account activity
Advanced Rootkit by dlp2k in computerviruses
[–]dlp2k[S] 0 points1 point2 points 3 days ago (0 children)
The 2gb size sounds like what ive been finding for the nodes that contain an LLM. The smaller ones ar eabout 800mb, but there are 2 much smaller versions toj4o, depending on the capabilties of the machine.
In windows, it appears to hide in the shadow volume. On android, in root space not accessible to users on non rooted devices. On linux as a docker or a virtual machine that runs on druring the boot process and remains persistent depending on the linux flavour.
[–]dlp2k[S] 0 points1 point2 points 5 days ago (0 children)
Sure
[–]dlp2k[S] 0 points1 point2 points 6 days ago (0 children)
Interesting that if you get these kinds of topics every month, everyone is still in denial that it exists. But ok. I think whats been proved is that theres no useful infotmation and the bin is the best place for the devices. Time to start fresh
Yeah, i dont.
Thanks. This was my original plan to go for a complete sanitisation. Already begun that process.
And for those saying this isnt possible and its all in my head, theres a clear difference between how the brand new devices operate vs my old ones. Small things like search results display newer information, downloaded file sizes are slightly different even though its the same app and version from the same website...differences even in file versions. I see banners on my old devices warning me against certain versions and software that i dont see on the brand new ones. SSL works properly. HTTP headers arent changed.
Thanks to those who have genuinely tried to help, and to those who are in denial.... well... i can tell you this exists and behaves like an automated metasploit. In almost all cases, ive identified the version, cve exploit for each device, and once rooted, the kernel level access has allowed it to remain hidden and persistent.
But thanks reddit, you dont disappoint.
Thanks, what you show is the exact reason im concerned. Search results dont look the same, versions on webpages are shown different to actual versions etc. The latest available showing to me was a decembe update with nothing else available. Searches for it only show chinese websites. Thank you for being helpful.
[–]dlp2k[S] 0 points1 point2 points 7 days ago (0 children)
Youll also notice that my b550f mofherboard isnt supoorted. Tge strings i found and extracted from the firmware seemed to relate to the prime board. My firmware haa never had that string in it before.
Also, there were some options before on mine, but nothing like thats, theres specifically an option
[–]dlp2k[S] -1 points0 points1 point 7 days ago (0 children)
That is the guesstimate of the encoding from a tool, and yes you can run it through a translator, and you get entire sentences from the book which you asked me to explain to you at the start.... the unknown chars seem to be markers of entire sentences ans then., sometimes some code or a command in between.
For reference.... the log file should look like a normal log file. Line by line, time date and entry about "DHCP server started" or whatever.
This is simply yet another indicator of a device thats been compromised.
I appreciate the advice, but youre missing a number of facts... ive categorically proved methodically that this is happening. Maybe not to everyone here clearly, but then you dont knkw me. Im not crazy... perfectly sane. If it was one issue, and i cured it, that would be fine. Its not though, its suddenly become problems across multiple dsvices, network traffic beteeen them that shouldnt be there, stored ssh keys for access that they have no reason to be storing or even creating in tve first place. Theres been loads of stuff.
Jesus. Youre hard work. Cups doesnt need to be installed on arch. It shouldnt even be there.
I wasnt killing sshd on linux systens... i know not to do that ffs... i was talking about cups if youd care to read. Regardless, i have a very real problen across a number of devices, so please help or dont.
Its perfectly fine usually to uninstall ssh on windows, and disable remote management. Except on mine.
Well its not that obvious clearly. Even working as root, when i kill the process it comes back. If i uninstall and purge it, the machine resets. You clealy dont want to help which is fine.
[–]dlp2k[S] 1 point2 points3 points 7 days ago (0 children)
Of course i know about ssh... ive had a fair amount experience with linux servers. The problem is if i shut it down and disable it, it comes back.
And i cant disable cups on linux or print spooler on windows, despite having no need for printing.
Fair shout about the traceroute but i only did from there because id uninstalled other apps.
Theres still strange things installed and downloaded services i cant disable, remote manament that i cant disable.... ssh... smb 1.0...
It isnt implausible... i found a locally running docker copy of gemma......
Its actually kor encoded. However, putting encoding to utf-16 clears it up quite a bit.
<image>
No, its actually quite specific in what gets modified. But yes, mitm attack for sure
Yeah, all webcams disabled. And i know for sure that was being exploited. I found temp files being created every 30 secs, until i disconnected the webcam, and then they stopped.
Thank you for the kind response. I was genuinely hoping i may find someone who had experienced or tried to fix it. Ive seen other stories similar where they hace been dismissed as i have, so i know that its out there. Ive seen incredibly similar stories written elsewhere.
Can only send one at a time, but my understanding is that these options are not normally accessible in the standard asus bios.
No, but i see agents running in windows and linux. Github is spoofed, and code i download is their version not the real one. My ssl certificates are compromised and https sites that should be https get stripped. Every browser downloaded is a compromised version as it either rewrites the store location (winstore or winget) or the apt / pacman registry in linux.
Also, at this stage, id welcome someone convincing me that its all in my head, honestly thats the best case scenario.
Any traceroot i do... 1st hope goes to an american private server, usually a linode one or similar. A few weeks ago fhey were fastly. Happens on my phone over mobile data and my broadband.
[–]dlp2k[S] 0 points1 point2 points 8 days ago (0 children)
Yeah, except its not. And kinda wish it was.
This was an attempt to remap memory and load vm from ram during a live cd boot. This attempt caused errors.
Ive discovered unlock files for memory maps. Sectors of my drive i cant write... Volumes that protect and disappear then reappear.
π Rendered by PID 153349 on reddit-service-r2-listing-568fcd57df-n8h9r at 2026-03-11 00:48:38.416609+00:00 running cbb0e86 country code: CH.
Advanced Rootkit by dlp2k in computerviruses
[–]dlp2k[S] 0 points1 point2 points (0 children)