MX Linux Forum

Posted: **Sat Nov 25, 2023 12:49 pm**

++Title EDIT Original title: "Suspicious Password Window Notification(s)" and that part was solved by fehlix's post #15.
But in addition to fehlix's suggestion, I have more confirmation that it is indeed ProtonVPN's popup window and error messages, which if I rename the title, it isn't exactly solved. End Edit.

I received - at least what seemed to me - to be a suspicious password window.

++Latest EDIT - notification image links expired, but I confirmed one more notification, and received others pertaining to ProtonVPN.
See images at bottom of this post - post #1. End Latest Edit

I've attached a link to an image: https://ibb.co/KNLvBxb

It obviously read Authentication Required, yet oddly the password was already entered into the password box.
There was no GUI way (that I could find) to determine what was requesting the password.
When I viewed the password, it appeared to be a randomly generated password about 25 characters in length.

I hope that this is some common window that I'm simply not aware of, and I do NOT know what caused it to appear, but I mention what I was viewing during, and maybe of particular importance, for some time previously to this.

I was using the Brave Browser at the time, I do not log into my browsers – I haven't for some time, year(s).
IIRC, this is the page that I was viewing the first time the window appeared: https://www.mojeek.com/preferences
and https://www.mojeek.com/about/why-mojeek immediately prior to this, I was viewing other mojeek pages.

Before that I had opened many SearXNG instances.
https://searx.space/
https://searx.space/# [Example, click "Engines" up top, then "Web"]
https://uptime.searxng.org/
https://docs.searxng.org/user/

Maybe irrelevant, and again, I don't know what caused this, but I suspect that individuals with this capability likely have the abilities for nefarious actions too.

From: https://docs.searxng.org/own-instance.html

What are the consequences of using public instances?
If someone uses a public instance, they have to trust the administrator of that instance. This means that the user of the public instance does not know whether their requests are logged, aggregated and sent or sold to a third party.

Also, public instances without proper protection are more vulnerable to abusing the search service, In this case the external service in exchange returns CAPTCHAs or bans the IP of the instance. Thus, search requests return less results.

On the surface, quality assurance from: https://docs.searxng.org/ additional links in here seem OK https://dev.searxng.org/

++EDIT FYI Recently ~2 wks, I've been using a VPN, but haven't seen that window before.

Anyway, any ideas what it might be?
Should I be concerned?
Should I run Clamav or something?

FYI – Since then I've been running Chromium and Brave in firejail, but I had to disable firejail to upload an image.

Cheers!

Posted: **Sat Nov 25, 2023 11:08 pm**

I would not put any password in a random authentication window. Usually you need to know where the window comes from, what did you do what prompted the window and the window itself should tell you what program it is for.

Posted: **Sun Nov 26, 2023 12:02 am**

That's why I posted, it was very unusual, I never encountered anything like it and it didn't seem that I did anything that would invoke it, it seemed to just appear and there was no GUI way of finding what it was for.

One thing that I did not mention – realized shortly after, is that it reappeared about 4 – 5 times, within a few minutes.
From my perspective, I was browsing the web, then suddenly that window appeared. My first thoughts were, that's oddly suspicious, it certainly doesn't look like a chromium-based keyring request, and I haven't knowingly changed anything, didn't start autologin or anything.

IIRC, I logged-out, still got it, then rebooted and opened Chromium in firejail, later opening Brave in firejail.

I wouldn't touch it, except to escape – and the password was already completed.
I didn't see a browser extension symbol near it, as in image, so I'm almost certain that a password manager extension did not fill/enter the password – and I checked a few times.

I haven't encountered it today.

Thanks for the reply.

Posted: **Sun Nov 26, 2023 1:47 am**

It didn't ask for a any specific password, so I'd fill in for the bad actors that sent it, "whydontyouyeetyourselfintothesun" or something similar.

Posted: **Sun Nov 26, 2023 11:31 am**

I didn't want to acknowledge that it got through to display itself to me – if that's even how it may work.
And the password was already filled in, that looked even more suspicious, as though they wanted to change some password.

Good news, I learned what the word "yeet" means.
I recently installed the Mullvad Browser from the MXPI.

Also, I've been recently (~2months) using the frontend browser extension https://libredirect.github.io/
So, I thought I might have opened up more doors with all of these instances that I must trust, between SearXNG and LibRedirect.
For example, Invidious, Libreddit and LibreMD each, have about two-dozen instances.

