Rev. 1 - Добавлены точки монтирования для справки и дополнительная информация blk/snap. Rev. 2 - Добавлены файлы журнала в блоке кода и на скриншоте, так как они не совпадают.
Я считаю, что на моем локальном SSD или живом USB-диске есть скрытый или замаскированный раздел, который я использовал для загрузки своего ноутбука в данном конкретном случае, и что этот раздел содержит вредоносное ПО, которое я не смог удалить. После выполнения команды udisksctl на моем живом USB, я получаю вывод, показанный ниже. USB (карта microSD в картридере PNY) была физически защищена от записи до того, как была вставлена в зараженный ПК, поэтому я знаю, что USB чистый и не заражен. Может кто-нибудь помочь мне понять вывод и объяснить, как я могу удалить объект с моего компьютера?
Замечания:
Я включил вывод из fdisk -l во второй блок кода для дополнительной информации. У меня только один SSD в ноутбуке и только один USB-кардридер, содержащий мою карту microSD (live USB). Карта microSD использовалась для загрузки ПК с использованием Ubuntu 18.10.
root@ubuntu:/home/ubuntu# udisksctl info -p /dev/sdb1
(udisksctl info:8905): GLib-GIO-CRITICAL **: 06:27:40.321: g_dbus_object_manager_get_object: assertion 'g_variant_is_object_path (object_path)' failed
Error looking up object with path /dev/sdb1
root@ubuntu:/home/ubuntu# udisksctl info -b /dev/sdb1
/org/freedesktop/UDisks2/block_devices/sdb1:
org.freedesktop.UDisks2.Block:
Configuration: [('fstab', {'fsname': , 'dir': , 'type': , 'opts': , 'freq': , 'passno': })]
CryptoBackingDevice: '/'
Device: /dev/sdb1
DeviceNumber: 2065
Drive: '/org/freedesktop/UDisks2/drives/Multiple_Card__Reader_058F63666438'
HintAuto: true
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: false
Id: by-uuid-18E7-1F79
IdLabel: MULTIBOOT
IdType: vfat
IdUUID: 18E7-1F79
IdUsage: filesystem
IdVersion: FAT32
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/sdb1
ReadOnly: true
Size: 15661531136
Symlinks: /dev/disk/by-id/usb-Multiple_Card_Reader_058F63666438-0:0-part1
/dev/disk/by-label/MULTIBOOT
/dev/disk/by-partuuid/f7cd59a9-01
/dev/disk/by-path/pci-0000:00:14.0-usb-0:1.4:1.0-scsi-0:0:0:0-part1
/dev/disk/by-uuid/18E7-1F79
UserspaceMountOptions:
org.freedesktop.UDisks2.Filesystem:
MountPoints:
Size: 0
org.freedesktop.UDisks2.Partition:
Flags: 128
IsContained: false
IsContainer: false
Name:
Number: 1
Offset: 4194304
Size: 15661531136
Table: '/org/freedesktop/UDisks2/block_devices/sdb'
Type: 0x0c
UUID: f7cd59a9-01
root@ubuntu:/home/ubuntu# fdisk -l Disk /dev/loop0: 1.9 GiB, 1999503360 bytes, 3905280 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x133f436e Device Boot Start End Sectors Size Id Type /dev/loop0p1 * 0 3905279 3905280 1.9G 0 Empty /dev/loop0p2 3828884 3833811 4928 2.4M ef EFI (FAT-12/16/32) Disk /dev/loop1: 1.8 GiB, 1905549312 bytes, 3721776 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/loop2: 87.9 MiB, 92123136 bytes, 179928 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/loop3: 140.9 MiB, 147722240 bytes, 288520 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/loop4: 2.3 MiB, 2355200 bytes, 4600 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/loop5: 13 MiB, 13619200 bytes, 26600 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/loop6: 14.5 MiB, 15208448 bytes, 29704 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/loop7: 3.7 MiB, 3878912 bytes, 7576 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/sda: 465.8 GiB, 500107862016 bytes, 976773168 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/sdb: 14.6 GiB, 15665725440 bytes, 30597120 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0xf7cd59a9 Device Boot Start End Sectors Size Id Type /dev/sdb1 * 8192 30597119 30588928 14.6G c W95 FAT32 (LBA) Disk /dev/loop8: 42.1 MiB, 44183552 bytes, 86296 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes root@ubuntu:/home/ubuntu#
ubuntu@ubuntu:~$ findmnt TARGET SOURCE FSTYPE OPTIONS / /cow overlay rw,relatime,lowerdir=// ├─/sys sysfs sysfs rw,nosuid,nodev,noexec, │ ├─/sys/kernel/security securityfs securit rw,nosuid,nodev,noexec, │ ├─/sys/fs/cgroup tmpfs tmpfs ro,nosuid,nodev,noexec, │ │ ├─/sys/fs/cgroup/unified cgroup2 cgroup2 rw,nosuid,nodev,noexec, │ │ ├─/sys/fs/cgroup/systemd cgroup cgroup rw,nosuid,nodev,noexec, │ │ ├─/sys/fs/cgroup/freezer cgroup cgroup rw,nosuid,nodev,noexec, │ │ ├─/sys/fs/cgroup/perf_event cgroup cgroup rw,nosuid,nodev,noexec, │ │ ├─/sys/fs/cgroup/hugetlb cgroup cgroup rw,nosuid,nodev,noexec, │ │ ├─/sys/fs/cgroup/memory cgroup cgroup rw,nosuid,nodev,noexec, │ │ ├─/sys/fs/cgroup/cpu,cpuacct cgroup cgroup rw,nosuid,nodev,noexec, │ │ ├─/sys/fs/cgroup/devices cgroup cgroup rw,nosuid,nodev,noexec, │ │ ├─/sys/fs/cgroup/cpuset cgroup cgroup rw,nosuid,nodev,noexec, │ │ ├─/sys/fs/cgroup/rdma cgroup cgroup rw,nosuid,nodev,noexec, │ │ ├─/sys/fs/cgroup/net_cls,net_prio cgroup cgroup rw,nosuid,nodev,noexec, │ │ ├─/sys/fs/cgroup/blkio cgroup cgroup rw,nosuid,nodev,noexec, │ │ └─/sys/fs/cgroup/pids cgroup cgroup rw,nosuid,nodev,noexec, │ ├─/sys/fs/pstore pstore pstore rw,nosuid,nodev,noexec, │ ├─/sys/firmware/efi/efivars efivarfs efivarf rw,nosuid,nodev,noexec, │ ├─/sys/fs/bpf bpf bpf rw,nosuid,nodev,noexec, │ ├─/sys/kernel/debug debugfs debugfs rw,relatime │ ├─/sys/fs/fuse/connections fusectl fusectl rw,relatime │ └─/sys/kernel/config configfs configf rw,relatime ├─/proc proc proc rw,nosuid,nodev,noexec, │ └─/proc/sys/fs/binfmt_misc systemd-1 autofs rw,relatime,fd=30,pgrp= ├─/dev udev devtmpf rw,nosuid,relatime,size │ ├─/dev/pts devpts devpts rw,nosuid,noexec,relati │ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev │ ├─/dev/mqueue mqueue mqueue rw,relatime │ └─/dev/hugepages hugetlbfs hugetlb rw,relatime,pagesize=2M ├─/run tmpfs tmpfs rw,nosuid,noexec,relati │ ├─/run/lock tmpfs tmpfs rw,nosuid,nodev,noexec, │ └─/run/user/999 tmpfs tmpfs rw,nosuid,nodev,relatim │ └─/run/user/999/gvfs gvfsd-fuse fuse.gv rw,nosuid,nodev,relatim ├─/isodevice /dev/sdb1 vfat ro,relatime,fmask=0022, ├─/cdrom /dev/loop0 iso9660 ro,noatime,nojoliet,che ├─/rofs /dev/loop1 squashf ro,noatime ├─/tmp tmpfs tmpfs rw,nosuid,nodev,relatim ├─/snap/core/5662 /dev/loop2 squashf ro,nodev,relatime ├─/snap/gnome-3-26-1604/70 /dev/loop3 squashf ro,nodev,relatime ├─/snap/gnome-calculator/238 /dev/loop4 squashf ro,nodev,relatime ├─/snap/gnome-characters/124 /dev/loop5 squashf ro,nodev,relatime ├─/snap/gnome-logs/45 /dev/loop6 squashf ro,nodev,relatime ├─/snap/gnome-system-monitor/57 /dev/loop7 squashf ro,nodev,relatime └─/snap/gtk-common-themes/701 /dev/loop8 squashf ro,nodev,relatime
ubuntu@ubuntu:~$ sudo snap list
Name Version Rev Tracking Publisher Notes
core 16-2.35.4 5662 stable canonical✓ core
gnome-3-26-1604 3.26.0 70 stable/… canonical✓ -
gnome-calculator 3.30.0 238 stable/… canonical✓ -
gnome-characters 3.29.91 124 stable/… canonical✓ -
gnome-logs 3.30.0 45 stable/… canonical✓ -
gnome-system-monitor 3.30.0 57 stable/… canonical✓ -
gtk-common-themes 0.1 701 stable/… canonical✓ -
ubuntu@ubuntu:~$ sudo losetup
NAME SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE DIO LOG-SEC
/dev/loop1
0 0 0 1 /cdrom/casper/filesystem.squashfs 0 512
