• Unknown User Names in Log-in Screen List?


    Hi. I need some guidance with a strange/unnerving occurrence please.

    I logged out of my session to restart the desktop after some updates (Libre Office and a few others) and my log-in name was missing, so I clicked to enter it and there was a list of unknown user names:

    Pictures: http://imgur.com/a/bTumB

    Also my xfce session was not in the list but TWM and TinyWM were (see second picture).

    I restarted my computer and everything was back to normal and the unknown user names and desktops were gone.

    Is this something I should worry about in regards to my machine being compromised in some way?

    I’m posting for now from my back-up Ubuntu partition as I’m a bit concerned about what happened with my Antergos.

    Thoughts? guidance? :confused:

  • I’m sorry I can not help you. The problem is a bit strange, I do not want to worry you but it can be a kind of rasomware. Rare in Linux. I hope other people can help you.

    Aprendiendo que no es poco

  • @blinky do you have enabled remote login in some way? what is the DM you are using?
    Are you using public internet somwhere like inside university campus?
    Do you have tinyWM installed?

    It is possible that someone try to login remotly but as i think this will need a serious bad guy to do so…
    It can be simple also a failure from the DM you are using.

    [updates once a week] = [90% less problems]
    [Li{u}n//u//{i}x] since 1988 - overcoming failure means success
    http://kamprad.net/howto-installing-antergos/
    how to add system logs

  • @joekamprad Thanks for taking the time to respond.

    I have not enable remote log-in to my knowledge.

    I am using a lightdm with the alternate antergos theme from the repo. I have been having trouble with the log-in screen being blank since way back when other users had posted a similar problem in the forums (but I hit “enter” it loads the fallback).

    This is a desktop at home (an apartment) with a wired connection

    I did NOT install TWN or TinyWM and I am the only user.

    The firewall is on

    I have been having trouble recently, like within the past week with the mouse clicks not registering and the whole system freezing and other general weirdness like having to click outside a confirmation box to get the button to work, like it’s not in focus, though it appears that it is.

    I don’t really do any risky behavior. The most risky thing is probably downloading pics for making wallpapers.

    I do have to admit though I’ve had the thought cross my mind over the past week if maybe I picked up malware in some way with the problems of crashing, Internet slowness, and clicks not registering etc. but being this is Linux most likely not.

    Edit: It was really just a fluke I saw these names as there was an update to Libre Office and I was wanting to use it so I thought I would log-out to make sure the updates were applied before I started and that’s when I ran into this strange problem.

  • The names look like Tumblr users…

    Aprendiendo que no es poco

  • It is not “Ransomeware”! :gun:

    Ransomware is a type of malicious software that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.

    What you encountered is most likely what is known as an “Easter Egg”. :egg: Something programmers have fun with. An Easter egg will pop up when just the right conditions are met, which could be anything; a sequence of key strokes, starting a few applications in a pre defined order… You can tell by the silly names. An Easter egg can be an animated image, sounds or any kind of shenanigans. They are most common in games, but they can be anywhere. They are not dangerous. Sometimes doing exactly what you did to set it off, will do it again, but sometimes they disappear once activated, never to return again.

    The flazzum you spizz, the zoider you splat!

  • i just searched for 2 of the login names and found this (check the second option) https://duckduckgo.com/?q=basileusalex+napoleonib+archlinux&t=opera&ia=images

    the page won’t load but you can check the author https://github.com/CytoDev/
    and that there is a "LightDMMock"
    Maybe you replaced the lightdm or the greater for one in the AUR?

    Antergos (default OS) - WIN10 (abandoned)
    I3wm - Mate desktop
    AMD - A4 7300 Radeon graphics
    16 GB ram
    HD 1 TB
    Linux newbie since 06/2016

  • @Zoidmo said in Unknown User Names in Log-in Screen List?:

    Ransomeware

    I know what is rasomware and there are many types and variations (Viruses, Worms, Trojans, Shadyware, PUPs, Adware and Keyloggers, RAM Scrapers, Botnets, Backdoors,…). It’s not rasonware, it may be, but neither is it an Easter egg. (The pistol is not necessary or is that you believe it is in the wild west?).

    Aprendiendo que no es poco

  • @Velkerk There is no such thing as rasonware! It is “Ransomware”

    ***ran·som
    ˈransəm/

    a sum of money or other payment demanded or paid for the release of a prisoner.
    synonyms: payoff, payment, sum, price
    "they demanded a huge ransom"
    the holding or freeing of a prisoner in return for payment of ransom.
    “the capture and ransom of the king”***

    That’s why I used the gun, kidnappers do it for ransom. Its a crime, criminals use guns!

    Ransomware is not malicious in and of itself like viruses… but if you don’t pay to release your data, or give access to your computer back to you, then they can destroy it, or release incriminating evidence of a crime you have committed that you have or had stored on your computer to the public or authorities.

