[PLUG-TALK] Quickbooks - online, virtual, emulator ...

Aaron Burt aaron at bavariati.org
Wed Jan 23 22:45:20 UTC 2019


Details below, but please shut down and back up that VM ASAP!

On 2019-01-23 13:27, Keith Lofstrom wrote:
> My wife has been using Quickbooks for her medical business
> for more than a decade, because her accountant does.  We
> run it inside a 64 bit Windows 7 guest in a VirtualBox
> host on a 5 year old Centos-clone Linux box.

Good setup.  Relatively secure and clean.  Not too painful to use if it 
launches in a full-screen window and doesn't involve a lot of 
poking-around.

> I haven't paid much attention to the Win7 guest, but it
> has sprung a leak; something (presumably malware) is
> eating about 100 megabytes of virtual disk per hour, and

...STOP RIGHT THERE.  Only reason that VM should be running now is to 
check for signs of malware and data exfiltration!  Oh and maybe to run a 
QuickBooks backup/export and copy that backup off ASAP.

Best disable the VM's networking in any case.

My first guess is that this is a ransomware attack, and it's using that 
disk space while encrypting your data.  Probably better make a backup 
copy of the VM disk image ASAP.  Even if it completes the encrypt/delete 
process, a backup VM disk image can be mounted on another Win7 VM.

> Imagined alternatives:
>  - Upgrade treadmill for Windoze and Quickbooks.
>  - Container app for Quickbooks (not Wine compatible)
>  - 99.9% data compatible Linux accounting software.
>  - Quickbooks online from Intuit

Those all sound like they'd involve a lot of downtime for a 
business-critical system.  In the interim, can you just build another 
Win7 image, reinstall QB on it and import the QB backup from the 
existing image?

I'm not sure how the QB Online data import works, but even if it's dead 
simple, it'll take time for folks to get used to it.

Warm regards,
   Aaron



More information about the PLUG-talk mailing list