- Oct 8, 2021
- 2
- 0
- 10
[Moderator edit to break up "wall of text". ]
OK guys since I’m on my phone there’s gonna be some typos and errors I hope you’re OK with that I can’t right from any PC currently because all of my PCs or yeah in a state where there’s no bootable device .
and I can’t make a bootable device from any of them I can make one from my android but the thing is this now where is rootkit and it even took over my router which I have a pretty decent router,
I have the latest Merlin installed I’m a post some logs so you guys can see what i I called some event logs so you guys are going to see but this is impossible.
I’ve literally reinstalled clean installed got a clean install from another PC like off-line install no Internet like everything but apparently this malware is like hidden somewhere I think in the eye even clear the sea moss jumpers and everything
but it just so persistent you keep coming back a Buddha were hirin and everything but it just so persistent you keep coming back I even made a hired boot cd, from a Mac PC which I made a virtual machine windows in Mac OS X
and Highron got infected tooth after wiping the disks clean so I’m gonna give you the logs for now I don’t have access to PC but I’m a get it later but I can start by giving out the logs to the router so you guys can see what it’s doing in the router because this is in sane
what I know is it’s creating some sort of hyper V machine on my PC because everything is coming from local host ..
I bought 380 Yi Three weeks ago and I can’t even use it because of this this has destroyed literally over 10 computers in my home and infected even phones so I really need some help I’m not complete new when I come to pieces
I have experience in cleaning now we’re using Lexus internals BrockmaThree weeks ago and I can’t even use it because of this this has destroyed literally over 10 computers in my home and infected even phones
so I really need some help I’m not complete new when I come to pieces I have experience in cleaning now we’re using shsinternals procmon.. etc..
I’m going to update this later today I’m going to get a raspberry and I’m a put up all the logs that I got on a USB stick so you guys can see I like the event because this is crazy I can’t get this off all PCs or no like in a state where they are used as paperweight…
I pasted some of the links here when u can see the date going from today to may 5th..
[Moderator comment: no edits to the logs. Note that the log dates are from May 5th ....? 9th line entry includes a reference to August 11, 2021.]
I’m returning with windows logs the only thing I know now is when it opens hirens it opens a file that’s called hiderun.exe in system32 folder and shuts down quickly
I’ve seen it open a command prompt on every w10 install but never seen what it said said… but hired I filmed in slo mo.. but more than 10 PCs running Ubuntu on some max on some.. I figured out that it takes over svchost and then becomes system.. So it’s a privilege attack but I block the default ones spooler vssadmin shadows angry Sam etc…
At this Point I’m willing to pay someone to help me get this off.. we can do like a fiver service or something.. [Not permitted per Forum Rules.]
And trust me I build my first of when I was 13 I used to do RATS and Trojans when Beast was out loooong before poison ivy..
For u who know but this is something else.. I think it’s install a bit of code in your memory.. what e mazes me is flashed my bios cmos jumped it and clean windows install and boom there like nothing..
OK guys since I’m on my phone there’s gonna be some typos and errors I hope you’re OK with that I can’t right from any PC currently because all of my PCs or yeah in a state where there’s no bootable device .
and I can’t make a bootable device from any of them I can make one from my android but the thing is this now where is rootkit and it even took over my router which I have a pretty decent router,
I have the latest Merlin installed I’m a post some logs so you guys can see what i I called some event logs so you guys are going to see but this is impossible.
I’ve literally reinstalled clean installed got a clean install from another PC like off-line install no Internet like everything but apparently this malware is like hidden somewhere I think in the eye even clear the sea moss jumpers and everything
but it just so persistent you keep coming back a Buddha were hirin and everything but it just so persistent you keep coming back I even made a hired boot cd, from a Mac PC which I made a virtual machine windows in Mac OS X
and Highron got infected tooth after wiping the disks clean so I’m gonna give you the logs for now I don’t have access to PC but I’m a get it later but I can start by giving out the logs to the router so you guys can see what it’s doing in the router because this is in sane
what I know is it’s creating some sort of hyper V machine on my PC because everything is coming from local host ..
I bought 380 Yi Three weeks ago and I can’t even use it because of this this has destroyed literally over 10 computers in my home and infected even phones so I really need some help I’m not complete new when I come to pieces
I have experience in cleaning now we’re using Lexus internals BrockmaThree weeks ago and I can’t even use it because of this this has destroyed literally over 10 computers in my home and infected even phones
so I really need some help I’m not complete new when I come to pieces I have experience in cleaning now we’re using shsinternals procmon.. etc..
