Earlier today to my fear and disgust I found out that I had been the "lucky" landlord of a Virus. Apparently the B****** crept in either because the Anti Virus software I am using was not fully updated. So what does a clever man do?
Luckily (hopefully) I found out while windows was booting which I aborted, so I am hoping not too much damage has been done.
On Ubuntu ClamAV is offered as both an Anti Virus Software in the personal sense as well as deamons that can be integrated into both email and HTTP (web) proxy servers in the defense of a network. This blog will concentrate on looking for and removing a virus/worm/trojan horse on a hard drive (and in this case a Windows partition)
Well as we speak I am currently screening the hard drive with ClamAV from Ubuntu as my laptop is a dual (actually triple) boot system with Windows XP and Ubuntu 9.04 Jaunty Jackalope Alpha6/Beta. (It was installed as Alpha6 but should have a Beta status, as it is updated almost daily).
So far the intruder (Trojan.Swizzor.Gen) has been found twice on the boot partition now I have to remove it, without too much damage. It might also have hid itself somewhere in the windows disguising itself from the AV-software, but I am hoping that ClamAV will get it. I hope to return to this matter with a positive report, probably tomorrow.
Update (April 16th, 7.05 am GMT+3):
The result of the scan was:
/media/ACER/i386/FONTEXT.DL_: Trojan.Swizzor.Gen FOUND
/media/ACER/WINDOWS/system32/fontext.dll: Trojan.Swizzor.Gen FOUND
/media/ACER/WINDOWS/Installer/$PatchCache$/Managed/00002119F20000000000000000F01FEC/12.0.4518/XL12CNV.EXE: W32.Virut.Gen.D-163 FOUND
/media/ACER/WINDOWS/Installer/$PatchCache$/Managed/00002119F20000000000000000F01FEC/12.0.4518/EXCEL.EXE: W32.Virut.Gen.D-163 FOUND
/media/ACER/WINDOWS/Installer/$PatchCache$/Managed/00002119F20000000000000000F01FEC/12.0.4518/VBE6.DLL: W32.Virut.Gen.D-159 FOUND
/media/ACER/WINDOWS/Installer/$PatchCache$/Managed/00002119F20000000000000000F01FEC/12.0.6215/EXCEL.EXE: W32.Virut.Gen.D-163 FOUND
/media/ACER/WINDOWS/Installer/$PatchCache$/Managed/00002119F20000000000000000F01FEC/12.0.6215/XL12CNV.EXE: W32.Virut.Gen.D-163 FOUND
/media/ACER/WINDOWS/Installer/15826ea.msp: W32.Virut.Gen.D-163 FOUND
/media/ACER/WINDOWS/Installer/15826fc.msp: W32.Virut.Gen.D-163 FOUND
/media/ACER/WINDOWS/Installer/1f3ab5.msp: W32.Virut.Gen.D-163 FOUND
/media/ACER/WINDOWS/Installer/1f3ac7.msp: W32.Virut.Gen.D-163 FOUND
/media/ACER/WINDOWS/Installer/2d377c4.msp: W32.Virut.Gen.D-163 FOUND
/media/ACER/WINDOWS/Installer/2d377d6.msp: W32.Virut.Gen.D-163 FOUND
/media/ACER/WINDOWS/Installer/a0f264.msp: W32.Virut.Gen.D-163 FOUND
/media/ACER/WINDOWS/Installer/a0f276.msp: W32.Virut.Gen.D-163 FOUND
/media/ACER/WINDOWS/$NtServicePackUninstall$/fontext.dll: Trojan.Swizzor.Gen FOUND
/media/ACER/WINDOWS/ServicePackFiles/i386/fontext.dll: Trojan.Swizzor.Gen FOUND
/media/ACER/Programmer/Microsoft Office/Office12/EXCEL.EXE: W32.Virut.Gen.D-163 FOUND
/media/ACER/Programmer/Microsoft Office/Office12/excelcnv.exe: W32.Virut.Gen.D-163 FOUND
/media/ACER/.Trash-1000/files/RESTORE/k-1-3542-4232123213-7676767-8888886/BLUE.exe: Trojan.Agent-81496 FOUND
Known viruses: 539153
Engine version: 0.95.1
Scanned directories: 12009
Scanned files: 121566
Infected files: 20
Apparently ClamAV does false positives on the Trojan.Swizzor.Gen virus. I do not know what to think but I am uploading the files to an online virus scan as we speak.
