So all of my files are mysteriously becoming read only

So I got online to play stellaris with a friend for a few minutes and found my steam storage drive has become all read only. I can still access the folder though.

Some of my other directories have started to become read only as well, but I can still access the files? It looks like some ransomeware started and syslinux caught it before it could do anything big, thank fuck, but now I have a bunch of my stuff under group 1002 and I can’t do shit. I installed clamAV and its running.

if you’re the only user on the system, what happens if you change the directory permissions.

sudo chown -R $USER:$USER /path/to/directory

It tells me that I am already the owner of the file system, then the permissions for the groups start and I get input/output error.

And again, all the group shit is in 1002 which means no one, absolutely no one, but whoever set 1002 can access and write or read files. Whoever set 1002 can write, but only write.

See my concern here?

At this point I’ve already decided that I am going to burn everything down and reformat I just need to save files off of the machine. CLAMAV has found 23 things so thats not gud D:


Sounds like a failing drive. May want to scan for errors.


Its doing it on all the drives though, not just one.

Make sure that’s your group.

id $USER

See if its one of the groups you belong to.

few things. what is the output of these commands

df -ha

Do you have root access still?

Yeah but I can’t get it through terminal. I have sudo, so if I do sudo thunar, and open root terminal through thunar, then I have root everything.

Its not.

Its offline and backing up the important stuff I still have access to so it’ll be fine.

Inquiry: Mind uploading those 23 flagged files so I can take a look at them?

Reads more as a permissions problem to begin with despite what ClamAV may have flagged (depending upon why they were flagged).

They were flagged because they were trojans. Like legit trojans.

Still would like to take a look at them nonetheless.

1 Like

Well everything is kinda blown away now.

1 Like

Fair enough.

Curiosity lead me to making the inquiry simply to find out how they were infected, why, and where from via a simple matter of reverse engineering them.


He doesn’t want you to know on what kind of porn site’s / downloads he got them.

@FaunCB you got lucky!


Tisk, tisk, tisk, shame, shame. :rofl:

Actually I don’t want to send them out because I don’t know what those trojan’s had stored inside of them. They obviously had something in them being 30mb or more each, I just don’t feel like giving up passwords.

1 Like

Thus, judging by the immediate context of this statement, you do in fact have said files (contrary to previous comments), yet fear what they may potentially contain in regards to data of a personal nature.

Eh… Not that I care one way or the other after writing it off as “no longer a viable option” considering I’m more of a lurker in the Community at present versus an actual help to the Majority within said Community of late. Too much going on beyond the screen here momentarily for any in depth commentation upon any number of subjects worthy of that attention.

Also a legit reason