-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www.virustotal.com/analisis/22dc95c395341c679b560a7d0cf14ae4 It doesn't appear to be trojaned unlike the rest of the other installers but that doesn't help me use it properly :D. I believe this to be my dmesg output btw:
[ 7372.228059] usb 2-1: new full speed USB device using uhci_hcd and address 3 [ 7372.403909] usb 2-1: configuration #1 chosen from 1 choice [ 7372.411883] scsi6 : SCSI emulation for USB Mass Storage devices [ 7372.413269] usb-storage: device found at 3 [ 7372.413282] usb-storage: waiting for device to settle before scanning [ 7377.424647] usb-storage: device scan complete [ 7377.499171] scsi 6:0:0:0: CD-ROM buildwin Photo Frame 1.01 PQ: 0 ANSI: 2 [ 7377.506121] sr1: scsi3-mmc drive: 40x/40x writer cd/rw xa/form2 cdda tray [ 7377.506766] sr 6:0:0:0: Attached scsi CD-ROM sr1 [ 7377.507271] sr 6:0:0:0: Attached scsi generic sg2 type 5 [ 7441.446538] CE: hpet increasing min_delta_ns to 50624 nsec -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: http://getfiregpg.org iEYEARECAAYFAkl2DygACgkQYckxdhCgq46EtQCfVI/F3MLOXtmRlCNMWKDhmTC5 MPQAnRbDdw20/wY0/5Wswk/HR2XYwRWO =z8hf -----END PGP SIGNATURE----- On Tue, Jan 20, 2009 at 5:27 PM, Alan Pope <a...@popey.com> wrote: > 2009/1/20 Christopher Swift <chris.r.sw...@googlemail.com>: > > Bus 002 Device 002: ID 1908:1320 > > Via google I found > > http://tppl.net/cgi-bin/avantify.cgi?url=08/12/29/0155249&threshold=3 > > Second opinion - scanning another 1.5" photo frame (score: 3, Informative) > by AYeomans (322504) <aj...@spamyeomans.org.uk> on Monday December 29, > @03:58PM > > Here [virscan.org] is the virscan.org scan of the DPFmate.exe file on > a similar photo keyring. This scans almost clean, with the only > warning being "Suspicious - DNAscan" from QuickHeal. > All sounds to me that the Walmart photo frame may be truly infected. > Interesting to see if a re-scan gives the same results, after AV > signature updates. > To identify my photo frame, it has USB vendor code 1908:1320, and > gives dmesg output as > > [ 1615.074173] scsi 2:0:0:0: CD-ROM buildwin Photo Frame 1.01 PQ: 0 > ANSI: 2 > [ 1615.131784] sr1: scsi3-mmc drive: 40x/40x writer cd/rw xa/form2 cdda > tray > [ 1615.132336] sr 2:0:0:0: Attached scsi CD-ROM sr1 > [ 1615.132793] sr 2:0:0:0: Attached scsi generic sg2 type 5 > [ 1618.229611] ISO 9660 Extensions: Microsoft Joliet Level 3 > [ 1618.243632] ISOFS: changing to secondary root > > and has files on it > > -r-xr-xr-x 1 a root 49 2007-12-13 17:07 Autorun.inf > -r-xr-xr-x 1 a root 135904 2008-07-25 11:46 DPFMate.exe > -r-xr-xr-x 1 a root 1344 2008-05-19 18:53 flashlib.dat > -r-xr-xr-x 1 a root 22044 2008-07-23 16:15 LanguageUnicode.ini > -r-xr-xr-x 1 a root 96281 2008-06-11 16:29 MacDPFmate.zip > -r-xr-xr-x 1 a root 758 2008-07-07 12:21 StartInfoUnicode.ini > > Hey, I always stick odd USB devices into Linux first to check them out. > For background info, this photo frame does nothing when first > connected. You can set it to "transfer" mode, at which point it > emulates a USB CD-ROM of 304 Kbyte size. That CD image tries to > autorun the DPFmate software to compress and transfer images to the > device. The photos are *not* visible on the device through normal > access, must have transferred them to a hidden area. I'd be interested > if anyone has more info on the USB protocols used. > > Cheers, > Al. > > -- > ubuntu-uk@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk > https://wiki.ubuntu.com/UKTeam/ >
-- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
