thanks fedora

Tanmoy Chatterjee tachchot007 at gmail.com
Fri Sep 24 18:28:21 UTC 2010 

On Fri, Sep 24, 2010 at 3:03 AM, Robert Holtzman <holtzm at cox.net> wrote:
> On Thu, Sep 23, 2010 at 08:53:23PM +0530, Tanmoy Chatterjee wrote:
>> On Thu, Sep 23, 2010 at 3:30 AM, Robert Holtzman <holtzm at cox.net> wrote:
>
>            ........snip......
>>This makes me think that the hidden process might be
>> some kind of virus as there is no operation pending with the PD to my
>> knowledge.
>
> Does the output of "ps aux" indicate anything?

"root      8597  0.0  0.0      0     0 ?        S<   21:50   0:00 [scsi_eh_4]
root      8598  0.0  0.0      0     0 ?        S<   21:50   0:00 [usb-storage]
root      8637  0.0  0.1   5180  1788 ?        S    21:50   0:00
hald-addon-storage: polling /dev/sdb (every 2 sec)" - this is the ps
aux output and /dev/sdb is the PD.

>
>
> Does your PD have more than one partition? If so, I'm told (if I
> understood it right), "unmount" will not unmount all partitions which
> would account for the light staying on. "Safely Remove....." will. Also,
> all the pen drives I have used only display a light when they are being
> read or written to. Not constant.
My PD has only a single partition and it displays a constant light.
Two things I noted today - in Fedora: clicking /Places/Computer shows
the file systems including the PD. Here right clicking the PD icon
will come with 2 option one is 'eject(=unmount)' and the other is
'safely remove'. Selecting eject will just unmount the volume from
file system or /home but /Places/Computer will still keep displaying
the PD icon. But selection of 'safely remove' option makes the PD icon
disappear from /Places/Computer too.

In Ubuntu: they don't have the 2nd option only 'unmount volume' option
is available. So, selecting that option only unmount the PD from /home
but the icon remains in the /Places/Computer folder. Here if you want
to remove the PD manually from the USB port, you have to do so with
the icon still appearing in /Places/Computer folder.
>
> Out of curiosity, what kind of files did clamav find infected? Mail
> files? Personal data files? System files? Configuration files?
"/media/xyz/xrdygg.bat: Trojan.Crypt-119 FOUND
/media/xyz/scvhost.exe: W32.Autoit.Obfus-2 FOUND
/media/xyz/MIsc/MIsc.exe: W32.Autoit.Obfus-2 FOUND
/media/xyz/autorun.inf: Worm.Autorun-1792 FOUND"
This is the part of output clamav had produced when I ran it on the PD.
Looking for your suggestions - thanks.
>
> --
> Bob Holtzman
> Key ID: 8D549279
> "If you think you're getting free lunch,
>  check the price of the beer"
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAkybx6sACgkQv5BYD41UknkPmQCbBiPeaPOaptSWQTf7F2ekHNcy
> dsAAoMRoh3x/MEe/C3Y3wLoPc8Pv/4kh
> =h4oh
> -----END PGP SIGNATURE-----
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>

More information about the ubuntu-users mailing list