I’m going to update this later today I’m going to get a raspberry and I’m a put up all the logs that I got on a USB stick so you guys can see I like the event because this is crazy I can’t get this off all PCs or no like in a state where they are used as paperweight…
I pasted some of the links here when u can see the date going from today to may 5th..
[Moderator comment: no edits to the logs. Note that the log dates are from May 5th ....? 9th line entry includes a reference to August 11, 2021.]
Oct 8 10:29:45 kernel: ACCEPT IN=br0 OUT=eth0 SRC=12.10.12.95 DST=10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=62178 DF PROTO=TCP SPT=38915 DPT=443 SEQ=2084681740 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00D04BE70000000001030307)
Oct 8 10:29:45 kernel: ACCEPT IN=br0 OUT=eth0 SRC=12.10.12.95 DST=10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=11437 DF PROTO=TCP SPT=38916 DPT=443 SEQ=748513168 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00D04C360000000001030307)
Oct 8 10:29:45 kernel: ACCEPT IN=br0 OUT=eth0 SRC=12.10.12.95 DST=10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=14207 DF PROTO=TCP SPT=38917 DPT=443 SEQ=3969678340 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00D04C740000000001030307)
May 5 07:05:04 kernel: klogd started: BusyBox v1.25.1 (2021-08-11 12:44:24 EDT)
May 5 07:05:04 kernel: Linux version 2.6.36.4brcmarm (merlin@ubuntu-dev) (gcc version 4.5.3 (Buildroot 2012.02) ) #1 SMP PREEMPT Wed Aug 11 12:45:55 EDT 2021
May 5 07:05:04 kernel: CPU: ARMv7 Processor [413fc090] revision 0 (ARMv7), cr=10c53c7f
May 5 07:05:04 kernel: CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
May 5 07:05:04 kernel: Machine: Northstar Prototype
May 5 07:05:04 kernel: Ignoring unrecognised tag 0x00000000
May 5 07:05:04 kernel: Memory policy: ECC disabled, Data cache writealloc
May 5 07:05:04 kernel: Built 1 zonelists in Zone order, mobility grouping on. Total pages: 60416
May 5 07:05:04 kernel: Kernel command line: root=/dev/mtdblock2 console=ttyS0,115200 init=/sbin/preinit earlyprintk debug
May 5 07:05:04 kernel: Memory: 255472k/255472k available, 6672k reserved, 0K highmem
May 5 07:05:04 kernel: Virtual kernel memory layout:
May 5 07:05:04 kernel: vector : 0xffff0000 - 0xffff1000 ( 4 kB)
May 5 07:05:04 kernel: fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
May 5 07:05:04 kernel: DMA : 0xf7e00000 - 0xffe00000 ( 128 MB)
May 5 07:05:04 kernel: vmalloc : 0xd0800000 - 0xf0000000 ( 504 MB)
May 5 07:05:04 kernel: lowmem : 0xc0000000 - 0xd0000000 ( 256 MB)
May 5 07:05:04 kernel: modules : 0xbf000000 - 0xc0000000 ( 16 MB)
May 5 07:05:04 kernel: .init : 0xc0008000 - 0xc003d000 ( 212 kB)
May 5 07:05:04 kernel: .text : 0xc003d000 - 0xc03ae000 (3524 kB)
May 5 07:05:04 kernel: .data : 0xc03c6000 - 0xc03e92a0 ( 141 kB)
May 5 07:05:04 kernel: External imprecise Data abort at addr=0x0, fsr=0x1c06 ignored.
