[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 14/11/2018 08:14, Pentiddy wrote: > Hi all, > still seem to be having a few issues, and wondered if you might be able > to comment on the following entries in the syslog... > > whoopsie[1317]: [06:38:06] Cannot reach: https://daisy.ubuntu.com > nm-dispatcher: req:2 'down' [enp58s0f1]: new request (2 scripts) > nm-dispatcher: req:2 'down' [enp58s0f1]: start running ordered scripts... > > kernel: [13599.181267] wlp59s0: deauthenticating from > 00:17:3f:17:ea:21 by local choice (Reason: 3=DEAUTH_LEAVING) > > and this from the session I just started... > > Nov 14 07:37:37 pentiddy-UltraNoteIV-15 dbus-daemon[1459]: [session > uid=1000 pid=1459] Activating service > name='org.freedesktop.thumbnails.Thumbnailer1' requested by ':1.18' > (uid=1000 pid=1569 comm="Thunar --daemon " label="unconfined") > Nov 14 07:37:38 pentiddy-UltraNoteIV-15 > org.freedesktop.thumbnails.Thumbnailer1[1459]: Registered thumbailer > /usr/bin/gdk-pixbuf-thumbnailer -s %s %u %o > Nov 14 07:37:38 pentiddy-UltraNoteIV-15 > org.freedesktop.thumbnails.Thumbnailer1[1459]: Registered thumbailer > /usr/bin/gdk-pixbuf-thumbnailer -s %s %u %o > Nov 14 07:37:38 pentiddy-UltraNoteIV-15 > org.freedesktop.thumbnails.Thumbnailer1[1459]: Registered thumbailer > atril-thumbnailer -s %s %u %o > Nov 14 07:37:38 pentiddy-UltraNoteIV-15 > org.freedesktop.thumbnails.Thumbnailer1[1459]: Registered thumbailer > gnome-thumbnail-font --size %s %u %o > Nov 14 07:37:38 pentiddy-UltraNoteIV-15 dbus-daemon[1459]: [session > uid=1000 pid=1459] Successfully activated service > 'org.freedesktop.thumbnails.Thumbnailer1' > Nov 14 07:37:46 pentiddy-UltraNoteIV-15 CRON[881]: (root) CMD ([ -x > /etc/init.d/anacron ] && if [ ! -d /run/systemd/system ]; then > /usr/sbin/invoke-rc.d anacron start >/dev/null; fi) > Nov 14 07:37:50 pentiddy-UltraNoteIV-15 gvfsd-metadata[4274]: > g_udev_device_has_property: assertion 'G_UDEV_IS_DEVICE (device)' failed > > Some of these entries are possible problems maybe? > Don't like the look of the root command above- I have not set any CRON > jobs... > > If these are suspicious and therefore my system is still compromised > after a re-install, the infection must be somewhere in the files I > backed up. > I'm assuming most would now say head to windows for visrus scanning as > Mr Meowski has suggested... > > Thanks all, That's all just legit system chatter - anacron will be in charge of running standard cron stuff (check with 'systemctl status anacron' and read /etc/anacrontab) and is installed by default. Most of the rest is the thumbnailer deamon being registered for use by Thunar which wants to generate some pretty icons for you. There's a normal deauth from your wifi and the Ubuntu error reporting daemon 'whoopsie' - which you should probably apt purge - was briefly having issues talking to the homebase (daisy.ubuntu.com). By the looks of it you were just turning the system on at before 7am and whoopsie was trying to report back before networkmanager had finished doing it's thing and bringing the wifi up properly. So, all completely normal - at least from that excerpt. Problem is there are a few tens of thousands more lines like that in your logs and more being added every minute. To someone who hasn't wasted as much of their life reading logfiles as me they're pretty incomprehensible and absolutely full of stuff that _looks_ really suspect. You're _probably_ in the clear - especially as you did a clean install anyway I believe, it's just the files and data you carried over that are still worrying you? May I cautiously re-suggest that you are making things hard for yourself here. If you're that worried about this, scan all the files, with Windows. You can setup a VM with a free (as in beer, obviously, not freedom) shiny new Win10 instance in a few minutes on a fast machine and add a bunch of different scanners to it for peace of mind. Expose your suspicious files to it via a read-only share from Linux and let it loose for a while. This is an advanced sysadmin procedure we call "using the right tool for the job and not prevaricating endlessly about what might happen instead of just getting on and fixing it so we can carry on with our lives in peace". To be clear, as MJE hinted in his brave hat-endangering reply Linux virii aren't really a thing - malware certainly exists for Linux and Linux as a platform is certainly a tempting target for hackers but Linux _so far_ hasn't had any of the catastrophic Windows-type virus outbreaks that are so common in Microsoft environments. After a clean install the chance of your actual Ubuntu OS being compromised in itself is pretty insignificant but like a carrier who is immune to the virus they incubate it is definitely possible for your Linux box to be housing compromised files that will wreak havoc on any unsuspecting Windows user who opens them (or you send them to). AV for Linux isn't really AV for Linux at all - generally speaking we run it only as a courtesy to our Windows using comrades to stop accidentally passing on crap that we're immune to but they are not. This is what Clam AV is largely used for for example - it's not installed to protect the Linux host it runs on, it's really only there normally as a milter to run mail through in passing to help out the (relatively speaking) weak and sickly Windows boxes who might end up it with it in their Outlook inboxes... God help them. So just tool up with a Windows VM and get the proper scan over and done with and then you can put the whole thing behind you as a learning experience. It's either that or "take off and nuke it from orbit" which is the surefire way of killing off all malware but I'm presuming you'd like your data to actually survive so sadly you're going to have to make do with just scanning it properly. Cheers -- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq