Good idea, I’ll put it on the list. I am getting excited though, because photorec is pulling basically my whole disk before deletion back, I’m gonna sort by file extension, grep through and see if I can find the syslogs between Jan 29th and Feb 4th

Oh and WINE updating its config when I hadn’t made changes, just gave me a funny feeling

I tell you what though I am pulling a shit tonne of .txt files off of this dump. I am gonna put them all in a folder, and grep through it. There’s definitely syslogs, I might be able to find out where it was going. If I can find the exact .DLL I could potentially open it up in a text editor and see where it was going. Schroot was established January the 29th and I didn’t discover it until February 4th so there’s a week of stuff to comb through. No filenames, obviously it’s just the segment of the disk the file was found on. But the data is there still.

Different country, also I wouldn’t trust any administration with that.

Let it be a lesson. Do not live out of the same machine you connect from, do not keep everything in one place. Family photos filled with exif data. applications I’d built from source and configured specifically for my hardware. pages and pages of config files, music collection, documents, pdfs. All of it is gone.

I had it set up so wine network access anyway, runs an authenticator because of the software license.

First image is the second half of the tree from my /home/. contains a whopping 37 directories.

2nd is what I believe to be the poisoned .Dll in the output of foremost’s audit.text

3rd is the beginning of the audit.

4th is the first half of the tree for home. Sorry for out of order.

5th is photorec which is currently digging through the img…

6th is the out put from my first attempt at using foremost to file carve. didn’t work because the img was mounted

7th is my poor desktop which is now just the default kde screen the browser I’m talking to you on and the Win10.iso I burned onto my housemates laptop.

Sorry friend, I’m not gonna send you an image of the disk. This just happened to me, I’m not about to trust an anonymous good samaritan.

What’s open snitch? I was just gonna focus on learning docker, containerise everything. Never Again.

I didn’t own the network, that was the problem. My distro has security updates still, everything comes from repositories. I didn’t containerise everything. That was my fault. WINE had network access and filesystem access and it wasn’t in a container, and the password to the router was very short and plain text, once you have access to a machine on the network. Absolutely chilling, finding the root /run/. 128TB man. I use clamav and it identified winexpiro hidden in a .DLL called .BRM. Supposedly for Windows 6. WINE is just a compatability layer, so you can push any .DLL into it. This is why I NEED to learn commandline docker, because it’s just not fucking safe. I don’t know whose machine it got to first, but once you’re connected to a machine as admin that’s connected to a router as admin. To resolve it, I unplugged the router, shut down the wifi cards and closed all the logical ports. After my data was wiped. I took a look in cron hourly/daily/weekly/monthly and crontab. Found scripts in /tmp/ found a whole bunch .services that run at startup. Found tonnes of scripts to start privoxy. Found Keyloggers in the .services. Found user login credentials and ssh keys I’d never seen. Like Fuck me.

The most frustrating part, nobody understands man. That’s how this whole fucking digital oligarchy bullshit became reality. It’s like the people who don’t get that the new distros valve are associated with are just so Gabe Newell has exclusive access to your data. The GUI fucking ruined peoples understanding of these machines. I swear.

I don’t use paypal, but thank you. Bro I explained this on .ml and their first question was why do you have a computer with 128 terrabytes of storage. like, my god

And here are the images of the Audit from Foremost because fucking Catbox won’t fucking work https://ibb.co/Y7p1SxJK

https://ibb.co/nN0RKhF1

I don’t have a computer with 128.7tb of storage that was the server farm rooted into me. I don’t fucking know, everything comes from respoitories. I would suspect one of my housemates, who, since we all had admin access to the router would give them access to my machine as well

https://files.catbox.moe/hstfnq.png

https://files.catbox.moe/9nkvc6.png

Yes, it absolutely FUCKING did. Dumbass