Posted: **Tue Nov 28, 2023 10:17 pm**

As unfortunately expected, no one responded explaining what the window was and that it was safe, so it looks like I'll never solve this post, but for anyone interested and assuming that it was possibly malicious and possibly came from either SearXNG or LibRedirect, here's some somewhat relevant privacyguides banter regarding the risks in using SearXNG instances with a LibRedirect cameo.
https://discuss.privacyguides.net/t/remove-searxng/124

While the privacy potential of SearXNG seems almost astounding with available customization and frontends (see OP), the more channels or links in the chain that one must trust, plus maybe fingerprinting avoidance of hiding in numbers, makes me think that something as simple as Startpage, DDG, and about a dozen others may be better even if it doesn't have the potential of SearXNG (fork of SearX), SearX, LibreY https://librey.devol.it/instances.php (fork of LibreX) LibreX https://github.com/hnhx/librex/#readme, etc. Same with LibRedirect.

Maybe I should use https://wiby.me/
for a back-in-before-my-time-of-using-the-internet experience.

Cheerio!

Posted: **Sat Dec 09, 2023 2:12 pm**

Other windows appearing!
Can anyone identify these?

My original post was regarding this suspicious Authentication Required" window: https://ibb.co/7jdfL33

And my initial thoughts were the Brave Browser, a newly installed VPN, or some malware possibly from a combination of SearXNG instances or LibRedirect instances. Combined I'd avail myself to approximately 50 different instances and points of entry and trust – as opposed to maybe one if I used only Startpage or DuckDuckGo or something similar.

Speculations:
Brave Browser – notice partially duplicated bookmark folders in image: https://ibb.co/3sjzrD3
ProtonVPN app – newly installed (about time they appeared, maybe some a little before this, not sure)
SearXNG or LibRedirect Instances.

One would hope that someone who designs a notification, which is a form of communication, would not have such an insular mindset as to not identify/communicate from what program the notification originated.

Other Windows:
Originally linked suspicious "Authentication Required" window – unknown source.
"Something went wrong" – unknown source. https://ibb.co/Dg3DH1C

I only show these because they appeared more recently, and about the time that the recent "Something went wrong" window appeared, but IIRC, the SWW window also appeared before the originally suspicious "Authentication Required" window.

Could not connect to VPN: Only one VPN (ProtonVPN) app installed, new app, I installed using the entire gnome- desktop command. Note, xfce4-screenshooter>Capture active window did not work correctly.

===============================
VPN app window: https://ibb.co/JFRcJLd
Not suspicious, but Access denied after receiving above window.

I'd appreciate it if anyone could identify the "Authentication Required" or the "Something went wrong" windows.

Thanks for looking.

Posted: **Sat Dec 09, 2023 3:26 pm**

That is the System Password dialog box asking you for the password for elevated privilege. For example: you will see that dialog box when you install software, update MX Linux, and so on. The issue is what is triggering it. A good place to look for what is triggering it is in the logs. Mark down the exact time and each time the System Password dialog box pops up. I personally don't know where those logs are on your computer but maybe someone here knows and can tell you where they are located.

Posted: **Sat Dec 09, 2023 3:58 pm**

I think the auth.log in /var/log/ would be where to look?
Edit: I think you can also see the log in the other options when you run QSI.

Posted: **Sat Dec 09, 2023 10:33 pm**

I know KDE's Discover can apply updates to user installed SDM themes installed in the system settings, and they can pop up a password dialog box even after I close Discover if there's a lot of other installs going on ahead of that system-level SDM theme update...That's the only similar thing I have seen that's legit.

Posted: **Sun Dec 10, 2023 12:54 pm**

Thanks everyone for replying.

OK, I'm going to try to organize my images of appearing windows to help in replys too..
1 - Authentication Password Required https://ibb.co/7jdfL33 Main Concern/Problem
2 - Duplicated Bookmarks Brave Browser https://ibb.co/R3nzjfC
3 – Something Went Wrong https://ibb.co/Dg3DH1C
4 – ProtonVPN App https://ibb.co/JFRcJLd

I'm mostly concerned with window #1 - Authentication Password Required. https://ibb.co/7jdfL33
I can show and display the password, it contains 20 characters , my non-browser password manager defaults to using 16 characters, just checked, so it's not auto-filling it.

I show #2 - Duplicated Bookmarks Brave Browser https://ibb.co/R3nzjfC because it may have appeared around the same time – not sure.

