this post was submitted on 04 Sep 2025
59 points (96.8% liked)

Linux

9303 readers
307 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
59
Hacked PC - random sounds playing (sh.itjust.works)
submitted 3 days ago by LOLseas@sh.itjust.works to c/linux@programming.dev
68 comments fedilink hide all child comments
 

My fellow penguins,

I have been pwned. What started off as weeks of smiling everytime I heard a 7-10s soundbyte of Karma Factory's "Where Is My Mind" has now devolved into hearing dashes and dots (Morse Code) and my all-time favorite, a South Park S13: Dead Celebrities soundbyte of Ike's Dad saying, "Ike, we are sick of you talking about ghosts!"

It's getting old now.

I feel like these sounds should be grepable in some log somewhere, but I'm a neophyte to this. I've done a clean (secure wipe >> reinstall) already, the sounds returned not even a day later.

Distro is Debian Bookworm. So how do I find these soundbytes? And how do I overcome this persistence? UFW is blocking inbound connection attempts everyday, but the attacker already established a foothold.

Thank you in advance. LOLseas

you are viewing a single comment's thread
view the rest of the comments
[–] burntbacon@discuss.tchncs.de 7 points 3 days ago (1 children)

There are a lot of ways that the attacker could persist... maybe try a different distro, just to see if it stops? What did you redownload/install when you did your wipe? Do you have any computers on the network besides yours?

Obviously worst case for 'persisting' would be your hardware. Do you have a friend who can plug in or connect to your internet and see if they get the same blocked requests? Maybe try a different router/modem.

[–] LOLseas@sh.itjust.works 2 points 3 days ago (2 children)

QubesOS is looking mighty nice, if only I wasn't a gamer and had another GPU to dedicate to the VM's/qubes (dom0 is the baseline qube/VM, and it hijacks the GPU for itself).

I redownloaded Debian Bookworm and checked the hash, it validated. So I reinstalled with that iso from the official website.

I swapped hardware, figuring it stemmed from a SecureBoot Key ransom against MSI not too long ago. So I swapped out an MSI X570s Edge Max mobo for an Asus ROG Crosshair VIII Dark Hero. Issues came back.

[–] SkavarSharraddas@gehirneimer.de 3 points 3 days ago

There's the https://en.wikipedia.org/wiki/Sinkclose vulnerability which afaiu could compromise the CPU itself. Haven't heard about it being actually exploited, but who knows.

[–] Onomatopoeia@lemmy.cafe 1 points 3 days ago

Yea, if you swapped the hardware...