thanks fedora

Robert Holtzman holtzm at cox.net
Fri Sep 24 22:34:03 UTC 2010 

On Fri, Sep 24, 2010 at 11:58:21PM +0530, Tanmoy Chatterjee wrote:
> On Fri, Sep 24, 2010 at 3:03 AM, Robert Holtzman <holtzm at cox.net> wrote:
> > On Thu, Sep 23, 2010 at 08:53:23PM +0530, Tanmoy Chatterjee wrote:
> >> On Thu, Sep 23, 2010 at 3:30 AM, Robert Holtzman <holtzm at cox.net> wrote:
> >
> >            ........snip......
> >>This makes me think that the hidden process might be
> >> some kind of virus as there is no operation pending with the PD to my
> >> knowledge.
> >
> > Does the output of "ps aux" indicate anything?
> 
> "root      8597  0.0  0.0      0     0 ?        S<   21:50   0:00 [scsi_eh_4]
> root      8598  0.0  0.0      0     0 ?        S<   21:50   0:00 [usb-storage]
> root      8637  0.0  0.1   5180  1788 ?        S    21:50   0:00
> hald-addon-storage: polling /dev/sdb (every 2 sec)" - this is the ps
> aux output and /dev/sdb is the PD.

Did you try killing 8598? If it screws you up you can always reboot 
(would someone please jump in if I committed  a Karl).

> 
> >
> >
> > Does your PD have more than one partition? If so, I'm told (if I
> > understood it right), "unmount" will not unmount all partitions which
> > would account for the light staying on. "Safely Remove....." will. Also,
> > all the pen drives I have used only display a light when they are being
> > read or written to. Not constant.
> My PD has only a single partition and it displays a constant light.
> Two things I noted today - in Fedora: clicking /Places/Computer shows
> the file systems including the PD. Here right clicking the PD icon
> will come with 2 option one is 'eject(=unmount)' and the other is
> 'safely remove'. Selecting eject will just unmount the volume from
> file system or /home but /Places/Computer will still keep displaying
> the PD icon. But selection of 'safely remove' option makes the PD icon
> disappear from /Places/Computer too.
> 
> In Ubuntu: they don't have the 2nd option only 'unmount volume' option
> is available. So, selecting that option only unmount the PD from /home

What Ubuntu version are you running? My 10.04 only shows "SafelyRemove". 

A usb drive doesn't get mounted in home. It mounts in /media. I
unmount/Safely Remove from the icon on the desktop.

> but the icon remains in the /Places/Computer folder. Here if you want
> to remove the PD manually from the USB port, you have to do so with
> the icon still appearing in /Places/Computer folder.
> >
> > Out of curiosity, what kind of files did clamav find infected? Mail
> > files? Personal data files? System files? Configuration files?
> "/media/xyz/xrdygg.bat: Trojan.Crypt-119 FOUND
> /media/xyz/scvhost.exe: W32.Autoit.Obfus-2 FOUND
> /media/xyz/MIsc/MIsc.exe: W32.Autoit.Obfus-2 FOUND
> /media/xyz/autorun.inf: Worm.Autorun-1792 FOUND"
> This is the part of output clamav had produced when I ran it on the PD.
> Looking for your suggestions - thanks.

How long have you been using Linux? Are you not aware that these are all
Windows malware and won't run in Linux? Of course if you sent email to
any Windows users you also probably sent them the worm (if not the
rest). I can just about guarantee that your problem isn't caused by
malware.

To sum up, it looks like you have a lot of homework to do.

> >
> > --
> > Bob Holtzman
> > Key ID: 8D549279
> > "If you think you're getting free lunch,
> >  check the price of the beer"
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (GNU/Linux)
> >
> > iEYEARECAAYFAkybx6sACgkQv5BYD41UknkPmQCbBiPeaPOaptSWQTf7F2ekHNcy
> > dsAAoMRoh3x/MEe/C3Y3wLoPc8Pv/4kh
> > =h4oh
> > -----END PGP SIGNATURE-----
> >
> > --
> > ubuntu-users mailing list
> > ubuntu-users at lists.ubuntu.com
> > Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> >
> >
> 
> -- 
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

-- 
Bob Holtzman
Key ID: 8D549279
"If you think you're getting free lunch,
 check the price of the beer"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20100924/00e5f262/attachment.sig>

More information about the ubuntu-users mailing list