Douglas Ray via luv-main <luv-main@luv.asn.au> writes:
We have a PC with firmware malware on - at least - both DVDs.
Er, are you saying the microcontroller on the DVD drive's circuit board is infected? (As opposed to the infected component being on the motherboard, or on a DVD *disc*, or...) How did you determine this?
Booting a DVD live-image of ubuntu, invocations of firefox are intercepted and come up as "JON recovery system" or some such. The attack vector may have been the old XP system on the harddrive, but equally it may have been one of the ubuntu images.
As another poster suggested, "jon recovery system" appears to originate from the httpd in D-Link firmware for router appliances. If you remove all NICs from the "infected PC", do the symptoms go away?