I'd certainly appreciate some advice.
Hard Freeze - USB malware?
Latpop froze with an “in progress” stationary “usually spinning” circle near the USB in thunar, required a hard shutdown.
I opened Freefilesync, I believe that I opened this USB in Freefilesync, I then clicked on the USB for some reason, and the laptop froze with an “in progress” stationary “usually spinning” circle near the USB in thunar. It stayed in this state, it did not go to a dark screen and display error messages, what I labeled as crashing and experienced in the past with this laptop when running on Mint, or older kernels in MX21. It did not respond to REISUB at all, and I had to do a hard shutdown. Note, this was different that any other issue I had before with this laptop in that it was a hard freeze, and did not respond to REISUB; the 5.16 AHS kernel resolved those issues I do believe. The freeze happened within minutes of starting the laptop and inserting the USB.
This paragraph will describe what appears to be associated with the hard freeze from observations; not really from any evidence such as logs or error messages, etc. - so it could be coincidental or incidental. From observation, use, I suspect three (3) possible causes. A fat32 formatted USB was recently inserted in a Windows machine at a printing office in some hillbilly town and they didn’t appear to be real tech savvy, but one of them could have caught their head in a propeller – thank you m_pav.
1 - A USB with malware appears plausible.
2nd - It did happened while I was using Freefilesync, and I don’t recall exactly what happened but something was not working right, so I’m suspected a communication glitch between Freefilesync, the USB and perhaps thunar.
3rd - The laptop was in a vehicle and got chilled to possibly 40 – 50 degrees Fahrenheit, but it warmed to up near room temperature before I powered up.
4th – An aberration.
==============================================================================================================================
Brief history with the laptop:
Definition: crash – laptop (LT) is unresponsive, then displaying error messages. I then REISUB, followed with a power button for complete shutdown.
Linux Mint 20.2 Xfce kernels - persistent crashing.
MX21-Xfce-Non-AHS ISO 5.10 LTS kernel, much better, but eventually (~100 hrs.) a crash, very similar symptoms and error messages.
MX21-Xfce-AHS ISO 5.14 kernel, much better than 5.10, but subtle (seemed subtle then) hesitations, eventually (~200 hrs) a crash.
ROCK SOLID on MX21-Xfce-AHS ISO 5.16 kernel, no hesitations (EXCEPT after exploratory surgery by me)
On an installation (not on a USB) I tried copying "Entire home" with MX User Manager>Copy/Snyc from the user to /etc/skel
Since removing the above, ROCK SOLID.
==========================================================================================================
Code: Select all
System: Kernel: 5.16.0-4mx-amd64 x86_64 bits: 64 compiler: gcc v: 10.2.1
parameters: BOOT_IMAGE=/boot/vmlinuz-5.16.0-4mx-amd64
root=UUID=<filter> ro quiet splash
Desktop: Xfce 4.16.0 tk: Gtk 3.24.24 info: xfce4-panel wm: xfwm 4.16.1 vt: 7
dm: LightDM 1.26.0 Distro: MX-21_ahs_x64 Wildflower November 22 2021
base: Debian GNU/Linux 11 (bullseye)
Machine: Type: Laptop System: HP product: HP Pavilion Laptop 15z-eh000 v: N/A serial: <filter>
Chassis: type: 10 serial: <filter>
Mobo: HP model: 87C5 v: 35.24 serial: <filter> UEFI: AMI v: F.10 date: 11/03/2020
Battery: ID-1: BAT0 charge: 39.2 Wh (100.0%) condition: 39.2/39.2 Wh (100.0%) volts: 12.7
