Home / ubuntu / Questions / 1070823
Accepted
Rushabh Joshi
Asked: 2018-09-01 02:39:00 +0800 CST

Some suspicious software making request to nmcheck.gnome.org

  • 772

In the last few days, my system has started popping up an Ubuntu default web-browser and making a request to nmcheck.gnome.org website and immediately shutting off.

Since this happened, I cannot run system updates.

Also, I am a php developer and cannot run composer install or composer update

sudo apt update

software update

How can I find this script and delete it forever?

security malware 18.04

4 Answers

  1. Best Answer

    nmcheck.gnome.org is not malware. It is the gnome network manager connectivity check (for captive portals/hotspots). Click the link and you will see a single text file with a text in it. It should be "NetworkManager is online".

    Check /etc/NetworkManager/NetworkManager.conf. There probably is a section with this in it:

    [Connectivity] 
uri=http://nmcheck.gnome.org/check_network_status.txt
    • 21

  2. on Ubuntu 20.04 no [Connectivity] line like accepted answer in /etc/NetworkManager/NetworkManager.conf.

    But you can disable the auto connectivity check by:

    1. Go to Settings app
    2. Go to Privacy menu
    3. On Connectivity tab, uncheck Connectivity Checking
    • 16

  3. nmcheck.gnome.org is a host used by NetworkManager to verify that it has Internet connectivity. gnome.org is owned by the Gnome project. This is not a suspicious domain.

    nmcheck.gnome.org hosts a single file; network_status.txt, which indicates that NM is actually connected to the Internet.

    In short, nothing to worry over.

    • 9

  4. This is painful when connecting to public or free hotspots, of course until you "log on" there is no DNS so this always fails.

    It can also pop up during modem/router boots or when the wifi NIC has issues.

    If it happens at the same time every day then something is going offline or rebooting. Maybe a firmware push check.

    • 0