LOLseasSep 4, 2025

Hacked PC - random sounds playing

https://sh.itjust.works/post/45416654

Hacked PC - random sounds playing - sh.itjust.works

My fellow penguins, I have been pwned. What started off as weeks of smiling everytime I heard a 7-10s soundbyte of Karma Factory’s “Where Is My Mind” has now devolved into hearing dashes and dots (Morse Code) and my all-time favorite, a South Park S13: Dead Celebrities soundbyte of Ike’s Dad saying, “Ike, we are sick of you talking about ghosts!” It’s getting old now. I feel like these sounds should be grepable in some log somewhere, but I’m a neophyte to this. I’ve done a clean (secure wipe >> reinstall) already, the sounds returned not even a day later. Distro is Debian Bookworm. So how do I find these soundbytes? And how do I overcome this persistence? UFW is blocking inbound connection attempts everyday, but the attacker already established a foothold. Thank you in advance. LOLseas

Show threadbcovertigo

Can you record the noise and share it? Consider outlook’s recent arbitrary webdav exploit that fetched a malicious payload from the internet to run if you said it was a custom notifocation sound. That directly attacked a sound producing function and is silent.

It’s not impossible this is an attack but it’s a very rube-goldberg scenario that leads to to suppose there is a literal noisy attacker who can persist through reimaging but can’t stop fucking up an existing sound channel.

Sep 5, 2025 at 2:31pmWeb
Show threadLOLseasSep 5, 2025

I would love to catch the event, but it’s sporadic. I stumbled across the gnome-logs package and see concerning events such as “Warning: writing to insecure memory!” from a running service: tracker-extract-3.service. But that service, though named intimidatingly, just watches the file directory for updates/new files.

I’m dealing with Morse Code atm and it’s a welcomed relief from the South Park or Karma Factory bytes.

Also, I installed Ventoy on my USB drive and put a Gentoo Live iso as well as Debian, Slax, and QubesOS. I intend to reinstall (thinking of starting with Gentoo).

Show threadrudyharrelsonSep 5, 2025

Also, how can I get Lemmy to show codecommands formatting? I use Jerboa but don’t see a code block option.

For inline code like this, wrap the text in backticks `like this`.

For multi-line code, wrap the text in triple backticks ``` like this ```

Show threadLOLseasSep 5, 2025
Thanks so much!
Show threadPoolloverNathanSep 5, 2025
Don’t run sha256sum -c on your suspect file — it expects to be passed a file containing hashes and other filenames. sha256sum the iso itself instead and check by eye, or make such a hash file.
Show threadLOLseasSep 6, 2025

Downloaded the Gentoo LiveUSB image again from a running Gentoo LiveUSB session, from gentoo.org and also the .iso.sha256 file. Ran ‘sha256sum’ on both files. They mismatch. Photo included.

Show threadSkavarSharraddasSep 6, 2025
I think you need to run sha256sum -c *.iso.sha256sum (note the -c) to check the .iso file against the downloaded .sha256sum file. Or just cat the .sha256sum file and check that its content matches your output here.