My posts to this list were apparently not reaching the list for a couple of days. This was fedora infrastructure issue 9509. It's fixed. Since the fix, I've been buried in personal business. I now have some time to get back to this problem. Prior to opening this thread, I did try digging in on my own. * I checked Firefox and Thunderbird settings to see if telemetry is disabled. They were. I just re-checked. They still are. * I ran "last" and "lastb". nothing suspicious. * I tried googling how to detect cryptominers in linux. spooky findings! One article (now I can't find it) reported some cryptominers are made to reduce the odds of being detected by doing their processing at low levels, and do their internet communication at very low and pseudo-periodic levels. That does to me look like the screen-captures that I provided links to in my initial post. I've read (now I can't find it) that some cryptominers use the GPU rather than the CPU. I don't know of a tool to monitor the GPU other than temperature and overall utilization. I found these two articles: "https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth"; "https://www.csoonline.com/article/3253572/what-is-cryptojacking-how-to-prevent-detect-and-recover-from-it.html"; I did not fully understand them, but I got the sense that I should get help and not try to tackle this on my own. Finding and removing cryptominers can be very difficult. I was asked about this system. * comcast(my ISP) connected via metal wire cable to Arris phone modem connected via ethernet cable (yellow) to the workstation tower port. * no routers. * trackball, printer, and mouse connected to the tower via USB2 cables. * HP laser printer connected via USB2 cable to the tower. But the printer is almost always powered off. * a pair of small speakers connected via metal cable to the sound card that's in the tower. * a pair of Dell 27-inch LCD monitors connected to the NVIDIA graphics card that's in the tower. That's all. A few years ago, I found numerous journal entries reporting outside attempts at logging in to my workstation from around the world. With serious help from members of this list, the firewall(?) was adjusted. I've done nothing since to change that. I understand that comcast, modem, and workstation would check in with each other from time to time, but so often as appears in ksysguard? The man page for wireshark is thousands of lines long, and the users guide that Ed pointed me to is almost 300 pages long. It will take many days for me to figure that out. I'll need someone to coach me through. Firewall tools are also unfamiliar to me. How I did what I did a few years ago are forgotten. sshd is blocked: -bash.1[~]: systemctl status sshd ● sshd.service Loaded: masked (Reason: Unit sshd.service is masked.) Active: inactive (dead) -bash.2[~]: My apologies for a couple day of silence. I will start going back through everyone's posts thoroughly, trying the quick and easy things, and responding. Then I'll do your big suggestions. This make take a few days. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