I show #3 - Something Went Wrong https://ibb.co/Dg3DH1C for the same reason as above – maybe same time.

Originally, I showed #4 - ProtonVPN App https://ibb.co/JFRcJLd (notice connection error at top of image) "authentication denied"

I'm not attributing the following correlations to causation, just mentioning because they might be related.
Just yesterday I was almost certain that #3-Something Went Wrong was attributed to #4-ProtonVPN App as they appeared almost simultaneously, but then #3 appeared a lot yesterday.
Also, I noticed just now that #4-ProtonVPN App and #1-Authentication Password Required both use the word authentication, but….

@Mauser Which one do you think is the system password dialog box?
I'm not aware of this, what is it. I'm aware of the browser keylog passwords or whatever they're called, but these don’t' appear to be the same. Also, and I don't know, but I thought that Adrian and Stevo would have recognized this in previous replies. I do appreciate the reply.

Jed, I mean @clampett

I looked quickly yesterday, I don't know what to look for, but I'll follow Mauser's suggestion and write down the exact times when it happens again, and check that log again - thanks.

@Stevo, and others, sorry, I didn't post my QSI originally or again yesterday, should have posted QSI previously - MX-21.3_ahs Xfce

Code: Select all

Snapshot created on: 20220812_1130
System:    Kernel: 6.6.4-1-liquorix-amd64 [6.6-5~mx21ahs] x86_64 bits: 64 compiler: gcc v: 10.2.1 
           parameters: audit=0 intel_pstate=disable rcupdate.rcu_expedited=1 
           BOOT_IMAGE=/boot/vmlinuz-6.6.4-1-liquorix-amd64 root=UUID=<filter> ro quiet splash 
           Desktop: Xfce 4.18.1 tk: Gtk 3.24.24 info: xfce4-panel wm: xfwm 4.18.0 vt: 7 
           dm: LightDM 1.26.0 Distro: MX-21.3_ahs_x64 Wildflower November 22  2021 
           base: Debian GNU/Linux 11 (bullseye) 
Machine:   Type: Laptop System: ASUSTeK product: VivoBook_ASUSLaptop X512DA_F512DA v: 1.0 
           serial: <filter> 
           Mobo: ASUSTeK model: X512DA v: 1.0 serial: <filter> UEFI: American Megatrends 
           v: X512DA.310 date: 12/24/2019 
Battery:   ID-1: BAT0 charge: 16.9 Wh (60.8%) condition: 27.8/37.1 Wh (74.9%) volts: 7.8 min: 7.8 
           model: ASUSTeK ASUS Battery type: Li-ion serial: N/A status: Not charging cycles: 18 
CPU:       Info: Dual Core model: AMD Ryzen 3 3200U with Radeon Vega Mobile Gfx bits: 64 
           type: MT MCP arch: Zen family: 17 (23) model-id: 18 (24) stepping: 1 microcode: 8108102 
           cache: L2: 1024 KiB 
           flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 20761 
           Speed: 2717 MHz min/max: 1400/2600 MHz boost: enabled Core speeds (MHz): 1: 1692 
           2: 1692 3: 1693 4: 1693 
           Vulnerabilities: Type: gather_data_sampling status: Not affected 
           Type: itlb_multihit status: Not affected 
           Type: l1tf status: Not affected 
           Type: mds status: Not affected 
           Type: meltdown status: Not affected 
           Type: mmio_stale_data status: Not affected 
           Type: retbleed mitigation: untrained return thunk; SMT vulnerable 
           Type: spec_rstack_overflow mitigation: Safe RET 
           Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via prctl 
           Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization 
           Type: spectre_v2 mitigation: Retpolines, IBPB: conditional, STIBP: disabled, RSB 
           filling, PBRSB-eIBRS: Not affected 
           Type: srbds status: Not affected 
           Type: tsx_async_abort status: Not affected 
Graphics:  Device-1: AMD Picasso/Raven 2 [Radeon Vega Series / Radeon Vega Mobile Series] 
           vendor: ASUSTeK driver: amdgpu v: kernel bus-ID: 02:00.0 chip-ID: 1002:15d8 
           class-ID: 0300 
           Device-2: IMC Networks USB2.0 HD UVC WebCam type: USB driver: uvcvideo bus-ID: 1-6.2:6 
           chip-ID: 13d3:56dd class-ID: 0e02 serial: <filter> 
           Display: x11 server: X.Org 1.20.14 compositor: xfwm4 v: 4.18.0 driver: loaded: amdgpu 
           display-ID: :0.0 screens: 1 
           Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.0x11.2") 
           s-diag: 582mm (22.9") 
           Monitor-1: eDP res: 1920x1080 hz: 60 dpi: 142 size: 344x193mm (13.5x7.6") 
           diag: 394mm (15.5") 
           OpenGL: renderer: AMD Radeon Vega 3 Graphics (raven2 LLVM 14.0.5 DRM 3.54 
           6.6.4-1-liquorix-amd64) 
           v: 4.6 Mesa 22.0.5 direct render: Yes 
Audio:     Device-1: AMD Raven/Raven2/Fenghuang HDMI/DP Audio driver: snd_hda_intel v: kernel 
           bus-ID: 02:00.1 chip-ID: 1002:15de class-ID: 0403 
           Device-2: AMD ACP/ACP3X/ACP6x Audio Coprocessor driver: snd_pci_acp3x v: kernel 
           alternate: snd_rn_pci_acp3x,snd_pci_acp5x,snd_pci_acp6x,snd_acp_pci,snd_rpl_pci_acp6x,snd_pci_ps,snd_sof_amd_renoir,snd_sof_amd_rembrandt,snd_sof_amd_vangogh 
           bus-ID: 02:00.5 chip-ID: 1022:15e2 class-ID: 0480 
           Device-3: AMD Family 17h/19h HD Audio vendor: ASUSTeK driver: snd_hda_intel v: kernel 
           bus-ID: 02:00.6 chip-ID: 1022:15e3 class-ID: 0403 
           Device-4: Texas Instruments PCM2902 Audio Codec type: USB 
           driver: hid-generic,snd-usb-audio,usbhid bus-ID: 1-2:2 chip-ID: 08bb:2902 
           class-ID: 0300 
           Sound Server-1: ALSA v: k6.6.4-1-liquorix-amd64 running: yes 
           Sound Server-2: PulseAudio v: 14.2 running: yes 
           Sound Server-3: PipeWire v: 0.3.19 running: no 
Network:   Device-1: Intel Wireless 8265 / 8275 driver: iwlwifi v: kernel modules: wl 
           bus-ID: 01:00.0 chip-ID: 8086:24fd class-ID: 0280 
           IF: wlan0 state: up mac: <filter> 
           IF-ID-1: ipv6leakintrf0 state: unknown speed: N/A duplex: N/A mac: <filter> 
           IF-ID-2: pvpnksintrf0 state: unknown speed: N/A duplex: N/A mac: <filter> 
           IF-ID-3: tun0 state: unknown speed: 10000 Mbps duplex: full mac: N/A 
Bluetooth: Device-1: Intel Bluetooth wireless interface type: USB driver: btusb v: 0.8 
           bus-ID: 1-6.1:5 chip-ID: 8087:0a2b class-ID: e001 
           Report: hciconfig ID: hci0 rfk-id: 3 state: up address: <filter> bt-v: 2.1 lmp-v: 4.2 
           sub-v: 100 hci-v: 4.2 rev: 100 
           Info: acl-mtu: 1021:4 sco-mtu: 96:6 link-policy: rswitch hold sniff 
           link-mode: slave accept service-classes: rendering, capturing, audio 
Drives:    Local Storage: total: 119.24 GiB used: 76.47 GiB (64.1%) 
           SMART Message: Unable to run smartctl. Root privileges required. 
