worm
Today was another wet day with no sunshine. This is the fourth day in the row of wet gray weather.I did some chores around the house and decided to check my various operating systems for viruses, Trojans and worms. A time consuming task that would leave me in a login terminal with no toys for several hours.
I burned an ISO of ClamAVLive.2.0.iso. I rebooted into the live stripped down Ubuntu operating system and had the virus information library update itself.
sudo freshclam
Then I made directories for the 3 partitions I wished to scan prior to mounting said directories.
sudo mkdir /media/ubuntu1 /media/ubuntu2 /media/winXP1
Then I mounted the directories.
sudo mount -t ext3 /dev/sdb1 /media/ubuntu1
sudo mount -t ext3 /dev/sda5 /media/ubuntu2
sudo mount -t ntfs /dev/sda1 /media/winXP1
I created a file to keep the log of my results
touch /media/ubuntu2/home/art/ClamAV.log
I changed directory to the root partition in my live (ram) directory.
cd /
Now it is time to scan and then go into the den and watch some movies.
sudo clamscan -ri -l /media/ubuntu2/home/art/ClamAV.log
r is for recursive and since I am at root "/" everything that is mounted will get scanned
i is for infected files only
l is for writing to a log file which in my case I chose the blank file I just touched or created /media/ubuntu2/home/art/ClamAV.log
This is the output of the ClamAV.log file
//media/winXP1/Program Files/Panasonic/NCR2/ncrcore.exe: Worm.Stration.WR FOUND
———– SCAN SUMMARY ———–
Known viruses: 413791
Engine version: 0.94rc1-exp
Scanned directories: 53741
Scanned files: 425375
Infected files: 1
Data scanned: 38092.62 MB
Time: 12899.510 sec (214 m 59 s)
That file came from Panasonic’s Support/Download page for the network camera I bought last year.
I deleted the infected file while still in the live operating system.
sudo rm -i /media/winXP1/Program%20Files/Panasonic/NCR2/ncrcore.exe
Google gave me this information:
Worm.Stration.WR is a mass-mailing worm that propagates by sending a copy of itself as an attachment to the harvested email addresses from compromised computers.
I sure hope the sun is out tomorrow.
