Update: seems fixed on Linux kernel 6.0.9 / 6.1, commit 1598bfa “platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi”
TL;DR The temporary fix is either blacklist the kernel module hp_wmi
currently, or comment out codes that provides rfkill function in that module.
Recently Windows auto-updated the BIOS of my laptop HP Elitebook 865 G9 to (U82) 01.02.01 Rev.A,
then in Linux the wifi and bluetooth device keeps on and off, seems 1-2 time(s) per second,
and character ^@
of unknown source keeps being inputed, even in emergency mode
(which make it almost impossible to type in password for root, thus cannot access root shell.)
• • • >>
- 搜索关键词: Blackmoon Nidispla2.exe ssAup.exe BD17FBAC.tmp 23AD3B33.sys
事件核验情况
- 该同学自述几周前曾下载盗版翻译软件安装,后因觉不好用卸载
- 经任务管理器进程排查、360 附带的网速管理工具查看,确定 “Nidispla2.exe”, “ssAup.exe” 两未知进程在以较小流量进行网络通讯,结合已有公告确定被感染。
排查过程
- 利用“打开文件所在位置”功能进入上述两进程所在文件夹 “C:\Users\${USERNAME}\AppData\Local\Temp\BD17FBAC.tmp”(其中 “${USERNAME}” 为用户名),发现两上述进程、一伪装成桌面配置文件的程序配置文件 “desktop.ini” 、程序日志 “~1.log”。
- 利用 Process Explorer 发现 Nidispla2.exe 是 ssAup.exe 子进程,ssAup.exe 为 explorer.exe 的子进程,遂重启 explorer.exe,但发现 ssAup.exe 自行启动,遂开始查找可能自启的位置
• • • >>
template.tex
:
\begin{document}
\section{$title$}
\begin{center}
$author$
\end{center}
$body$
\end{document}
(I use \section{}
for title because it corresponds to #
in markdown.)
Markdown metadata:
---
title: 'The Title'
author:
- 'Author 1'
---
Reference: https://pandoc.org/MANUAL.html#metadata-variables