           ID-1: /dev/sda maj-min: 8:0 vendor: SanDisk model: SD9SN8W128G1102 size: 119.24 GiB 
           block-size: physical: 512 B logical: 512 B speed: 6.0 Gb/s type: SSD serial: <filter> 
           rev: 6002 scheme: GPT 
Partition: ID-1: / raw-size: 24 GiB size: 23.46 GiB (97.73%) used: 13.65 GiB (58.2%) fs: ext4 
           dev: /dev/sda2 maj-min: 8:2 
           ID-2: /boot/efi raw-size: 1024 MiB size: 1022 MiB (99.80%) used: 440 KiB (0.0%) 
           fs: vfat dev: /dev/sda1 maj-min: 8:1 
           ID-3: /home raw-size: 16.01 GiB size: 15.67 GiB (97.86%) used: 4.68 GiB (29.9%) 
           fs: ext4 dev: /dev/sda3 maj-min: 8:3 
           ID-4: /tmp raw-size: 4 GiB size: 3.84 GiB (96.10%) used: 19.6 MiB (0.5%) fs: ext4 
           dev: /dev/sda6 maj-min: 8:6 
Swap:      Kernel: swappiness: 15 (default 60) cache-pressure: 100 (default) 
           ID-1: swap-1 type: partition size: 2 GiB used: 0 KiB (0.0%) priority: -2 dev: /dev/sda4 
           maj-min: 8:4 
Sensors:   System Temperatures: cpu: 59.0 C mobo: N/A gpu: amdgpu temp: 58.0 C 
           Fan Speeds (RPM): cpu: 2400 
Repos:     Packages: 2530 note: see --pkg apt: 2518 lib: 1246 flatpak: 12 
           No active apt repos in: /etc/apt/sources.list 
           Active apt repos in: /etc/apt/sources.list.d/brave-browser-release.list 
           1: deb [arch=amd64] https://brave-browser-apt-release.s3.brave.com/ bullseye main
           Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list 
           1: deb http://deb.debian.org/debian bullseye-updates main contrib non-free
           Active apt repos in: /etc/apt/sources.list.d/debian.list 
           1: deb http://deb.debian.org/debian bullseye main contrib non-free
           2: deb http://security.debian.org/debian-security bullseye-security main contrib non-free
           Active apt repos in: /etc/apt/sources.list.d/google-chrome.list 
           1: deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main
           Active apt repos in: /etc/apt/sources.list.d/librewolf.list 
           1: deb [arch=amd64] http://deb.librewolf.net bullseye main
           Active apt repos in: /etc/apt/sources.list.d/megasync.list 
           1: deb [signed-by=/usr/share/keyrings/meganz-archive-keyring.gpg] https://mega.nz/linux/repo/Debian_11/ ./
           Active apt repos in: /etc/apt/sources.list.d/mx.list 
           1: deb http://mxrepo.com/mx/repo/ bullseye main non-free
           2: deb http://mxrepo.com/mx/repo/ bullseye ahs
           Active apt repos in: /etc/apt/sources.list.d/protonvpn-stable.list 
           1: deb [arch="all", signed-by=/usr/share/keyrings/protonvpn-stable-archive-keyring.gpg] https://repo.protonvpn.com/debian stable main
           Active apt repos in: /etc/apt/sources.list.d/spotify.list 
           1: deb http://repository.spotify.com stable non-free
           Active apt repos in: /etc/apt/sources.list.d/vivaldi.list 
           1: deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main
Info:      Processes: 353 Uptime: 1h 38m wakeups: 2 Memory: 9.67 GiB used: 2.84 GiB (29.4%) 
           Init: SysVinit v: 2.96 runlevel: 5 default: 5 tool: systemctl Compilers: gcc: 10.2.1 
           alt: 10 Client: shell wrapper v: 5.1.4-release inxi: 3.3.06 
Boot Mode: UEFI