min: 11.3 model: Hewlett-Packard Primary type: Li-ion serial: N/A status: Full
cycles: 352
CPU: Info: 8-Core model: AMD Ryzen 7 4700U with Radeon Graphics bits: 64 type: MCP
arch: Zen 2 family: 17 (23) model-id: 60 (96) stepping: 1 microcode: 8600106 cache:
L2: 4 MiB
flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 31940
Speed: 1572 MHz min/max: 1400/2000 MHz boost: enabled Core speeds (MHz): 1: 1572
2: 1472 3: 1426 4: 1376 5: 1370 6: 1343 7: 1439 8: 1389
Vulnerabilities: Type: itlb_multihit status: Not affected
Type: l1tf status: Not affected
Type: mds status: Not affected
Type: meltdown status: Not affected
Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via prctl
Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization
Type: spectre_v2
mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling
Type: srbds status: Not affected
Type: tsx_async_abort status: Not affected
Graphics: Device-1: AMD Renoir vendor: Hewlett-Packard driver: amdgpu v: kernel bus-ID: 04:00.0
chip-ID: 1002:1636 class-ID: 0300
Device-2: Luxvisions Innotech Limited HP Wide Vision HD Camera type: USB
driver: uvcvideo bus-ID: 1-3:2 chip-ID: 30c9:000e class-ID: 0e02
Display: x11 server: X.Org 1.20.13 compositor: xfwm4 v: 4.16.1 driver:
loaded: amdgpu,ati unloaded: fbdev,modesetting,vesa display-ID: :0.0 screens: 1
Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.0x11.2")
s-diag: 582mm (22.9")
Monitor-1: eDP res: 1920x1080 hz: 60 dpi: 142 size: 344x194mm (13.5x7.6")
diag: 395mm (15.5")
OpenGL: renderer: AMD RENOIR (DRM 3.44.0 5.16.0-4mx-amd64 LLVM 12.0.1)
v: 4.6 Mesa 21.2.5 direct render: Yes
Audio: Device-1: AMD Renoir Radeon High Definition Audio vendor: Hewlett-Packard
driver: snd_hda_intel v: kernel bus-ID: 04:00.1 chip-ID: 1002:1637 class-ID: 0403
Device-2: AMD Raven/Raven2/FireFlight/Renoir Audio Processor vendor: Hewlett-Packard
driver: snd_rn_pci_acp3x v: kernel alternate: snd_pci_acp3x bus-ID: 04:00.5
chip-ID: 1022:15e2 class-ID: 0480
Device-3: AMD Family 17h HD Audio vendor: Hewlett-Packard driver: snd_hda_intel
v: kernel bus-ID: 04:00.6 chip-ID: 1022:15e3 class-ID: 0403
Sound Server-1: ALSA v: k5.16.0-4mx-amd64 running: yes
Sound Server-2: PulseAudio v: 14.2 running: yes
Network: Device-1: Realtek RTL8822CE 802.11ac PCIe Wireless Network Adapter
vendor: Hewlett-Packard driver: rtw_8822ce v: N/A modules: rtw88_8822ce,wl port: f000
bus-ID: 02:00.0 chip-ID: 10ec:c822 class-ID: 0280
IF: wlan0 state: up mac: <filter>
Bluetooth: Device-1: Realtek Bluetooth Radio type: USB driver: btusb v: 0.8 bus-ID: 1-4:3
chip-ID: 0bda:b00c class-ID: e001 serial: <filter>
Report: hciconfig ID: hci0 rfk-id: 1 state: up address: <filter> bt-v: 3.0 lmp-v: 5.1
sub-v: a0cb hci-v: 5.1 rev: 9a8
Info: acl-mtu: 1021:6 sco-mtu: 255:12 link-policy: rswitch hold sniff park
link-mode: slave accept service-classes: rendering, capturing, audio
Drives: Local Storage: total: 932.44 GiB used: 73.04 GiB (7.8%)
SMART Message: Unable to run smartctl. Root privileges required.
ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Western Digital model: WDS100T2B0C-00PXH0
size: 931.51 GiB block-size: physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4
type: SSD serial: <filter> rev: 211070WD temp: 28.9 C scheme: GPT
ID-2: /dev/sda maj-min: 8:0 type: USB vendor: Kingston model: DataTraveler 2.0
size: 953.5 MiB block-size: physical: 512 B logical: 512 B type: N/A serial: <filter>
rev: 1.00 scheme: MBR
SMART Message: Unknown USB bridge. Flash drive/Unsupported enclosure?
