-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 <a href="http://www.virustotal.com/analisis/22dc95c395341c679b560a7d0cf14ae4">http://www.virustotal.com/analisis/22dc95c395341c679b560a7d0cf14ae4</a> It doesn't appear to be trojaned unlike the rest of the other installers but that doesn't help me use it properly :D. I believe this to be my dmesg output btw: [ 7372.228059] usb 2-1: new full speed USB device using uhci_hcd and address 3 [ 7372.403909] usb 2-1: configuration #1 chosen from 1 choice [ 7372.411883] scsi6 : SCSI emulation for USB Mass Storage devices [ 7372.413269] usb-storage: device found at 3 [ 7372.413282] usb-storage: waiting for device to settle before scanning [ 7377.424647] usb-storage: device scan complete [ 7377.499171] scsi 6:0:0:0: CD-ROM            buildwin  Photo Frame     1.01 PQ: 0 ANSI: 2 [ 7377.506121] sr1: scsi3-mmc drive: 40x/40x writer cd/rw xa/form2 cdda tray [ 7377.506766] sr 6:0:0:0: Attached scsi CD-ROM sr1 [ 7377.507271] sr 6:0:0:0: Attached scsi generic sg2 type 5 [ 7441.446538] CE: hpet increasing min_delta_ns to 50624 nsec -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: <a href="http://getfiregpg.org">http://getfiregpg.org</a> iEYEARECAAYFAkl2DygACgkQYckxdhCgq46EtQCfVI/F3MLOXtmRlCNMWKDhmTC5 MPQAnRbDdw20/wY0/5Wswk/HR2XYwRWO =z8hf -----END PGP SIGNATURE----- <div class="gmail_quote">On Tue, Jan 20, 2009 at 5:27 PM, Alan Pope <<a href="mailto:alan@popey.com">alan@popey.com</a>> wrote: <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> 2009/1/20 Christopher Swift <<a href="mailto:chris.r.swift@googlemail.com">chris.r.swift@googlemail.com</a>>: <div class="Ih2E3d">> Bus 002 Device 002: ID 1908:1320 </div>Via google I found <a href="http://tppl.net/cgi-bin/avantify.cgi?url=08/12/29/0155249&threshold=3" target="_blank">http://tppl.net/cgi-bin/avantify.cgi?url=08/12/29/0155249&threshold=3</a> Second opinion - scanning another 1.5" photo frame (score: 3, Informative) by AYeomans (322504) <<a href="mailto:ajvNO@SPAMyeomans.org.uk">ajvNO@SPAMyeomans.org.uk</a>> on Monday December 29, @03:58PM Here [<a href="http://virscan.org" target="_blank">virscan.org</a>] is the <a href="http://virscan.org" target="_blank">virscan.org</a> scan of the DPFmate.exe file on a similar photo keyring. This scans almost clean, with the only warning being "Suspicious - DNAscan" from QuickHeal. All sounds to me that the Walmart photo frame may be truly infected. Interesting to see if a re-scan gives the same results, after AV signature updates. To identify my photo frame, it has USB vendor code 1908:1320, and gives dmesg output as    [ 1615.074173] scsi 2:0:0:0: CD-ROM buildwin Photo Frame 1.01 PQ: 0 ANSI: 2    [ 1615.131784] sr1: scsi3-mmc drive: 40x/40x writer cd/rw xa/form2 cdda tray    [ 1615.132336] sr 2:0:0:0: Attached scsi CD-ROM sr1    [ 1615.132793] sr 2:0:0:0: Attached scsi generic sg2 type 5    [ 1618.229611] ISO 9660 Extensions: Microsoft Joliet Level 3    [ 1618.243632] ISOFS: changing to secondary root and has files on it    -r-xr-xr-x 1 a root 49 2007-12-13 17:07 Autorun.inf    -r-xr-xr-x 1 a root 135904 2008-07-25 11:46 DPFMate.exe    -r-xr-xr-x 1 a root 1344 2008-05-19 18:53 flashlib.dat    -r-xr-xr-x 1 a root 22044 2008-07-23 16:15 LanguageUnicode.ini    -r-xr-xr-x 1 a root 96281 2008-06-11 16:29 MacDPFmate.zip    -r-xr-xr-x 1 a root 758 2008-07-07 12:21 StartInfoUnicode.ini Hey, I always stick odd USB devices into Linux first to check them out. For background info, this photo frame does nothing when first connected. You can set it to "transfer" mode, at which point it emulates a USB CD-ROM of 304 Kbyte size. That CD image tries to autorun the DPFmate software to compress and transfer images to the device. The photos are *not* visible on the device through normal access, must have transferred them to a hidden area. I'd be interested if anyone has more info on the USB protocols used. Cheers, Al. -- <div><div></div><div class="Wj3C7c"><a href="mailto:ubuntu-uk@lists.ubuntu.com">ubuntu-uk@lists.ubuntu.com</a> <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk</a> <a href="https://wiki.ubuntu.com/UKTeam/" target="_blank">https://wiki.ubuntu.com/UKTeam/</a> </div></div></blockquote></div>