May 5 07:05:04 kernel: Mount-cache hash table entries: 512
May 5 07:05:04 kernel: CPU1: Booted secondary processor
May 5 07:05:04 kernel: Found a Mxic NAND flash:
May 5 07:05:04 kernel: Total size: 128MB
May 5 07:05:04 kernel: Block size: 128KB
May 5 07:05:04 kernel: Page Size: 2048B
May 5 07:05:04 kernel: OOB Size: 64B
May 5 07:05:04 kernel: Sector size: 512B
May 5 07:05:04 kernel: Spare size: 16B
May 5 07:05:04 kernel: ECC level: 8 (8-bit)
May 5 07:05:04 kernel: Device ID: 0xc2 0xf1 0x80 0x95 0x 2 0x00
May 5 07:05:04 kernel: bio: create slab <bio-0> at 0
May 5 07:05:04 kernel: PCI: no core
May 5 07:05:04 kernel: PCI: no core
May 5 07:05:04 kernel: PCI: Fixing up bus 0
May 5 07:05:04 kernel: Force PCIE RC to GEN1 only
May 5 07:05:04 kernel: PCI: Fixing up bus 0
May 5 07:05:04 kernel: PCI: Fixing up bus 1
May 5 07:05:04 kernel: Force PCIE RC to GEN1 only
May 5 07:05:04 kernel: PCI: Fixing up bus 0
May 5 07:05:04 kernel: PCI: Fixing up bus 2
May 5 07:05:04 kernel: VFS: Disk quotas dquot_6.5.2
May 5 07:05:04 kernel: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
May 5 07:05:04 kernel: pflash: found no supported devices
May 5 07:05:04 kernel: bcmsflash: found no supported devices
May 5 07:05:04 kernel: Boot partition size = 524288(0x80000)
May 5 07:05:04 kernel: lookup_nflash_rootfs_offset: offset = 0x200000
May 5 07:05:04 kernel: nflash: squash filesystem with lzma found at block 28
May 5 07:05:04 kernel: Creating 4 MTD partitions on "nflash":
May 5 07:05:04 kernel: 0x000000000000-0x000000080000 : "boot"
May 5 07:05:04 kernel: 0x000000080000-0x000000200000 : "nvram"
May 5 07:05:04 kernel: 0x000000200000-0x000004000000 : "linux"
May 5 07:05:04 kernel: 0x00000039f788-0x000004000000 : "rootfs"
May 5 07:05:04 kernel: Registering the dns_resolver key type
May 5 07:05:04 kernel: Spare area=64 eccbytes 56, ecc bytes located at:
May 5 07:05:04 kernel: 2 3 4 5 6 7 8 9 10 11 12 13 14 15 18 19 20 21 22 23 24 25 26 27 28 29 30 31 34 35 36 37 38 39 40 41 42 43 44 45 46 47 50 51 52 53 54 55 56 57 58 59 60 61 62 63
May 5 07:05:04 kernel: Available 7 bytes at (off,len):
May 5 07:05:04 kernel: (1,1) (16,2) (32,2) (48,2) (0,0) (0,0) (0,0) (0,0)
May 5 07:05:04 kernel: Bad eraseblock 301 at 0x0000025a0000
May 5 07:05:04 kernel: Options: NO_AUTOINCR,NO_READRDY,
May 5 07:05:04 kernel: Creating 2 MTD partitions on "brcmnand":
May 5 07:05:04 kernel: 0x000004000000-0x000007ec0000 : "brcmnand"
May 5 07:05:04 kernel: 0x000007ec0000-0x000008000000 : "asus"
May 5 07:05:04 kernel: VFS: Mounted root (squashfs filesystem) readonly on device 31:3.
May 5 07:05:04 kernel: ctf: module license 'Proprietary' taints kernel.
May 5 07:05:04 kernel: Disabling lock debugging due to kernel taint
May 5 07:05:04 kernel: et_module_init: passivemode set to 0x0
May 5 07:05:04 kernel: et_module_init: txworkq set to 0x0
May 5 07:05:04 kernel: et_module_init: et_txq_thresh set to 0xce4
May 5 07:05:04 kernel: eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 6.37.14.126 (r561982)
May 5 07:05:04 kernel: et_probe: mvlan vid[0]: 0
May 5 07:05:04 kernel: et_probe: mvlan vid[1]: 0
May 5 07:05:04 kernel: et_probe: mvlan en 0
May 5 07:05:04 kernel: dpsta_init: Jun 12 2019 23:31:45 msglevel 0x1
May 5 07:05:04 kernel: wl_module_init: passivemode set to 0x0
May 5 07:05:04 kernel: wl_module_init: igs set to 0x0
May 5 07:05:04 kernel: wl_module_init: txworkq set to 0x0
May 5 07:05:04 kernel: PCI: Enabling device 0001:01:00.0 (0140 -> 0142)
May 5 07:05:04 kernel: JFFS2 notice: (46) check_node_data: wrong data CRC in data node at 0x01e62784: read 0x3475311f, calculated 0x91627eff.