Partition: ID-1: / raw-size: 30 GiB size: 29.36 GiB (97.87%) used: 12.05 GiB (41.0%) fs: ext4
dev: /dev/nvme0n1p5 maj-min: 259:5
ID-2: /boot/efi raw-size: 512 MiB size: 511 MiB (99.80%) used: 428 KiB (0.1%)
fs: vfat dev: /dev/nvme0n1p1 maj-min: 259:1
ID-3: /home raw-size: 20 GiB size: 19.52 GiB (97.59%) used: 863.9 MiB (4.3%) fs: ext4
dev: /dev/nvme0n1p4 maj-min: 259:4
ID-4: /tmp raw-size: 8 GiB size: 7.78 GiB (97.21%) used: 2.4 MiB (0.0%) fs: ext4
dev: /dev/nvme0n1p3 maj-min: 259:3
Swap: Kernel: swappiness: 15 (default 60) cache-pressure: 100 (default)
ID-1: swap-1 type: partition size: 8.1 GiB used: 0 KiB (0.0%) priority: -2
dev: /dev/nvme0n1p2 maj-min: 259:2
Sensors: System Temperatures: cpu: 49.0 C mobo: N/A gpu: amdgpu temp: 42.0 C
Fan Speeds (RPM): cpu: 0 fan-2: 0
Repos: Packages: note: see --pkg apt: 2447 lib: 1253 flatpak: 0
No active apt repos in: /etc/apt/sources.list
Active apt repos in: /etc/apt/sources.list.d/brave-browser-release.list
1: deb [arch=amd64] https://brave-browser-apt-release.s3.brave.com/ bullseye main
Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list
1: deb http://deb.debian.org/debian bullseye-updates main contrib non-free
Active apt repos in: /etc/apt/sources.list.d/debian.list
1: deb http://deb.debian.org/debian bullseye main contrib non-free
2: deb http://security.debian.org/debian-security bullseye-security main contrib non-free
Active apt repos in: /etc/apt/sources.list.d/google-chrome.list
1: deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main
Active apt repos in: /etc/apt/sources.list.d/mx.list
1: deb http://mxrepo.com/mx/repo/ bullseye main non-free
2: deb http://mxrepo.com/mx/repo/ bullseye ahs
Active apt repos in: /etc/apt/sources.list.d/opera-stable.list
1: deb https://deb.opera.com/opera-stable/ stable non-free #Opera Browser (final releases)
Active apt repos in: /etc/apt/sources.list.d/spotify.list
1: deb http://repository.spotify.com stable non-free
Active apt repos in: /etc/apt/sources.list.d/vivaldi.list
1: deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main
Info: Processes: 299 Uptime: 9m wakeups: 1278 Memory: 7.21 GiB used: 1.77 GiB (24.6%)
Init: SysVinit v: 2.96 runlevel: 5 default: 5 tool: systemctl Compilers: gcc: 10.2.1
alt: 10 Shell: Bash v: 5.1.4 running-in: quick-system-info-mx
inxi: 3.3.06
Boot Mode: UEFI
I looked at var/logs/syslogs real quick, but I don’t know what to look for, and not sure if anything would appear with such a hard freeze.
I do have some recent Timeshift snapshots and some MX Snapshots.
Without knowing what caused this, even if it was some type of malware, I’d assume one could not know for certain if it could or would carry over or find it’s way into a restored Timeshift snapshot.
One other thing, I was going to use this setup as MY “final release” for an MX Snapshot which I was then going to distribute to other people and computers, so I don’t really want to distribute something with potential malware.
If I should, I’d rather reinstall from an old MX Snapshot or reinstall from scratch.
Should I scan anything for malware with ClamAV or some other app? Should I focus on scanning the fat32 partitions on the laptop, the USB?
Should I scan before I do whatever is suggested, e.g. restore a Timeshift snapshot.
I’ve never really owned a Windows computer other than dual-booting, so I don’t know what to look for.
Any suggestions or advice would be much appreciated.
Thank you for reading.
I copy & paste to the terminal. Liars, Wiseguys, Trolls, and those without manners will be added to my ignore list. 