/dev/loop8
0 0 1 1 /var/lib/snapd/snaps/gtk-common-themes_701.snap
0 512
/dev/loop6
0 0 1 1 /var/lib/snapd/snaps/gnome-logs_45.snap
0 512
/dev/loop4
0 0 1 1 /var/lib/snapd/snaps/gnome-calculator_238.snap
0 512
/dev/loop2
0 0 1 1 /var/lib/snapd/snaps/core_5662.snap
0 512
/dev/loop0
0 0 0 1 /isodevice/multiboot/ubuntu-18.10-desktop-amd64/ubuntu-18.10-desktop-amd64.iso
0 512
/dev/loop7
0 0 1 1 /var/lib/snapd/snaps/gnome-system-monitor_57.snap
0 512
/dev/loop5
0 0 1 1 /var/lib/snapd/snaps/gnome-characters_124.snap
0 512
/dev/loop3
0 0 1 1 /var/lib/snapd/snaps/gnome-3-26-1604_70.snap
0 512
ubuntu@ubuntu:~$ sudo lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 1.9G 1 loop /cdrom
loop1 7:1 0 1.8G 1 loop /rofs
loop2 7:2 0 87.9M 1 loop /snap/core/5662
loop3 7:3 0 140.9M 1 loop /snap/gnome-3-26-1604/70
loop4 7:4 0 2.3M 1 loop /snap/gnome-calculator/238
loop5 7:5 0 13M 1 loop /snap/gnome-characters/124
loop6 7:6 0 14.5M 1 loop /snap/gnome-logs/45
loop7 7:7 0 3.7M 1 loop /snap/gnome-system-monitor/57
loop8 7:8 0 42.1M 1 loop /snap/gtk-common-themes/701
sda 8:0 0 465.8G 0 disk
sdb 8:16 1 14.6G 1 disk
└─sdb1 8:17 1 14.6G 1 part /isodevice
sr0 11:0 1 1024M 0 rom
09:24:26 gnome-logs: g_object_unref: assertion 'G_IS_OBJECT (object)' failed 09:24:26 gnome-logs: g_object_unref: assertion 'G_IS_OBJECT (object)' failed 09:24:26 gnome-logs: g_file_info_get_attribute_boolean: assertion 'G_IS_FILE_INFO (info)' failed 09:24:01 gnome-shell: main.go:192: cannot change mount namespace of snap "gnome-logs" according to change mount (/snap/gtk-common-themes/701/share/icons/Suru /snap/gnome-logs/45/data-dir/icons/Suru none bind,ro 0 0): cannot use "/snap/gtk-common-themes/701/share/icons/Suru" as bind-mount source: not a directory 09:23:24 systemd: Started Cleanup of Temporary Directories. 09:23:24 systemd-tmpfile: [/usr/lib/tmpfiles.d/spice-vdagentd.conf:2] Line references path below legacy directory /var/run/, updating /var/run/spice-vdagentd → /run/spice-vdagentd; please update the tmpfiles.d/ drop-in file accordingly. 09:23:24 systemd: Starting Cleanup of Temporary Directories... 09:20:13 sudo: pam_unix(sudo:session): session closed for user root 09:17:02 cron: pam_unix(cron:session): session closed for user root 09:14:01 gnome-shell: (/usr/lib/firefox/firefox:4819): dconf-WARNING **: 09:14:01.070: Unable to open /var/lib/snapd/desktop/dconf/profile/user: Permission denied 09:10:45 systemd-timesyn: Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com). 09:10:27 whoopsie: [09:10:27] online 09:10:26 nm-dispatcher: req:2 'dhcp6-change' [eno1]: start running ordered scripts... 09:10:26 avahi-daemon: Registering new address record for fd23:ebf1:2476::8e8 on eno1.*. 09:10:26 NetworkManager: [1546247426.2969] dhcp6 (eno1): state changed unknown -> bound, event ID="82:3b:21:9b|1546247426" 09:10:26 dhclient: RCV: Reply message on eno1 from fe80::e695:6eff:fe43:ef1b. 09:10:25 avahi-daemon: Registering new address record for fd23:ebf1:2476:0:f9f2:9185:8ede:f286 on eno1.*. 09:10:24 dhclient: message status code NotOnLink. 09:10:23 avahi-daemon: Withdrawing address record for fe80::27c:1685:20f4:5560 on eno1. 09:10:23 NetworkManager: [1546247423.9360] dhcp6 (eno1): dhclient started with pid 4611 09:10:22 systemd-resolve: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP. 09:10:22 nm-dispatcher: req:1 'up' [eno1]: start running ordered scripts... 09:10:22 systemd: Started Network Manager Script Dispatcher Service. 