WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Scanning files in Virtual Windows?
Started by
mcaren
, Oct 15 2007 02:38 PM
3 replies to this topic
#1
mcaren
-
- Authentic Member
-
- 10 posts
New Member
Posted 15 October 2007 - 02:38 PM
Register to Remove
#2
Doug
-
- Tech Team
-
- 10,057 posts
Retired Administrator -Tech Team
Posted 15 October 2007 - 08:15 PM
Hi Mcaren,
You have another interesting project here.
It is not necessary to inject any additional complications into the process.
Actually, it's best to keep it as simple and direct as possible.
What I wouldn't do...
-- I would not burn the files to CD
-- I would not transfer them via burnt CD to another machine for analysis.
-- I would not create a virtual machine to complete analysis and repair on a physical machine or even selected files.
-- I would not attempt to remove the files from their album host, nor to display them using another utility.
-- I would not be using the infected machine for internet or other application work until it is disinfected.
My reasons:
Even viruses require a "trigger" to activate.
Laying there in possibly infected files or attached to a possibly infected host application, they are inactive until "touched".
Any movement, copying, burning, transferring, saving, and or communicating to the infected files, constitutes the "touch" that is referred to above. (except as specifically instructed by a Malware Team Member)
The machine is most likely infected or at risk of infection in its system, or you would not have noticed a problem.
The machine's status needs to be evaluated and treated as it presently exists, as a whole.
What I would do....
-- I would follow the instructions, here: http://forums.whatth...ers_t34502.html
-- I would post a HJT Log for Malware Team assistance, here: http://forums.whatth...emoval_f27.html
-- I would follow through with the Malware Team's instructions until I received an "all clean" message from the Experts.
Please be patient with the Malware Team Expert volunteers.
They will respond to your post in the order in which it is received and as a Team Member becomes available to give it attention.
Best Regards
Doug
You have another interesting project here.
It is not necessary to inject any additional complications into the process.
Actually, it's best to keep it as simple and direct as possible.
What I wouldn't do...
-- I would not burn the files to CD
-- I would not transfer them via burnt CD to another machine for analysis.
-- I would not create a virtual machine to complete analysis and repair on a physical machine or even selected files.
-- I would not attempt to remove the files from their album host, nor to display them using another utility.
-- I would not be using the infected machine for internet or other application work until it is disinfected.
My reasons:
Even viruses require a "trigger" to activate.
Laying there in possibly infected files or attached to a possibly infected host application, they are inactive until "touched".
Any movement, copying, burning, transferring, saving, and or communicating to the infected files, constitutes the "touch" that is referred to above. (except as specifically instructed by a Malware Team Member)
The machine is most likely infected or at risk of infection in its system, or you would not have noticed a problem.
The machine's status needs to be evaluated and treated as it presently exists, as a whole.
What I would do....
-- I would follow the instructions, here: http://forums.whatth...ers_t34502.html
-- I would post a HJT Log for Malware Team assistance, here: http://forums.whatth...emoval_f27.html
-- I would follow through with the Malware Team's instructions until I received an "all clean" message from the Experts.
Please be patient with the Malware Team Expert volunteers.
They will respond to your post in the order in which it is received and as a Team Member becomes available to give it attention.
Best Regards
Doug
Edited by Doug, 15 October 2007 - 08:31 PM.
The help you receive here is free.
If you wish, you may Donate to help keep us online.
If you wish, you may Donate to help keep us online.
#3
mcaren
-
- Authentic Member
-
- 10 posts
New Member
Posted 15 October 2007 - 08:53 PM
Thanks Doug -- actually, I've already posted a HijackThis log for the machine in question and received advice from Blade81.
http://forums.whatth...mat_t84040.html
I was advised to reformat the drive -- which is why I was going to save the photo files to CD (these photos are wedding photos, baby photos, etc. -- and I don't think they've backed up this data).
I'd like to save the files -- but am not sure of a "safe" way to do this..
