully, without premature judgment, especially when that judgment is based on our pre-learned notions or what is possible, and what is not possible, which we absorb from our education and society. Iām all for the scientific approach to all problems in life, and yes I know about the Occamās razor. But sometimes (not often, but sometimes) a more complicated explanation is the correct one after all.
There is no contradiction. I can give you many examples where a more complicated or unlikely (or even hardly believable) explanation was the correct one, and those that claimed that the more simple explanation is the correct one were proven wrong.
Take for example Dr Barry Marshall, who discovered helicobacter pillory and hypothesized that it was the main cause of most of the ulcers and gastitis. In the beginning, he and his colleague Robin Warren experienced only mocking and their paper was dismissed as utter rubbish. At that time nobody believed that there could be a bacterium that lived in the stomach acid, much less that it could be the cause of ulcers.
However, he was sure that he was right, and since his first attempts to prove his theory with piglets failed, he drank a culture of helicobacter pillory himself, and after only a few days developed gastritis, which was proven by endoscopy. To cut the long story short, his theory is now fully accepted by medical science and he and his colleague were awarded the Nobel prize for the discovery. You can read more about it here:
In case you suspect someone entering your place without permission it would be best to go to the police and report it as soon as you notice it.
And since you also mentioned that it has happened multiple times, ot seems pointless to fix your install without āfixingā the suspected source: someone entering your place.
In addition you mentioned power cuts. in my experience, those can seriously harm an install as files might get corrupted. Therefore, the weird behaviour of chrome might be caused by that.
Using a fresh profile or even reinstalling chrome or any other affected software might help.
Have you also checked the health of your drives? They might start failing, due to old age or other damage, which might cause data loss as well.
Especially with mechanical drives, certain incidences like falling down can damage the surface, which in turn causea data loss and might even spreadā¦