My /mnt/DATA partition is approximately 85% full, 84 - 87% depending on tool.

I assume that SDM themes must be a KDE item and not an Xfce item.
Regarding your comment, "That's the only similar thing I have seen that's legit.", that seems concerning as I first noticed it while opening many SearXNG instances and also had LibRedirect operating.
Each SearXNG instance requires some trust, and each SearXNG instance has many links within, so with SearXNG having VERY roughly 20 instances, times VERY conservatively 20 links/sites within each instance, well I may have been open to
++EDIT++ 400 – 1,000 links/sites. I doubt that it would be this many as many of the instances use many of the same links/sites and I don't know that all of the links can be manipulated, or how difficult it may be to do so. END EDIT

I'm still not sure that it's not the ProtonVPN app. Maybe I'll try browsing without the ProtonVPN app or with a different browser to eliminate something.

Since the ProtonVPN app is very new (~1month), maybe I'll contact them - hint at some form of notification identification.

Still can't believe a legitimate notification doesn't include some form of self-identification.

Thanks all, and I'm still open to more suggestions if something strikes anyone.

Posted: **Sun Dec 10, 2023 1:22 pm**

MXRobo wrote: Sun Dec 10, 2023 12:54 pm

@Mauser Which one do you think is the system password dialog box?

This one you posted is the system password dialog box. https://ibb.co/7jdfL33
What is strange is that it has the option to show password and has a password saved in it which in both cases it shouldn't. That system password dialog dialog box should also state what it's requiring your authorization like mine, this is what mine looks like and yours should look the same. https://imgur.com/E2mmFHl I recommend you first disconnect from the Internet and then check to see what password it has stored by clicking show password. It should show your MX Linux administrator password. If it isn't then I would be really concerned. Only reconnect to the Internet after you turn off show password. Please report back your findings.

Posted: **Sun Dec 10, 2023 9:40 pm**

@Mauser I'm familiar with the window that you linked, definitely not that, plus it says thunar.

And yes I looked at the already filled in password a few times trying to figure out if it was related to anything that I might recognize.
It's not my user or administrative password, I doubt that it's related to my non-browser password manager as it filled with 20 characters, not it's default 16 character auto-fill.

I viewed the password while connected to the internet, but I suspect it's either malware and likely already filled with a password possibly to replace some existing password, or it's associated with newly released ProtonVPN app – but again nothing really provides anything to identify what it's related to.

Thanks for replying.

Posted: **Sun Dec 10, 2023 10:04 pm**

MXRobo wrote: Sun Dec 10, 2023 9:40 pm @Mauser I'm familiar with the window that you linked, definitely not that, plus it says thunar.

And yes I looked at the already filled in password a few times trying to figure out if it was related to anything that I might recognize.
It's not my user or administrative password, I doubt that it's related to my non-browser password manager as it filled with 20 characters, not it's default 16 character auto-fill.

I viewed the password while connected to the internet, but I suspect it's either malware and likely already filled with a password possibly to replace some existing password, or it's associated with newly released ProtonVPN app – but again nothing really provides anything to identify what it's related to.

Thanks for replying.

The reason why mine said thunar is because I was in thunar to open that box to give you an example of what the box should look like. I could of opened that in Synaptic and it would of said that, same for anything else to open that requires permission. Perhaps it's like you said it might be ProtonVPN. Strange. Nothing matches up in the log files with the precise time that box appears? The only other option is when all ideas are exhausted is to re-install MX Linux doing a full reformat which would wipe everything clean but all data will be lost unless you save only what you need to save to another drive.
Your welcome.

Posted: **Mon Dec 11, 2023 7:32 am**

MXRobo wrote: Sat Nov 25, 2023 12:49 pm I received - at least what seemed to me - to be a suspicious password window.
I've attached a link to an image: https://ibb.co/KNLvBxb

Seems a common (or better known) issue with Proton VPN.
Searched with "protonvpn popup Authentication is required",
gives quite a number of hits, including some proposed fixes.
Good luck

Posted: **Mon Dec 11, 2023 9:49 am**

Thank you @fehlix! - Stupid me, never thought to search for the error message even though I have recommended others on the forum do the same.

The only excuse I might be able to give is that the app is so new (~1 month - Nov 8th) that I didn't think I'd find much.

That's good news and reassuring!

I'll get to it later and marked as solved – if things turn out positively.

Posted: **Mon Dec 11, 2023 2:07 pm**

Looks like it's not related to the new ProtonVPN linux app only but to ProtonVPN in general.
I've generally been doing what some sites suggest anyway, re-establish connection and maybe try with another server.

My popup is very similar to this one from last year: https://github.com/ProtonVPN/linux-cli/issues/82
I should've originally done a reverse image search.

And long as I know that it's Proton and not some malware, then I'm not really too concerned and it's only happened two times in about a month,
but it would've been nice for the popup to identify itself as originating from Proton.

Now to find the cause of the "Something went wrong" popup.

Thanks everyone for replying - and fehlix for solving.

SOLVED - at least my concern of it being malware.

Posted: **Tue Apr 02, 2024 11:46 am**

I can confirm - both of the error notifications were/are from ProtonVPN.
A password is required
Something went wrong

This may require systemd, the ProtonVPN site states that systemd is required, but it does not state so in the new ProtonVPN app sections.
Instructions are not explicit, may be vague.

Stumbled upon post by D.O. asking what VPN forum members use, replies suggested that many VPNs require systemd.

I also found a section for installing in MX Linux: https://protonvpn.com/support/official- ... -mx-linux/

Later.

Posted: **Tue Apr 30, 2024 5:16 pm**

I contacted ProtonVPN with some questions – as well as stating that the communication if the error messages and instructions could be a little more explicit - and these were the responses -generally.

Are these your error messages? Possibly.

