2009/1/20 Christopher Swift <chris.r.sw...@googlemail.com>: > Bus 002 Device 002: ID 1908:1320
Via google I found http://tppl.net/cgi-bin/avantify.cgi?url=08/12/29/0155249&threshold=3 Second opinion - scanning another 1.5" photo frame (score: 3, Informative) by AYeomans (322504) <aj...@spamyeomans.org.uk> on Monday December 29, @03:58PM Here [virscan.org] is the virscan.org scan of the DPFmate.exe file on a similar photo keyring. This scans almost clean, with the only warning being "Suspicious - DNAscan" from QuickHeal. All sounds to me that the Walmart photo frame may be truly infected. Interesting to see if a re-scan gives the same results, after AV signature updates. To identify my photo frame, it has USB vendor code 1908:1320, and gives dmesg output as [ 1615.074173] scsi 2:0:0:0: CD-ROM buildwin Photo Frame 1.01 PQ: 0 ANSI: 2 [ 1615.131784] sr1: scsi3-mmc drive: 40x/40x writer cd/rw xa/form2 cdda tray [ 1615.132336] sr 2:0:0:0: Attached scsi CD-ROM sr1 [ 1615.132793] sr 2:0:0:0: Attached scsi generic sg2 type 5 [ 1618.229611] ISO 9660 Extensions: Microsoft Joliet Level 3 [ 1618.243632] ISOFS: changing to secondary root and has files on it -r-xr-xr-x 1 a root 49 2007-12-13 17:07 Autorun.inf -r-xr-xr-x 1 a root 135904 2008-07-25 11:46 DPFMate.exe -r-xr-xr-x 1 a root 1344 2008-05-19 18:53 flashlib.dat -r-xr-xr-x 1 a root 22044 2008-07-23 16:15 LanguageUnicode.ini -r-xr-xr-x 1 a root 96281 2008-06-11 16:29 MacDPFmate.zip -r-xr-xr-x 1 a root 758 2008-07-07 12:21 StartInfoUnicode.ini Hey, I always stick odd USB devices into Linux first to check them out. For background info, this photo frame does nothing when first connected. You can set it to "transfer" mode, at which point it emulates a USB CD-ROM of 304 Kbyte size. That CD image tries to autorun the DPFmate software to compress and transfer images to the device. The photos are *not* visible on the device through normal access, must have transferred them to a hidden area. I'd be interested if anyone has more info on the USB protocols used. Cheers, Al. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