However the scan also found W32.Virut.Gen.D-163 and Trojan.Agent-81496 in my files. These are viruses. I am uploading all the files reported by ClamAV to virusscan.jotti.org to verify ClamAVs claims and to confirm if they are (a) false positive(s). An update on this will follow later.
April 15, 2009
April 07, 2009
Grabbing video off a DVD-video camera...
Having bought a DVD Video camera a little while back I now have 8 mini-DVDRWs (8 cm DVDRW discs) with recordings on. I would like to edit those into (a) DVD(s) that I could give to family and friends.
BUT. So far I have not been able to acquire the contents of these mini-DVDRWs without losing quality. As I would like to preserve my raw footage I can not ReWrite those discs and thus I am stuck with a camera with no recording ability. I could ofcourse buy more discs, but that would only postpone my problem.
So far I have looked at programs like dvd::rip, acidrip etc, but they all have the fault (for my purpose) of transcoding the video data to a lesser quality in order to save space.
I have thought about, and have done a series of .iso files to store the content of these discs but have resisted to erase them as my fear of losing an .iso file before I have had time to work on it.
Now time is working against me, as I need the discs for this easter, starting early tomorrow morning.
I need to have a look at k9copy which seems right for my purpose. I am currently running Ubuntu Jaunty Jackalope and I hope I can get a stable copy of it today, so that I can start rewriting those discs tonight.
So now (11:17 am, April 7th, 2009) I am waiting for the package-manager to download and install k9copy on my computer. I will get back to you for an update later today.
BUT. So far I have not been able to acquire the contents of these mini-DVDRWs without losing quality. As I would like to preserve my raw footage I can not ReWrite those discs and thus I am stuck with a camera with no recording ability. I could ofcourse buy more discs, but that would only postpone my problem.
So far I have looked at programs like dvd::rip, acidrip etc, but they all have the fault (for my purpose) of transcoding the video data to a lesser quality in order to save space.
I have thought about, and have done a series of .iso files to store the content of these discs but have resisted to erase them as my fear of losing an .iso file before I have had time to work on it.
Now time is working against me, as I need the discs for this easter, starting early tomorrow morning.
I need to have a look at k9copy which seems right for my purpose. I am currently running Ubuntu Jaunty Jackalope and I hope I can get a stable copy of it today, so that I can start rewriting those discs tonight.
So now (11:17 am, April 7th, 2009) I am waiting for the package-manager to download and install k9copy on my computer. I will get back to you for an update later today.
April 03, 2009
WLAN problems in Jaunty Alpha6
I decided to install the Jaunty Jackalope (the coming Ubuntu 9.04) on my laptop. So far I haven't experienced any glitches, except for my Wireless LAN.
The builtin WLAN card in the Acer TravelMate 2492 I am using is based on a Broadcom chipset. The chipset is recognised and I can download the proprietary hardware driver which seems to work - but doesn't.
I usually get a connection speed of 36-54 Mbit/s, both in Ubuntu 8.10 and Windows XP. Initially in 9.04 I get 48 and even 54 Mbit/s connection, but it quickly drops to 1 Mbit/s without any throughput. We are running WEP as the encryption (not very safe, I know - I am planning to replace it :-)
Luckily I have a D-Link N class PC-Card (DWA-645) which Ubuntu recognizes and that works perfectly and without proprietary drivers :-)
So far I have found no solutions (other than using the D-Link card). Does anyone have any pointers for me?
The builtin WLAN card in the Acer TravelMate 2492 I am using is based on a Broadcom chipset. The chipset is recognised and I can download the proprietary hardware driver which seems to work - but doesn't.
I usually get a connection speed of 36-54 Mbit/s, both in Ubuntu 8.10 and Windows XP. Initially in 9.04 I get 48 and even 54 Mbit/s connection, but it quickly drops to 1 Mbit/s without any throughput. We are running WEP as the encryption (not very safe, I know - I am planning to replace it :-)
Luckily I have a D-Link N class PC-Card (DWA-645) which Ubuntu recognizes and that works perfectly and without proprietary drivers :-)
So far I have found no solutions (other than using the D-Link card). Does anyone have any pointers for me?
Subscribe to:
Posts (Atom)