May 5 07:05:04 kernel: wl0: wlc_ap_attach dynamic_ed_thresh_enable = 0
May 5 07:05:04 kernel: eth1: Broadcom BCM4360 802.11 Wireless Controller 6.37.14.126 (r561982)
May 5 07:05:04 kernel: PCI: Enabling device 0002:02:00.0 (0140 -> 0142)
May 5 07:05:04 kernel: wl1: wlc_ap_attach dynamic_ed_thresh_enable = 0
May 5 07:05:04 kernel: eth2: Broadcom BCM4360 802.11 Wireless Controller 6.37.14.126 (r561982)
May 5 07:05:04 kernel: et0: et_mvlan_netdev_event: event 16 for vlan1 mvlan_en 0
May 5 07:05:04 kernel: et0: et_mvlan_netdev_event: event 5 for vlan1 mvlan_en 0
May 5 07:05:04 kernel: et0: et_mvlan_netdev_event: event 16 for vlan2 mvlan_en 0
May 5 07:05:04 kernel: et0: et_mvlan_netdev_event: event 5 for vlan2 mvlan_en 0
May 5 07:05:05 kernel: et0: et_mvlan_netdev_event: event 13 for vlan1 mvlan_en 0
May 5 07:05:05 kernel: et0: et_mvlan_netdev_event: event 1 for vlan1 mvlan_en 0
May 5 07:05:06 lldpd[194]: cannot get ethtool link information with GLINKSETTINGS (requires 4.9+): Operation not permitted
May 5 07:05:06 lldpd[194]: cannot get ethtool link information with GSET (requires 2.6.19+): Operation not permitted
May 5 07:05:08 haveged: haveged starting up
May 5 07:05:09 syslog: wlceventd Start...
May 5 07:05:10 WAN_Connection: WAN(0) link down.
May 5 07:05:12 acsd: selected channel spec: 0x1009 (9)
May 5 07:05:12 acsd: Adjusted channel spec: 0x1009 (9)
May 5 07:05:12 acsd: selected DFS-exit channel spec: 0x1009 (9)
May 5 07:05:12 acsd: selected channel spec: 0x1009 (9)
May 5 07:05:12 acsd: Adjusted channel spec: 0x1009 (9)
May 5 07:05:12 acsd: selected channel spec: 0x1009 (9)
May 5 07:05:12 acsd: acs_set_chspec: 0x1009 (9) for reason APCS_INIT
May 5 07:05:16 acsd: selected channel spec: 0xe06a (100/80)
May 5 07:05:16 acsd: Adjusted channel spec: 0xe06a (100/80)
May 5 07:05:16 acsd: selected DFS-exit channel spec: 0xe06a (100/80)
May 5 07:05:16 acsd: selected channel spec: 0xe06a (100/80)
May 5 07:05:16 acsd: Adjusted channel spec: 0xe06a (100/80)
May 5 07:05:16 acsd: selected channel spec: 0xe06a (100/80)
May 5 07:05:16 acsd: acs_set_chspec: 0xe06a (100/80) for reason APCS_INIT
May 5 07:05:17 RT-AC68U: start httpd:80
May 5 07:05:17 jffs2: valid logs(1)
May 5 07:05:17 disk_monitor: be idle
May 5 07:05:17 hour_monitor: daemon is starting
May 5 07:05:18 httpd: Save SSL certificate...80
May 5 07:05:18 httpd: mssl_cert_key_match : PASS
May 5 07:05:18 avahi-daemon[905]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
May 5 07:05:19 httpd: Succeed to init SSL certificate...80
May 5 07:05:19 avahi-daemon[905]: Alias name "RT-AC68U" successfully established.
May 5 07:05:19 Mastiff: init
May 5 07:05:19 kernel: xhci_hcd 0000:00:0c.0: Failed to enable MSI-X
May 5 07:05:19 kernel: xhci_hcd 0000:00:0c.0: failed to allocate MSI entry
May 5 07:05:19 kernel: usb usb1: No SuperSpeed endpoint companion for config 1 interface 0 altsetting 0 ep 129: using minimum values
May 5 07:05:20 kernel: SCSI subsystem initialized
May 5 07:05:20 kernel: csw_retry 100
May 5 07:05:24 syslog: event: wl_chanspec_changed_action
May 5 07:05:24 syslog: skip event due no re
May 5 07:05:28 roamast: ROAMING Start...
