technology

23218 readers

2 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 5 years ago

MODERATORS

Jadzia_Dax@hexbear.net

blashork@hexbear.net

context@hexbear.net

EmmaGoldman@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

ZoomeristLeninist@hexbear.net

what to do with a machine that I KNOW is compromised (hexbear.net)

submitted 1 year ago by BurningVIP@hexbear.net to c/technology@hexbear.net

5 comments fedilink hide all child comments

SO my dumb ass ran babyFTP in windows 11 with all permissions without switching from home network to mesh network. everything was normal until my transfer suddenly stopped and when I went to restart the server it said "7 connections terminated" lenin-dont-laugh

SO what now? it had a browser vault and what I assume are decrypted emails via the Microsoft mail.

Should I dd it and do ~forensics~ as to what ran in powershell and what files changed most recently?

Nuke and pave?

is EVERY password in that browser vault burned?

all 7 comments

sorted by: hot top controversial new old

[–] Feinsteins_Ghost@hexbear.net 13 points 1 year ago

Nuke it from orbit.

[–] PaX@hexbear.net 12 points 1 year ago* (last edited 1 year ago)

Yeah, the safe path is to nuke the machine and consider all passwords compromised

What do you mean by "without switching from home network to mesh network"? What network was the system connected to? Also if you had a transfer running some FTP clients will open multiple connections to the server which could explain your "7 connections terminated" message. Can you check the FTP server logs to see what exactly happened?

[–] FumpyAer@hexbear.net 4 points 1 year ago* (last edited 1 year ago) (1 children)

Make a Medicat bootable USB and boot to the stripped down windows and do like 3 different virus scans.

Then boot without internet access, grab any files you need, and nuke it.

I'd change any important account passwords.

[–] AssortedBiscuits@hexbear.net 2 points 1 year ago (1 children)

Is there a difference between Medicat and Hiren's BootCD? I remember using Hiren's BootCD way back in the day.

[–] FumpyAer@hexbear.net 2 points 1 year ago* (last edited 1 year ago)

~~Hirens is better actually (if it's still updated) but they're both great.~~

Edit: original hirens has been out of date for over 10 years and the successor "hirens boot CD pe" very annoyingly doesn't label their releases with release dates. May or may not be up to date.