Will do as soon as reinstall 3 is done. I’m reverting back to Debian 12 “Bookworm” as I don’t trust any newly downloaded iso’s aren’t getting tampered with. I noticed a mismatch on the hash for a newly downloaded Gentoo LiveUSB image and its .iso.sha256 file. I reset my router back to factory settings in the meantime. Fresh admin password, fresh SSID and keyphrase. Only wireless device on network is my phone, also reflected on router wireless page.

I did a ‘netstat --verbose’ and had these connections after a reboot, did not launch the browser.

Thanks for your input!

Downloaded the Gentoo LiveUSB image again from a running Gentoo LiveUSB session, from gentoo.org and also the .iso.sha256 file. Ran ‘sha256sum’ on both files. They mismatch. Photo included.

I do. But I counter with this: I had never even heard of the band Karma Factory until that soundbyte played. With the help of an F-droid app on my phone, “Audile”, I was able to quickly mic the soundbyte and that helped me figure out the song clip. There is absolutely no chance Steam factored into this lolfest.

I couldn’t wait for the next soundbyte, so I checked the running sound-inputs.log and noticed a few entries for Chromium. I don’t use it, nor have I ever installed it on this system. Did a ‘which chromium-browser’ and got no hits. Yet it’s mentioned a few times in the log. Thoughts?

Edit: typo

Thanks, I ran the above watch command with ‘pw-cli list-objects’ and will report back upon the next occurence. It’s been quiet these past few hours. Thanks for helping a fellow penguin! Much appreciated, all of you.

Sadly not. Debian Bookworm pw-cli manpage

Thanks so much!

Yes, did a ClamAV with recursive scan, no hits.

Edit: typo

‘pw-cli clients’ didn’t work. Maybe it’s deprecated? I can’t find mention of ‘clients’ in the pw-cli manpage.

No discord.

I would love to catch the event, but it’s sporadic. I stumbled across the gnome-logs package and see concerning events such as “Warning: writing to insecure memory!” from a running service: tracker-extract-3.service. But that service, though named intimidatingly, just watches the file directory for updates/new files.

I’m dealing with Morse Code atm and it’s a welcomed relief from the South Park or Karma Factory bytes.

Also, I installed Ventoy on my USB drive and put a Gentoo Live iso as well as Debian, Slax, and QubesOS. I intend to reinstall (thinking of starting with Gentoo).

Then I tried unmounting it. It hung with “device busy” for a solid 6 minutes, and finally ejected. New fear is the attacker is altering the iso files I’m putting on the drive. So I ran sha256sum -c [Gentoo.iso filename] against the SHA256 hash from gentoo.org and it completed as OK but bitched about 12 lines improperly formatted. I’m spitballing again on what to do.

Also, how can I get Lemmy to show codecommands formatting? I use Jerboa but don’t see a code block option.

I am a networking neophyte. Though I bought a Netgate 1100 appliance (pfSense supported). I want to get it up and running, just want to solve the PC problem first.

I’ve done a few nMaps and saw lots of connections I didn’t recognize. I had a large WireShark pcap I was ferreting around in, but like I said, I don’t know enough to do it justice. I went downthre rabbit hole and before long I was considering Suricata as an IDS/IPS. I felt like I was reachjng a bit far, when up till now it’s localized to the PC and maybe (idk) the ISP router.

I’ve just got the one PC. E-recycled all my Thinkpads, I’m now running an AMD Ryzen 9 16-core CPU, 64GB CL14 RAM (1:1 IF) full-ATX rig. And I love her.

No ideer. And no ideer. I’m finally trying to do some serious damage control, but it’s been a real headscratcher. I was amused at first, I have a good sense of humor. Until they started with “long dash- dot dot… dot dot… dot”. I’ll save you looking it up, they told me to off myself. That’s not funny anymore. Thus Lemmy post.

I have an A/V Receiver that goes out to a 6.3mm/half-inch jack headphones, and I mostly listen through the 2-channel phones out. But sometimes I run my 5.1 surround sound. Does not happen when the PC is off. I checked all cables, everything seems in order. No tap.

Guilty of reusing credentials. Strong password, but reused.

I use my ISP’s router and their built-in firewall is saying Enabled on the page.

Then I run UFW on my PC denying all incoming. It’s one of two rules (the other is port forwarding for CS:CZ server).

I thought running Mullvad VPN would be another good layer of obscurity, but whatever drive-by malware got through something somewhere. ClamAV reported no infections. No SSH and no RDP. I really am at a loss on how I got compromised.

Thanks for spitballing with me! I look forward to further insight.

So the pulseaudio package wasn’t installed. Installed it, ran the command, and it reports, “No PulseAudio daemon running, or not running as session daemon.”

I also lost sound. Checked into it, the Output switched from my HDMI to my USB Audio Interface. Switched it back to HDMI 5.1 and I’ve got audio back. If PulseAudio wasn’t in use, should we consider another one-liner?

God-tier comment here. Will run this right away. Thanks so much, will post findings. What a nice one-liner!