May 5 07:06:25 syslog: wlceventd_proc_event(527): eth2: Auth 46:40:63:91:2B:CB, status: Successful (0), rssi:0
May 5 07:06:25 syslog: wlceventd_proc_event(556): eth2: Assoc 46:40:63:91:2B:CB, status: Successful (0), rssi:0
May 5 07:08:16 rc_service: httpd 859:notify_rc restart_wireless
May 5 07:08:20 syslog: wlceventd Start...
May 5 07:08:23 acsd: selected channel spec: 0x1003 (3)
May 5 07:08:23 acsd: Adjusted channel spec: 0x1003 (3)
May 5 07:08:23 acsd: selected DFS-exit channel spec: 0x1003 (3)
May 5 07:08:23 acsd: selected channel spec: 0x1003 (3)
May 5 07:08:23 acsd: Adjusted channel spec: 0x1003 (3)
May 5 07:08:23 acsd: selected channel spec: 0x1003 (3)
May 5 07:08:23 acsd: acs_set_chspec: 0x1003 (3) for reason APCS_INIT
May 5 07:08:27 acsd: selected channel spec: 0xe06a (100/80)
May 5 07:08:27 acsd: Adjusted channel spec: 0xe06a (100/80)
May 5 07:08:27 acsd: selected DFS-exit channel spec: 0xe06a (100/80)
May 5 07:08:27 acsd: selected channel spec: 0xe06a (100/80)
May 5 07:08:27 acsd: Adjusted channel spec: 0xe06a (100/80)
May 5 07:08:27 acsd: selected channel spec: 0xe06a (100/80)
May 5 07:08:27 acsd: acs_set_chspec: 0xe06a (100/80) for reason APCS_INIT
May 5 07:08:38 roamast: ROAMING Start...
May 5 07:09:34 syslog: wlceventd_proc_event(527): eth2: Auth 46:40:63:91:2B:CB, status: Successful (0), rssi:0
May 5 07:09:34 syslog: wlceventd_proc_event(556): eth2: Assoc 46:40:63:91:2B:CB, status: Successful (0), rssi:0
Oct 8 10:29:45 kernel: ACCEPT IN=br0 OUT=eth0 SRC=12.10.12.95 DST=10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=11437 DF PROTO=TCP SPT=38916 DPT=443 SEQ=748513168 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00D04C360000000001030307)
Oct 8 10:29:45 kernel: ACCEPT IN=br0 OUT=eth0 SRC=12.10.12.95 DST=10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=14207 DF PROTO=TCP SPT=38917 DPT=443 SEQ=3969678340 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00D04C740000000001030307)
May 5 07:05:04 kernel: klogd started: BusyBox v1.25.1 (2021-08-11 12:44:24 EDT)
May 5 07:05:04 kernel: Linux version 2.6.36.4brcmarm (merlin@ubuntu-dev) (gcc version 4.5.3 (Buildroot 2012.02) ) #1 SMP PREEMPT Wed Aug 11 12:45:55 EDT 2021
May 5 07:05:04 kernel: CPU: ARMv7 Processor [413fc090] revision 0 (ARMv7), cr=10c53c7f
May 5 07:05:04 kernel: CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
May 5 07:05:04 kernel: Machine: Northstar Prototype
May 5 07:05:04 kernel: Ignoring unrecognised tag 0x00000000
May 5 07:05:04 kernel: Memory policy: ECC disabled, Data cache writealloc
May 5 07:05:04 kernel: Built 1 zonelists in Zone order, mobility grouping on. Total pages: 60416
May 5 07:05:04 kernel: Kernel command line: root=/dev/mtdblock2 console=ttyS0,115200 init=/sbin/preinit earlyprintk debug
May 5 07:05:04 kernel: Memory: 255472k/255472k available, 6672k reserved, 0K highmem
May 5 07:05:04 kernel: Virtual kernel memory layout:
May 5 07:05:04 kernel: vector : 0xffff0000 - 0xffff1000 ( 4 kB)
May 5 07:05:04 kernel: fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
May 5 07:05:04 kernel: DMA : 0xf7e00000 - 0xffe00000 ( 128 MB)
May 5 07:05:04 kernel: vmalloc : 0xd0800000 - 0xf0000000 ( 504 MB)
May 5 07:05:04 kernel: lowmem : 0xc0000000 - 0xd0000000 ( 256 MB)
May 5 07:05:04 kernel: modules : 0xbf000000 - 0xc0000000 ( 16 MB)
May 5 07:05:04 kernel: .init : 0xc0008000 - 0xc003d000 ( 212 kB)
May 5 07:05:04 kernel: .text : 0xc003d000 - 0xc03ae000 (3524 kB)
May 5 07:05:04 kernel: .data : 0xc03c6000 - 0xc03e92a0 ( 141 kB)
May 5 07:05:04 kernel: External imprecise Data abort at addr=0x0, fsr=0x1c06 ignored.
