Virus / malware stored inside database

I have a small network of several Windows 10 machines (all protected by BitDefender 2020 Total Security), one of which acts as server with Firebird database.

For some time the database is deteriorating – in some random records some fields have altered values. I completly changed the server machine for a brand new with fresh Windows 10 installation and antivirus, on which the database was recreated from GBK archive. The primary machine was carefully check for RAM errors (with MemTest86) and SSD errors (CrystalDiskInfo and ADATA SSD ToolBox) – everything was in 100% fine.

I don’t have no suspicions other than that the server was hacked, but it looks like an alleged malware / virus must move inside database (even packed GBK archive), because only GBK file was moved to new machine (on verified pendrive).

Is it even possible that the virus is stored inside the database (e.g. in the form of stored procedures, etc.) and it transfers with GBK archive? If so, how to detect and remove it from database?

(Firebird database is stored in the form of single FDB file, which was scanned by BitDefender without any results)

Time taken by virus to reach all nodes

Given a connected graph, with weighted edges, a virus starts from a given node. It takes x seconds for the virus to travel from a node to one of its neighbours where x is directly proportional to the weight of the edge.

If you are allowed to remove one edge from this graph in order to maximize the ammount of time it takes for the virus to infect all the nodes. How to find this edge?

I could come up with an O($ n^2$ ) solution to remove every edge one by one and then run BFS to find out the time it takes for the virus to infect every node. Is there a better solution in terms of time complexity?

“Life is not easy.” Linux virus : what to do next?


Context

I found out my Linux server was infected.

Symptoms were : 100% CPU usage when idle, slow download speed, iptables rules keeps growing.

After finding the processes, killing it and all the possible ways it setup to restart again, I’m back with a normal-looking server (no symptoms).

I used this blogpost (in chinese) instructions to clean the system.


In the process of cleaning the system, I could save the script used by the hacker. It is available here : https://gist.github.com/Colanim/0c7d71b90893a54c731de4e328585e9f

Question

I can’t fully understand this virus script, but it seems bad enough (scanning intranet ? Downloading weird files from weird domain ? Modifying iptables secretly ?). My question is : what should be my next steps ?

I have data on this server I need to keep.

Is the virus very bad and I should just wipe everything ? Is it ok to save the data and just do a clean Linux install ? Or if the virus is not that bad, can I keep my server in the current state ? (system seems clean, no symptoms anymore)

Should the passwords used in the server be considered leaked ? Or it’s fine because anyway it’s hashed ?

Internet stalling every 5 mins. Suspect virus

I have a question actually.. my internet slows down every 5 mins… x: 03 08 13 18 23 28 33 38 and so on, on any hour any day. I have a feeling it’s a virus capturing data off my rig. I"m not freaked out , but i wanna know how to chase the problem without deleting and reinstalling my rig. And what i mean by slow down is i will get no bandwidth for that min… Youtube/imgur anything will stop in it’s tracks and go again at minutes later. Only programs that do enough precaching elude it… but if i’m watching any high end streaming it needs to catch up at those times. I’m more curious then frustrated how this is happening and where i can look to get rid of it. Fibe tv internet 500upload 500 download .

Porbable virus in Windows 10

I have a windows 10 machine with AVG Free antivirus. Lately everytime I boot the machine up as soon as it gets to the desktop Chrome opens up on its own with a suspicios add to download stuff I do not need and a pop up to enable notifications from that site.

I ran several full scans and today a boot scan but I am unable to get rid of this.

What do you guys recommend?

Can the headphone or earbud (Bluetooth or wired) transmit malicious code, virus, Trojan or any kind of malware from computer to computer?

I have an old computer and I am sure it has Trojan or malicious code but after that i bought new one the problem is i did not change my old headphone that used in my old computer and i plugged it in the new computer so are there any problem to use my old headphone ? and thank you