[on the positive side, the couple have not made any online purchases and didn't seem to think they had much if any private info to be compromised; on the negative -- they've got another computer that's been equally "protected" (by some yahoo that apparently didn't take the time to explain that anti-virus programs need updating, etc.... I'll probably be taking a look at that one after resolving this one...]
.
Thanks for your time -- mcaren
http://forums.whatth...mat_t84040.html
I was advised to reformat the drive -- which is why I was going to save the photo files to CD (these photos are wedding photos, baby photos, etc. -- and I don't think they've backed up this data).
I'd like to save the files -- but am not sure of a "safe" way to do this..
[on the positive side, the couple have not made any online purchases and didn't seem to think they had much if any private info to be compromised; on the negative -- they've got another computer that's been equally "protected" (by some yahoo that apparently didn't take the time to explain that anti-virus programs need updating, etc.... I'll probably be taking a look at that one after resolving this one...]
.
Thanks for your time -- mcaren
#4
Doug
-
- Tech Team
-
- 10,057 posts
Retired Administrator -Tech Team
Posted 15 October 2007 - 11:49 PM
OK, so now you've narrowed the scope a bit.
____________
If you can get those photos burned as images to CD, then a scan from a good AntiSpyware and a good AntiVirus should find any bad-guys.
I like
Sophos SAV32CLI, and MWAV free versions,
or
AVG AntiSpyware, and AVG AntiVirus free versions.
Or
the trial version of SpySweeper and the trial version of F-secure.
Those should find most anything on a CD, now that we're not looking at an infected system to deal with.
____________
But where to find the original images?
Hopefully someone with experience with Kodak will come along.
When the "slide show" was produced, there had to have been original image files (BMP TIFF PNG PSD JPEG JPG GIF images)
Kodak would have converted the format to suit their display, but would have stashed the originals somewhere as backup, unless the owners specifically selected to not save them.
Happily, it looks like Kodak uses compatibility with most common image file formats.
Run a Search for
*.jpg
or
*.bmp
or * dot (any of the following: BMP TIFF PNG PSD JPEG JPG GIF )
Maybe you'll get lucky and find the folder containing the originals.
You can then burn only that folder, and treat it with the scans per above...
Without loading them onto another system.
Just pop the disk into a machine with updated protection and run a targeted scan on the CD.
I wouldn't try to salvage the screensaver/slide show application.
The "slide show" they have used may be:SnapScreen for EasyShare to Version 5.x 1.4
found here -- http://snapscreen-fo...d.qarchive.org/
Free to try, and only $9.99 to keep.
Let us know how things work out.
Best Regards
____________
If you can get those photos burned as images to CD, then a scan from a good AntiSpyware and a good AntiVirus should find any bad-guys.
I like
Sophos SAV32CLI, and MWAV free versions,
or
AVG AntiSpyware, and AVG AntiVirus free versions.
Or
the trial version of SpySweeper and the trial version of F-secure.
Those should find most anything on a CD, now that we're not looking at an infected system to deal with.
____________
But where to find the original images?
Hopefully someone with experience with Kodak will come along.
When the "slide show" was produced, there had to have been original image files (BMP TIFF PNG PSD JPEG JPG GIF images)
Kodak would have converted the format to suit their display, but would have stashed the originals somewhere as backup, unless the owners specifically selected to not save them.
Happily, it looks like Kodak uses compatibility with most common image file formats.
Run a Search for
*.jpg
or
*.bmp
or * dot (any of the following: BMP TIFF PNG PSD JPEG JPG GIF )
Maybe you'll get lucky and find the folder containing the originals.
You can then burn only that folder, and treat it with the scans per above...
Without loading them onto another system.
Just pop the disk into a machine with updated protection and run a targeted scan on the CD.
I wouldn't try to salvage the screensaver/slide show application.
The "slide show" they have used may be:SnapScreen for EasyShare to Version 5.x 1.4
found here -- http://snapscreen-fo...d.qarchive.org/
Free to try, and only $9.99 to keep.
Let us know how things work out.
Best Regards
The help you receive here is free.
If you wish, you may Donate to help keep us online.
If you wish, you may Donate to help keep us online.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