    Has anyone tried to force you to pay money to be able to logon to your computer? No. Did they encrypt your files and ask for money to get the encryption key? No. Has it destroyed your files… No, It just popped up a bunch of silly names, so it is most likely an Easter egg!

    You don’t have to take my word for it, you can always search google for “ransomware”, and “Easter egg in computing”.

    The flazzum you spizz, the zoider you splat!

  • Ok, in Spanish the term ransonware is also used (although it is not correct)

    Aprendiendo que no es poco

  • rescate

    redimir, emancipar, rescatar

    The flazzum you spizz, the zoider you splat!

  • I Traveled (hitchhiked) from Germany through Switzerland, France and Spain to Africa (Tarifa, not Gibraltar) in 1979, I had a blast in Barcelona! Never learned much Spanish though.

    The flazzum you spizz, the zoider you splat!

  • Hey guys, I want to thank for your thoughts and taking the time to help.

    I don’t think it was ransom ware. I scanned with the clam and nothing turned up plus no lock screen or anything.

    My main concern was someone remotely logging in watching, logging my passwords and such.

    I try to be careful what and how I do things online and seeing that list of names and the low resource desktops installed ( like they were trying to be inconspicuous ), really kinda freaked me out.

    So I don’t think I would be comfortable with using it again, which means reinstall (and reset everything again… sigh) or try something else.

    I haven’t decided yet.

    I have some other things going on right now, so I’m just using my Ubuntu backup partition again for now.

    Thanks again for the input.

    Mr Mod., you may mark this and solved,

    as,

    I’m gonna nuke it from orbit. It’s the only way to be sure.

    Regards. :slight_smile:

  • @fernandomaroto So those developers added code, so their usernames would pop up depending on a sequence of actions = Easter egg! since “The LightDMMock project is tightly based on the source C code of Antergos’ lightdm-webkit2-greeter”, then it makes sense, and you may be right, or it may be possible that he or they worked on the original Antergos greeter. I am not an insider, so I wouldn’t know that either way.

    So I would have to make an educated guess that it is in fact just a harmless Easter Egg, which was put there for fun. If it does involve some malicious code, then putting in their real user names would be a sure fire way to ensure that they get caught, and they would have to be pretty stupid to do that considering the possible consequences. In some countries you can go to jail for that.

    @blinky could isolate his personal data, or back it up to be safe, add some dummy files and folders, and run it for a while, just to see if something malicious does take place, as well as try to retrace his steps and find out just what sequence of events triggers it, if it has not been deactivated or auto destructed itself.

    Either way sounds like a mystery someone with the skills would love to crack.

    I have never run into an Easter egg myself by accident, but have read about them, and some were well documented once people figured out how to trigger them. In Microsoft products there were quite a few, that were put in with Bill Gates blessings. If you followed the steps correctly to invoke one, you could see them in action. One was animated and even had music. There was one on early mac pc’s that ran a funny Apple advertisement… It is very common to list developer and project team members handles.

    I have been messing with computers since 1978 (hardware side) and they are just a way of saying: “Hello world, we made this”.

    The flazzum you spizz, the zoider you splat!

  • So now this has me wondering… does anyone know of any Easter Eggs in Antergos, put there by the @developers?

    Thanks!

    Keep trying, never give up. In the end, you will find that it was all worth it

    Just have some relatives over. Be back in about a week

    Community ISO: https://antergoscommunityeditions.wordpress.com
    Linux Basics: https://linuxbasicssite.wordpress.com

  • It’s for them to know and us to find out!

    The flazzum you spizz, the zoider you splat!

  • I think it may be a good Idea for developers to include more of them!

    Imagine, a message pops up with penguins dancing on the screen and music in the background:

    “Congratulations: You successfully configured libglipedyglop to ungoop the gop! A very rare but powerful lib indeed! You have won an Antergos T-Shirt…”

    Now that would be cool!

    The flazzum you spizz, the zoider you splat!

  • @Zoidmo said in Unknown User Names in Log-in Screen List?:

    Now that would be cool!

    hehehe…

    Keep trying, never give up. In the end, you will find that it was all worth it

    Just have some relatives over. Be back in about a week

    Community ISO: https://antergoscommunityeditions.wordpress.com
    Linux Basics: https://linuxbasicssite.wordpress.com

  • I don’t know about all that easter egg business.

    All I did was log out and they were there nothing special.

    To me it was just creepy and it doesn’t explain the two desktop environments that I didn’t install nor the fact my main desktop (xfce) isn’t even in the list to log into so I HAD to restart the machine.

    I just wish it hadn’t happened to me.

  • typing “last” inside terminal to see login history ;)

    [updates once a week] = [90% less problems]
    [Li{u}n//u//{i}x] since 1988 - overcoming failure means success
    http://kamprad.net/howto-installing-antergos/
    how to add system logs

Posts 22Views 417
Log in to reply