I later almost positively confirmed that they were error messages from ProtonVPN
------------------------------------------------------------------------------------------------------------

This may be my stupidity, but for clarification, I asked if the dependencies must be met because it they were not really listed in the same section as the application(s), the main one being systemd.

I received this response: "Additionally, systemd is required for our application, but while MX Linux uses sysVinit by default, systemd is also supported: https://mxlinux.org/wiki/system/systemd/"
------------------------------------------------------------------------------------------------

I asked if I should install via the newer ProtonVPN App, ?the Debian install?, or the MX Linux install because it states that the preferred method is to install the ProtonVPN App.

My actual text:

And many of the following pages could be construed to be the "starting" page, or "where to start", or "start here" page.

There is no way to determine where to start, and Proton directed us/me here.

Example, I want to test the free ProtonVPN version, and I'm using MX-Linux which uses SysVinit by default instead of systemd. Follow the links:

https://protonvpn.com/

Free VPN - We believe privacy and security are fundamental human rights,

so we also provide a: https://protonvpn.com/free-vpn/linux

Install on Linux: https://protonvpn.com/support/linux-vpn-setup/

-----------------------------------------------------------------------------------
Note: the APP does have a "report an issue" selection in the menu.

The official Proton VPN Linux app lets you protect your Linux devices with Proton VPN while controlling the VPN via an intuitive and easy-to-use graphical interface. We support the latest stable versions of the following distros. Click on a link for full setup instructions:

Debian https://protonvpn.com/support/official- ... pn-debian/

Other ways to use Proton VPN on Linux

Where possible, we strongly recommend using our official Linux app. However, there are certain situations where you may wish to use an alternative method of using Proton VPN on Linux.

Our official app is the best way to use Proton VPN on your Linux PC.

If this is the BEST way, then why does this exist? https://protonvpn.com/support/official- ... -mx-linux/

I received this response:

"We'd love to hear what you think of our customer service. Please take a moment to answer one simple question by clicking the link below:"

If you are referring to the following link https://protonvpn.com/support/official- ... -mx-linux/ please make sure to follow it in the process, however, also note that the latest v4 version of the Proton VPN app is currently supported only on Debian, Ubuntu, and Fedora distros, meaning that there is limited support that I could provide regarding any other distros available.

You can find more information about the currently supported Linux distros in the following support article: https://protonvpn.com/support/linux-vpn-setup/

Additionally, systemd is required for our application, but while MX Linux uses sysVinit by default, systemd is also supported: https://mxlinux.org/wiki/system/systemd/

Furthermore, if you experience any issues in the process, please keep utilizing the manual connection methods for your device.
We have dedicated guides which you can check through the following links: • https://protonvpn.com/support/linux-openvpn/ • https://protonvpn.com/support/wireguard-manual-linux/

If there is anything else we can help you with feel free to let us know. We are at your service at any time.

They were courteous, but didn't answer all of my questions specifically.

Infrequently, I get this message every minute and when doing certain things with the computer, it's a li (got one again) ttle annoying.

So, I'm still not sure (another msg.) if I should install the newer ProtonVPN App, the MX Linux install, the manual connection methods:
• https://protonvpn.com/support/linux-openvpn/
• https://protonvpn.com/support/wireguard-manual-linux/

I certainly like to hear how others have installed and if they had to use systemd?

FYI – I didn't find the MX-Linux installation link until months later, so there site doesn't seem overly organized.
https://protonvpn.com/free-vpn/linux
https://protonvpn.com/support/linux-vpn-setup/
https://protonvpn.com/support/official- ... pn-debian/
https://protonvpn.com/support/categorie ... and-setup/
https://protonvpn.com/support/official- ... -mx-linux/
https://protonvpn.com/support/protonvpn-setup-guide/
There are also browser extensions.

Posted: **Tue Apr 30, 2024 5:56 pm**

@MXRobo
Are you sure you want this topic marked as solved? It appears you are still having a problem. If not you can remove Solved by click the check mark again.

Posted: **Tue Apr 30, 2024 6:33 pm**

@MXRobo , I have install the ProtonVPN on 7 machines now, from their website and without seeing any issues. (non were with systemd. )

Two of these I had Proton already installed - from the MX Package installer, and just installed the GUI over it.

Posted: **Tue Apr 30, 2024 11:58 pm**

@richb
Thanks for that concerned reply.
I am aware of the solve/unsolve but - - and I suppose it is solved regarding the suspicious part because I DO know that it is the ProtonVPN popup windows.

