Knoppix malware?

Discussion in 'Computer Security' started by sadielucas, Jul 19, 2011.

  1. sadielucas


    Jul 19, 2011
    Likes Received:
    I'm a Tulane EE in grad school. I built my first PC at 3 1/2 years. I also have 20+ years experience with my family's computer service firm. Enterprise systems and data farms are my passion. I KNOW malware when I see it.

    I am running the latest Knoppix Live, using WiFi, and the malware (or whatever) consistently returns. This code has disabled six PCs with various OSs complete with all the updates: XP, XP64, Vista, 7, Debian, Knoppix, Ubuntu... Using a script to configure ipchains to disable access from the outside is futile - the malcontent tunnels through the firewall and performs its dirtywork.

    I disconnected the hard disks and simply use two cdroms for the live cds. I use the box until it is disabled by the malware, remove the CMOS battery and clear the CMOS, download a fresh copy of a live distribution with a clean(?) Mac, install a new motherboard, processor and memory. The same result ALWAYS happens in a very short time (with the Windows PCs, the box was disabled in 15 seconds).

    DNS is screwed, ubiquitous scripts are run that change commands, man info, menus, keyboard strokes file listings on cds... the list goes on. Any thoughts? Thank you in advance.

    By the way, it IS possible for the OS to change CMOS settings running Knoppix from a cd: last night the processor fan was disabled and the processor voltage increased until the chip released the pungent odor of burning electrical components. I thought it was my mistake and setup another PC with four fans glued to one another and a huge copper heat sink (cooling fins >4"). I set the processor temp to 100 degrees Farenheit - the contraption sounded like a prop plane. The same result - disabled CPU fan and increased CPU voltage. Ah, the pungent, and not fragrant aroma of burnt silicone.

    Also the Knoppix CD provides a utility for writing to CMOS, BIOS and whatever chips. I have a log script that calls for a hack of the CMOS password, changes settings, and writes code to the chip.

    This is not a delusion. I have voluminous amounts of log files and scripts that appear to be from other sources than the software publishers. Any help would be appreciated. My dad (35 years in the business) has never witnessed such behavior.

    sadielucas, Jul 19, 2011
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.