Scanning files in Virtual Windows?
#1
Posted 15 October 2007 - 02:38 PM
Register to Remove
#2
Posted 15 October 2007 - 08:15 PM
You have another interesting project here.
It is not necessary to inject any additional complications into the process.
Actually, it's best to keep it as simple and direct as possible.
What I wouldn't do...
-- I would not burn the files to CD
-- I would not transfer them via burnt CD to another machine for analysis.
-- I would not create a virtual machine to complete analysis and repair on a physical machine or even selected files.
-- I would not attempt to remove the files from their album host, nor to display them using another utility.
-- I would not be using the infected machine for internet or other application work until it is disinfected.
My reasons:
Even viruses require a "trigger" to activate.
Laying there in possibly infected files or attached to a possibly infected host application, they are inactive until "touched".
Any movement, copying, burning, transferring, saving, and or communicating to the infected files, constitutes the "touch" that is referred to above. (except as specifically instructed by a Malware Team Member)
The machine is most likely infected or at risk of infection in its system, or you would not have noticed a problem.
The machine's status needs to be evaluated and treated as it presently exists, as a whole.
What I would do....
-- I would follow the instructions, here: http://forums.whatth...ers_t34502.html
-- I would post a HJT Log for Malware Team assistance, here: http://forums.whatth...emoval_f27.html
-- I would follow through with the Malware Team's instructions until I received an "all clean" message from the Experts.
Please be patient with the Malware Team Expert volunteers.
They will respond to your post in the order in which it is received and as a Team Member becomes available to give it attention.
Best Regards
Doug
Edited by Doug, 15 October 2007 - 08:31 PM.
If you wish, you may Donate to help keep us online.
#3
Posted 15 October 2007 - 08:53 PM
http://forums.whatth...mat_t84040.html
I was advised to reformat the drive -- which is why I was going to save the photo files to CD (these photos are wedding photos, baby photos, etc. -- and I don't think they've backed up this data).
I'd like to save the files -- but am not sure of a "safe" way to do this..
[on the positive side, the couple have not made any online purchases and didn't seem to think they had much if any private info to be compromised; on the negative -- they've got another computer that's been equally "protected" (by some yahoo that apparently didn't take the time to explain that anti-virus programs need updating, etc.... I'll probably be taking a look at that one after resolving this one...]
.
Thanks for your time -- mcaren
#4
Posted 15 October 2007 - 11:49 PM
____________
If you can get those photos burned as images to CD, then a scan from a good AntiSpyware and a good AntiVirus should find any bad-guys.
I like
Sophos SAV32CLI, and MWAV free versions,
or
AVG AntiSpyware, and AVG AntiVirus free versions.
Or
the trial version of SpySweeper and the trial version of F-secure.
Those should find most anything on a CD, now that we're not looking at an infected system to deal with.
____________
But where to find the original images?
Hopefully someone with experience with Kodak will come along.
When the "slide show" was produced, there had to have been original image files (BMP TIFF PNG PSD JPEG JPG GIF images)
Kodak would have converted the format to suit their display, but would have stashed the originals somewhere as backup, unless the owners specifically selected to not save them.
Happily, it looks like Kodak uses compatibility with most common image file formats.
Run a Search for
*.jpg
or
*.bmp
or * dot (any of the following: BMP TIFF PNG PSD JPEG JPG GIF )
Maybe you'll get lucky and find the folder containing the originals.
You can then burn only that folder, and treat it with the scans per above...
Without loading them onto another system.
Just pop the disk into a machine with updated protection and run a targeted scan on the CD.
I wouldn't try to salvage the screensaver/slide show application.
The "slide show" they have used may be:SnapScreen for EasyShare to Version 5.x 1.4
found here -- http://snapscreen-fo...d.qarchive.org/
Free to try, and only $9.99 to keep.
Let us know how things work out.
Best Regards
If you wish, you may Donate to help keep us online.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users