May 5 07:05:04 kernel: Mount-cache hash table entries: 512
May 5 07:05:04 kernel: CPU1: Booted secondary processor
May 5 07:05:04 kernel: Found a Mxic NAND flash:
May 5 07:05:04 kernel: Total size: 128MB
May 5 07:05:04 kernel: Block size: 128KB
May 5 07:05:04 kernel: Page Size: 2048B
May 5 07:05:04 kernel: OOB Size: 64B
May 5 07:05:04 kernel: Sector size: 512B
May 5 07:05:04 kernel: Spare size: 16B
May 5 07:05:04 kernel: ECC level: 8 (8-bit)
May 5 07:05:04 kernel: Device ID: 0xc2 0xf1 0x80 0x95 0x 2 0x00
May 5 07:05:04 kernel: bio: create slab <bio-0> at 0
May 5 07:05:04 kernel: PCI: no core
May 5 07:05:04 kernel: PCI: no core
May 5 07:05:04 kernel: PCI: Fixing up bus 0
May 5 07:05:04 kernel: Force PCIE RC to GEN1 only
May 5 07:05:04 kernel: PCI: Fixing up bus 0
May 5 07:05:04 kernel: PCI: Fixing up bus 1
May 5 07:05:04 kernel: Force PCIE RC to GEN1 only
May 5 07:05:04 kernel: PCI: Fixing up bus 0
May 5 07:05:04 kernel: PCI: Fixing up bus 2
May 5 07:05:04 kernel: VFS: Disk quotas dquot_6.5.2
May 5 07:05:04 kernel: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
May 5 07:05:04 kernel: pflash: found no supported devices
May 5 07:05:04 kernel: bcmsflash: found no supported devices
May 5 07:05:04 kernel: Boot partition size = 524288(0x80000)
May 5 07:05:04 kernel: lookup_nflash_rootfs_offset: offset = 0x200000
May 5 07:05:04 kernel: nflash: squash filesystem with lzma found at block 28
May 5 07:05:04 kernel: Creating 4 MTD partitions on "nflash":
May 5 07:05:04 kernel: 0x000000000000-0x000000080000 : "boot"
May 5 07:05:04 kernel: 0x000000080000-0x000000200000 : "nvram"
May 5 07:05:04 kernel: 0x000000200000-0x000004000000 : "linux"
May 5 07:05:04 kernel: 0x00000039f788-0x000004000000 : "rootfs"
May 5 07:05:04 kernel: Registering the dns_resolver key type
May 5 07:05:04 kernel: Spare area=64 eccbytes 56, ecc bytes located at:
May 5 07:05:04 kernel: 2 3 4 5 6 7 8 9 10 11 12 13 14 15 18 19 20 21 22 23 24 25 26 27 28 29 30 31 34 35 36 37 38 39 40 41 42 43 44 45 46 47 50 51 52 53 54 55 56 57 58 59 60 61 62 63
May 5 07:05:04 kernel: Available 7 bytes at (off,len):
May 5 07:05:04 kernel: (1,1) (16,2) (32,2) (48,2) (0,0) (0,0) (0,0) (0,0)
May 5 07:05:04 kernel: Bad eraseblock 301 at 0x0000025a0000
May 5 07:05:04 kernel: Options: NO_AUTOINCR,NO_READRDY,
May 5 07:05:04 kernel: Creating 2 MTD partitions on "brcmnand":
May 5 07:05:04 kernel: 0x000004000000-0x000007ec0000 : "brcmnand"
May 5 07:05:04 kernel: 0x000007ec0000-0x000008000000 : "asus"
May 5 07:05:04 kernel: VFS: Mounted root (squashfs filesystem) readonly on device 31:3.
