TL;DR - My 2 laptops (Dell and Lenovo) both are infected with the same bootkit/rootkit and I would love it if someone could help me fix my computers.

My **** is most definitely hacked. One is a Dell Vostro 5581: Intel Core i5 (8th gen), 16GB RAM, 256GB Toshiba NVMe SSD and the other one is a Lenovo ThinkPad X1 Extreme gen 1: Intel Core i7 (also 8th gen), 32GB RAM, 1TB Samsung NVMe SSD. Both were running GNU/Linux but I have re-installed many different OSs since I first noticed this and currently the Lenovo has no OS and the Dell has Parrot OS. Let me know if you need more info.

This malware persists after OS re-installs and after wiping the disk.

?How do I know you?? you might ask. Well, there are a few indicators of compromise. Errors during boot, different behavior during boot than what it used to do, much longer boot times, the BIOS settings page looks different, one time I got a message in the dmesg log that said something like: If you are not debugging your kernel right now then you should report this to your system administrator. One time I found a file named intel-ucode.img in which the first 5 lines were an obvious buffer overflow attempt.


Like I said, I?ve tried re-installing different operating systems, reflashing the bios (not physically yet, although I did order the little ch341a tool) re-installing all the drivers, wiping the disks, swapping the RAM and SSD from one machine into the other.

I think it?s maybe a malicious kernel module?

At this point I?m about to try compiling a kernel myself with only the necessary modules and blacklisting all other kernel modules. If that doesn?t work then I?m going to start Linux From Scratch and see I can make my own OS and see if that solves it.


I just want my computers back!