![[BunsenLabs Logo]](/img/bl.svg)
You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2016-10-11 18:22:25
- kratos
- New Member
- Registered: 2015-10-02
- Posts: 2
Compromized Machine
---Mod edit - moved here, because it is a help request, not a HowTo---
my machine was very recently compromized by what i believe to be a keylogger, without going into details, I have so far not been able to isolate the program.
my next step is to:
1. install a new BIOS - newer version is available on manufacturer website
2. replace RAM module
3. replace HDD
is there anything else i should be doing?
also is there a way to examine files in the BIOS and the RAM to physically locate the malicious program. the thing seems to be activated everytime i loginto my gmail account .. this was a personal attack .. i am in littigation at the moment
thus far however i have setup a firewall and blocked all smtp imap and pop3 ports and related services in addition to blocking ftp services.
please advise.
thanks in advance.
kratos
Last edited by damo (2016-10-11 18:36:55)
Offline
#2 2016-10-11 18:40:42
- Head_on_a_Stick
- Member
- From: London
- Registered: 2015-09-29
- Posts: 9,093
- Website
Re: Compromized Machine
my machine was very recently compromized by what i believe to be a keylogger
That's an interesting theory 
Do you have any evidence?
The process tree in BL is so small that any running keylogger should be clearly visible.
Offline
#3 2016-10-11 18:45:12
- ohnonot
- ...again
- Registered: 2015-09-29
- Posts: 5,592
Re: Compromized Machine
well, first of all: don't boot the machine at all unless necessary. definitely don't boot into the compromised system; burn a live cd with the tools you wil need (such compilations exist) and work with that.
for bios and such i believe rkhunter can help (rk=rootkit)?
otherwise, it is very important to NOT PANIC! and try to really assess the problem objectively & with a calm mind.
i say it again, DO NOT BOOT THE COMPROMISED SYSTEM!
Last edited by ohnonot (2021-07-03 08:42:28)
Offline
#4 2016-10-11 18:48:05
#5 2016-10-11 20:57:14
- onlain
- Member
- Registered: 2016-04-22
- Posts: 39
Re: Compromized Machine
Well @kratos, after read this thread i'd learn a lot about BIOS keyloggers, 
. Good luck with it.
Offline
#6 2016-10-12 01:26:30
- Bearded_Blunder
- Dodging A Bullet
- From: Seat: seat0; vc7
- Registered: 2015-09-29
- Posts: 1,146
Re: Compromized Machine
Wilders Security Forums would be another good place to ask.
Blessed is he who expecteth nothing, for he shall not be disappointed...
If there's an obscure or silly way to break it, but you don't know what.. Just ask me
Offline
#7 2016-10-16 00:00:14
- martix
- Kim Jong-un Stunt Double
- Registered: 2016-02-19
- Posts: 1,267
Re: Compromized Machine
The process tree in BL is so small that any running keylogger should be clearly visible.
Well, yes, the process tree is small at the first glance, but it's still a bit confusing, if someone is not that familiar with linux. Some time ago thinking about checking a machine I really missed something like a "clean" log of programs like rkhunter, clamAV or lynis. What I mean is the log of these programs on a completely fresh (100% clean) install. Later it would be easier to check such logs and compare what is surely a false positive.
Offline
Pages: 1