May 5 07:05:04 kernel: ctf: module license 'Proprietary' taints kernel.
May 5 07:05:04 kernel: Disabling lock debugging due to kernel taint
May 5 07:05:04 kernel: et_module_init: passivemode set to 0x0
May 5 07:05:04 kernel: et_module_init: txworkq set to 0x0
May 5 07:05:04 kernel: et_module_init: et_txq_thresh set to 0xce4
May 5 07:05:04 kernel: eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 6.37.14.126 (r561982)
May 5 07:05:04 kernel: et_probe: mvlan vid[0]: 0
May 5 07:05:04 kernel: et_probe: mvlan vid[1]: 0
May 5 07:05:04 kernel: et_probe: mvlan en 0
May 5 07:05:04 kernel: dpsta_init: Jun 12 2019 23:31:45 msglevel 0x1
May 5 07:05:04 kernel: wl_module_init: passivemode set to 0x0
May 5 07:05:04 kernel: wl_module_init: igs set to 0x0
May 5 07:05:04 kernel: wl_module_init: txworkq set to 0x0
May 5 07:05:04 kernel: PCI: Enabling device 0001:01:00.0 (0140 -> 0142)
May 5 07:05:04 kernel: JFFS2 notice: (46) check_node_data: wrong data CRC in data node at 0x01e62784: read 0x3475311f, calculated 0x91627eff.
May 5 07:05:04 kernel: wl0: wlc_ap_attach dynamic_ed_thresh_enable = 0
May 5 07:05:04 kernel: eth1: Broadcom BCM4360 802.11 Wireless Controller 6.37.14.126 (r561982)
May 5 07:05:04 kernel: PCI: Enabling device 0002:02:00.0 (0140 -> 0142)
May 5 07:05:04 kernel: wl1: wlc_ap_attach dynamic_ed_thresh_enable = 0
May 5 07:05:04 kernel: eth2: Broadcom BCM4360 802.11 Wireless Controller 6.37.14.126 (r561982)
May 5 07:05:04 kernel: et0: et_mvlan_netdev_event: event 16 for vlan1 mvlan_en 0
May 5 07:05:04 kernel: et0: et_mvlan_netdev_event: event 5 for vlan1 mvlan_en 0
May 5 07:05:04 kernel: et0: et_mvlan_netdev_event: event 16 for vlan2 mvlan_en 0
May 5 07:05:04 kernel: et0: et_mvlan_netdev_event: event 5 for vlan2 mvlan_en 0
May 5 07:05:05 kernel: et0: et_mvlan_netdev_event: event 13 for vlan1 mvlan_en 0
May 5 07:05:05 kernel: et0: et_mvlan_netdev_event: event 1 for vlan1 mvlan_en 0
May 5 07:05:06 lldpd[194]: cannot get ethtool link information with GLINKSETTINGS (requires 4.9+): Operation not permitted
May 5 07:05:06 lldpd[194]: cannot get ethtool link information with GSET (requires 2.6.19+): Operation not permitted
May 5 07:05:08 haveged: haveged starting up
May 5 07:05:09 syslog: wlceventd Start...
May 5 07:05:10 WAN_Connection: WAN(0) link down.
May 5 07:05:12 acsd: selected channel spec: 0x1009 (9)
May 5 07:05:12 acsd: Adjusted channel spec: 0x1009 (9)
May 5 07:05:12 acsd: selected DFS-exit channel spec: 0x1009 (9)
May 5 07:05:12 acsd: selected channel spec: 0x1009 (9)
May 5 07:05:12 acsd: Adjusted channel spec: 0x1009 (9)
May 5 07:05:12 acsd: selected channel spec: 0x1009 (9)
May 5 07:05:12 acsd: acs_set_chspec: 0x1009 (9) for reason APCS_INIT
May 5 07:05:16 acsd: selected channel spec: 0xe06a (100/80)
May 5 07:05:16 acsd: Adjusted channel spec: 0xe06a (100/80)
May 5 07:05:16 acsd: selected DFS-exit channel spec: 0xe06a (100/80)
May 5 07:05:16 acsd: selected channel spec: 0xe06a (100/80)
May 5 07:05:16 acsd: Adjusted channel spec: 0xe06a (100/80)
May 5 07:05:16 acsd: selected channel spec: 0xe06a (100/80)
May 5 07:05:16 acsd: acs_set_chspec: 0xe06a (100/80) for reason APCS_INIT
May 5 07:05:17 RT-AC68U: start httpd:80
May 5 07:05:17 jffs2: valid logs(1)
May 5 07:05:17 disk_monitor: be idle
May 5 07:05:17 hour_monitor: daemon is starting
May 5 07:05:18 httpd: Save SSL certificate...80
May 5 07:05:18 httpd: mssl_cert_key_match : PASS
May 5 07:05:18 avahi-daemon[905]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
May 5 07:05:19 httpd: Succeed to init SSL certificate...80
May 5 07:05:19 avahi-daemon[905]: Alias name "RT-AC68U" successfully established.
