Strange keyboard (viral?) behaviour
Philip Lykke Carlsen
plcplc at gmail.com
Mon Jun 12 16:50:01 UTC 2006
Hello all.
I don't want to cry wolf, but i think this calls for some sort of
attention :-/
Around yesterday my computer suddenly stared acting really strange :s
It started typing on its own.
and it seemed to be typing things that I had been typing over GAIM a week or
so ago, complete with typo's beeing corrected the same way that i had made
them originally.
At first I thought that i might be some attacker from outside, but after
unplugging the network, the typing persisted.
I also noted that it was bound to "pressing" the actual buttons on the
keyboard, rather than the resulting strings, as it was total nonsense at
first (given that I had been using another keyboard layout the day of writing
the text, that it was now printing on the screen), but when I changed the
layout back i recognised the text as the chat messages that I had been
writing a week before in the past.
Then I ran ps -ax as root thinking it most probable to be a virus, but I
couldn't find anything suspicious.
And even more alarming, the typing persisted when I rebooted the machine in
singleuser mode, totally distrupting the terminal.
But this at least singles out the location of the virus to be on / and not
on /usr, since it wasn't mounted at the time because of a filesystem
inconsistency.
Then I installed both f-prot and clamav, but they have yet to discover
anything. f-prot however seems to hang when it
scans /libexec/ld-elf.so.1.old, whose origin is unknown to me, though it may
have been created when i last recompiled the base system and kernel to
upgrade to 6.1. I don't know if this is of any importance however.. it's
probably just a bug in f-prot.
I tried searching for it on google, but no-one seem to have experienced
anything quite like this.
Personally it's my first ever virus infection on freebsd, so naturally I
wasn't prepared for it at all.
As the virus only seems to be outputting old chat messages, it's not actually
dangerous but just damn irritating. untill it starts outputting shell
commands, which it has yet to do.
It appears to me that I may have gotten the virus from Gaim, but this is
rather unlikely, as I'm the only one on my contact list running FreeBSD, let
alone gaim in the first place.
Any help or input would be greatly appreaciated. :-/
-PLC
More information about the freebsd-hackers
mailing list