But, I thought I might change the title to something like ProtonVPN popup windows.
I may "unsolve it" for a while, particularly if I rename the title.

@CharlesV
Regarding systemd, their site and reply threw me off a little too, yet I saw a topic by D.O. asking if people used systemd with a vpn, so I thought maybe many VPNs require systemd, yet I saw no mention of it by forum members who used ProtonVPN.

The newer Linux App, currently installed from their website, the ProtonVPN Linux Client is V. 4.3.0
In MXPI (21.3 Xfce) I see several available options, so:

Code: Select all

$ apt -a show protonvpn
Package: protonvpn
Version: 1.1.0-1
Priority: optional
Maintainer: Proton Technologies AG <opensource@proton.me>
Installed-Size: 9,216 B
Depends: proton-vpn-gnome-desktop
Conflicts: protonvpn-cli, protonvpn-gui
Breaks: python3-proton-client, python3-protonvpn-nm-lib
Replaces: protonvpn-cli, protonvpn-gui
Homepage: https://protonvpn.com/
Download-Size: 3,454 B
APT-Sources: https://repo.protonvpn.com/debian stable/main all Packages
Description: ProtonVPN metapackage
 A metapackage that installs all necessary dependencies for ProtonVPN for Linux.

Package: protonvpn
Version: 1.0.0-3
Priority: optional
Maintainer: Proton Technologies AG <opensource@proton.me>
Installed-Size: 9,216 B
Depends: protonvpn-cli, protonvpn-gui
Homepage: https://protonvpn.com/
Download-Size: 3,354 B
APT-Sources: https://repo.protonvpn.com/debian stable/main all Packages
Description: ProtonVPN metapackage
 A metapackage that installs all necessary dependencies for ProtonVPN for Linux.

Package: protonvpn
Version: 1.0.0-1
Priority: optional
Maintainer: Proton Technologies AG <opensource@proton.me>
Installed-Size: 9,216 B
Depends: protonvpn-cli, protonvpn-gui
Homepage: https://protonvpn.com/
Download-Size: 3,354 B
APT-Sources: https://repo.protonvpn.com/debian stable/main all Packages
Description: ProtonVPN metapackage
 A metapackage that installs all necessary dependencies for ProtonVPN for Linux.

Code: Select all

$ apt show protonvpn-gui
Package: protonvpn-gui
Version: 1.12.0-1
Priority: optional
Section: net
Maintainer: Proton Technologies AG <opensource@proton.me>
Installed-Size: 7,814 kB
Depends: python3-psutil, python3:any (>= 3.5~), python3-gi, python3-gi-cairo, python3-protonvpn-nm-lib, gir1.2-webkit2-4.0
Suggests: gir1.2-appindicator3-0.1, gnome-shell-extension-appindicator
Homepage: https://github.com/ProtonVPN
Download-Size: 3,173 kB
APT-Sources: https://repo.protonvpn.com/debian stable/main all Packages
Description: Proton VPN GUI (Python 3)
 Package installs official Proton VPN Graphical User Interface.

N: There are 19 additional records. Please use the '-a' switch to see them.

Code: Select all

$ apt show protonvpn-cli
Package: protonvpn-cli
Version: 3.13.0-1
Priority: optional
Section: net
Maintainer: Proton Technologies AG <opensource@proton.me>
Installed-Size: 125 kB
Depends: python3-dialog, python3:any (>= 3.5~), python3-protonvpn-nm-lib
Homepage: https://github.com/ProtonVPN
Download-Size: 28.3 kB
APT-Sources: https://repo.protonvpn.com/debian stable/main all Packages
Description: Proton VPN CLI (Python 3)
 Package installs official Proton VPN CLI.

N: There are 15 additional records. Please use the '-a' switch to see them.

I wanted to try the free version for a while to see if I wanted the paid version.

I may purge it, and start over, and I'll probably try the MX-Linux installation method, then the new App again, maybe the beta version too.

Also, for FYI, the last few months it's been OK, infrequent popups, yet today, quite frequent.
Thanks again.

MX Linux Forum

ProtonVPN Popup Pwd Windows & error msgs

ProtonVPN Popup Pwd Windows & error msgs

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window

Re: Suspicious Password Window Notification(s)

Re: Suspicious Password Window Notification(s)

Re: Suspicious Password Window Notification(s)

Re: Suspicious Password Window Notification(s)