May 5 07:05:19 Mastiff: init
May 5 07:05:19 kernel: xhci_hcd 0000:00:0c.0: Failed to enable MSI-X
May 5 07:05:19 kernel: xhci_hcd 0000:00:0c.0: failed to allocate MSI entry
May 5 07:05:19 kernel: usb usb1: No SuperSpeed endpoint companion for config 1 interface 0 altsetting 0 ep 129: using minimum values
May 5 07:05:20 kernel: SCSI subsystem initialized
May 5 07:05:20 kernel: csw_retry 100
May 5 07:05:24 syslog: event: wl_chanspec_changed_action
May 5 07:05:24 syslog: skip event due no re
May 5 07:05:28 roamast: ROAMING Start...
May 5 07:06:25 syslog: wlceventd_proc_event(527): eth2: Auth 46:40:63:91:2B:CB, status: Successful (0), rssi:0
May 5 07:06:25 syslog: wlceventd_proc_event(556): eth2: Assoc 46:40:63:91:2B:CB, status: Successful (0), rssi:0
May 5 07:08:16 rc_service: httpd 859:notify_rc restart_wireless
May 5 07:08:20 syslog: wlceventd Start...
May 5 07:08:23 acsd: selected channel spec: 0x1003 (3)
May 5 07:08:23 acsd: Adjusted channel spec: 0x1003 (3)
May 5 07:08:23 acsd: selected DFS-exit channel spec: 0x1003 (3)
May 5 07:08:23 acsd: selected channel spec: 0x1003 (3)
May 5 07:08:23 acsd: Adjusted channel spec: 0x1003 (3)
May 5 07:08:23 acsd: selected channel spec: 0x1003 (3)
May 5 07:08:23 acsd: acs_set_chspec: 0x1003 (3) for reason APCS_INIT
May 5 07:08:27 acsd: selected channel spec: 0xe06a (100/80)
May 5 07:08:27 acsd: Adjusted channel spec: 0xe06a (100/80)
May 5 07:08:27 acsd: selected DFS-exit channel spec: 0xe06a (100/80)
May 5 07:08:27 acsd: selected channel spec: 0xe06a (100/80)
May 5 07:08:27 acsd: Adjusted channel spec: 0xe06a (100/80)
May 5 07:08:27 acsd: selected channel spec: 0xe06a (100/80)
May 5 07:08:27 acsd: acs_set_chspec: 0xe06a (100/80) for reason APCS_INIT
May 5 07:08:38 roamast: ROAMING Start...
May 5 07:09:34 syslog: wlceventd_proc_event(527): eth2: Auth 46:40:63:91:2B:CB, status: Successful (0), rssi:0
May 5 07:09:34 syslog: wlceventd_proc_event(556): eth2: Assoc 46:40:63:91:2B:CB, status: Successful (0), rssi:0
I’ve seen it open a command prompt on every w10 install but never seen what it said said… but hired I filmed in slo mo.. but more than 10 PCs running Ubuntu on some max on some.. I figured out that it takes over svchost and then becomes system.. So it’s a privilege attack but I block the default ones spooler vssadmin shadows angry Sam etc…
And trust me I build my first of when I was 13 I used to do RATS and Trojans when Beast was out loooong before poison ivy..
For u who know but this is something else.. I think it’s install a bit of code in your memory.. what e mazes me is flashed my bios cmos jumped it and clean windows install and boom there like nothing..
Last edited by a moderator:
Facebook
Twitter
Instagram