Thursday, February 19, 2009
Here's what I did: I downloaded Knoppix 6.0 ISO image and burned it to a CDR. Then I changed the computer that formerly had the trojan so that it would boot from the CD drive first before going to the hard drive. I put in the Knoppix CD and rebooted.
A simple text interface shows up that allows you to select a number of things, one of which is a full X desktop. All the things you need for web browsing are in there including a modified version of Firefox called Iceweasel. We now use Iceweasel to play the online games. By default it doesn't allow scripting, so we had to learn how much scripting is necessary, but now his online games play fine with complete graphics and sound just as though he were on Windows XP -- except without the worries of picking up maleware. It doesn't use the hard drive, just memory.
When he's done, we exit the X session and shutdown/reboot. Simply remove the CD and Windows comes back when you reboot.
One thing we did find is that it works best with a wired internet connection -- I couldn't get any of the wireless computers to work with Knoppix, but then maybe I don't know exactly what to do.
Here are the details about the conference:
Wireshark(r) Developer and User Conference
June 15 - 18, 2009
Stanford University Palo Alto, California
SHARKFEST is an educational event that offers in-depth instruction over the course of 3 days to the benefit of anyone wishing to enhance their skill set with, and optimize the effective use of, the world's most popular network and packet analyzer, Wireshark.
Space is limited and due to a full house last year, early registration is strongly encouraged. Single registration for all 3 days is $695.00 USD. Details including conference hotels, group discounts and the conferenceschedule can be found at http://www.cacetech.com/sharkfest.09/. Every paid registration will receive a FREE AirPcap Classic Adapter (SRP $198USD) and so much more!
Thursday, February 5, 2009
One comment on the original xpsdg6420222.exe file. Symantec identifies it as a Bloodhound.SONAR.2 file which "indicates a running process with behavior similar to that of a Trojan horse that records keystrokes. It may represent a new, previously unidentified type of risk." Definitely a risk that I don't ever want to see again.
Thanks to all those who left comments and I hope what I've shown you was instructive and helpful. I certainly learned alot and my next post goes into an even more difficult, yet similar problem on yet another kids' computer.