Thursday, February 19, 2009

Game Sites with Knoppix

After the problems we had with online game sites allowing malware through, I decided to put a complete end to it. My son now uses Knoppix run from a CDR to play his online games.

Here's what I did: I downloaded Knoppix 6.0 ISO image and burned it to a CDR. Then I changed the computer that formerly had the trojan so that it would boot from the CD drive first before going to the hard drive. I put in the Knoppix CD and rebooted.

A simple text interface shows up that allows you to select a number of things, one of which is a full X desktop. All the things you need for web browsing are in there including a modified version of Firefox called Iceweasel. We now use Iceweasel to play the online games. By default it doesn't allow scripting, so we had to learn how much scripting is necessary, but now his online games play fine with complete graphics and sound just as though he were on Windows XP -- except without the worries of picking up maleware. It doesn't use the hard drive, just memory.

When he's done, we exit the X session and shutdown/reboot. Simply remove the CD and Windows comes back when you reboot.

One thing we did find is that it works best with a wired internet connection -- I couldn't get any of the wireless computers to work with Knoppix, but then maybe I don't know exactly what to do.

Interested? http://www.knoppix.net/

Free AirPcap Adapters at Sharkfest

Although I haven't decided whether I will be able to attend, I wanted to let you know about Sharkfest. Sharkfest is all about WireShark(r) and it is put on by people who make WinPcap. We use WinPcap in NetScanTools Pro. WinPcap is a packet driver (http://www.wireshark.org/). Wireshark uses it to capture packets and we use it to both capture and generate packets. Wireshark is the best free network packet analysis tool I know of. The packet capture files that NetScanTools Pro saves can be opened by Wireshark for in-depth analysis.

Here are the details about the conference:

Wireshark(r) Developer and User Conference
June 15 - 18, 2009
Stanford University Palo Alto, California

SHARKFEST is an educational event that offers in-depth instruction over the course of 3 days to the benefit of anyone wishing to enhance their skill set with, and optimize the effective use of, the world's most popular network and packet analyzer, Wireshark.

Space is limited and due to a full house last year, early registration is strongly encouraged. Single registration for all 3 days is $695.00 USD. Details including conference hotels, group discounts and the conferenceschedule can be found at http://www.cacetech.com/sharkfest.09/. Every paid registration will receive a FREE AirPcap Classic Adapter (SRP $198USD) and so much more!

Thursday, February 5, 2009

Browser Hijack Wrap-up

So far that computer has had no additional problems. I did use HiJackThis to make sure there were no additional startup files or registry entries that I missed. And I scanned it with Malwarebytes too with no additional findings.

One comment on the original xpsdg6420222.exe file. Symantec identifies it as a Bloodhound.SONAR.2 file which "indicates a running process with behavior similar to that of a Trojan horse that records keystrokes. It may represent a new, previously unidentified type of risk." Definitely a risk that I don't ever want to see again.

Thanks to all those who left comments and I hope what I've shown you was instructive and helpful. I certainly learned alot and my next post goes into an even more difficult, yet similar problem on yet another kids' computer.