09:10:22 dbus-daemon: [system] Successfully activated service 'org.freedesktop.nm_dispatcher' 09:10:22 gsd-sharing: Failed to StopUnit service: GDBus.Error:org.freedesktop.systemd1.NoSuchUnit: Unit gnome-remote-desktop.service not loaded. 09:10:22 systemd: Starting Network Manager Script Dispatcher Service... 09:10:22 dbus-daemon: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.18' (uid=0 pid=1193 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined") 09:10:22 dhclient: bound to 192.168.8.145 -- renewal in 17038 seconds. 09:10:22 NetworkManager: [1546247422.1574] device (eno1): Activation: successful, device activated. 09:10:22 avahi-daemon: Registering new address record for 192.168.8.145 on eno1.IPv4. 09:10:22 NetworkManager: [1546247422.1514] dhcp4 (eno1): state changed unknown -> bound 09:10:22 dhclient: DHCPACK of 192.168.8.145 from 192.168.8.1 09:10:22 avahi-daemon: Registering new address record for fe80::27c:1685:20f4:5560 on eno1.*. 09:10:22 NetworkManager: [1546247422.1169] dhcp4 (eno1): dhclient started with pid 4522 09:10:22 kernel: r8169 0000:02:00.0 eno1: link up 09:10:22 NetworkManager: [1546247422.1006] device (eno1): carrier: link connected 09:09:41 su: pam_unix(su:session): session closed for user root 09:09:03 systemd: Startup finished in 4.950s (firmware) + 14.452s (loader) + 21.870s (kernel) + 51.332s (userspace) = 1min 32.606s. 09:09:02 apparmor_parser: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.gnome-calculator.gnome-calculator" pid=4373 comm="apparmor_parser" 09:09:01 kernel: audit: type=1400 audit(1546247341.308:225): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.gnome-calculator.gnome-calculator" pid=4341 comm="apparmor_parser" 09:09:01 apparmor_parser: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.gnome-calculator.gnome-calculator" pid=4341 comm="apparmor_parser" 09:09:01 kernel: audit: type=1400 audit(1546247341.068:224): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.gnome-calculator" pid=4339 comm="apparmor_parser" 09:09:01 apparmor_parser: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.gnome-calculator" pid=4339 comm="apparmor_parser" 09:09:00 kernel: audit: type=1400 audit(1546247340.892:223): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.gnome-logs.gnome-logs" pid=4332 comm="apparmor_parser" 09:09:00 apparmor_parser: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.gnome-logs.gnome-logs" pid=4332 comm="apparmor_parser" 09:09:00 kernel: audit: type=1400 audit(1546247340.664:222): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.gnome-logs" pid=4330 comm="apparmor_parser" 09:09:00 apparmor_parser: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.gnome-logs" pid=4330 comm="apparmor_parser" 09:09:00 kernel: audit: type=1400 audit(1546247340.420:221): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.gnome-logs.gnome-logs" pid=4322 comm="apparmor_parser" 09:09:00 apparmor_parser: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.gnome-logs.gnome-logs" pid=4322 comm="apparmor_parser" 09:09:00 kernel: audit: type=1400 audit(1546247340.196:220): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.gnome-logs" pid=4320 comm="apparmor_parser" 09:09:00 apparmor_parser: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.gnome-logs" pid=4320 comm="apparmor_parser" 09:09:00 kernel: audit: type=1400 audit(1546247340.028:219): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.gnome-characters.gnome-characters" pid=4312 comm="apparmor_parser" 09:09:00 apparmor_parser: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.gnome-characters.gnome-characters" pid=4312 comm="apparmor_parser"
