The forum

Virus in Wine prefix?

Author Replies
AMouse Monday 27 April 2015 at 17:53
AMouseAnonymous

Dear POL/POM developers,

I installed MalwareBytes into a POL prefix in order to check an installer for viruses. It didn't find any malware in the file but it found malware in the system directories of the Wine prefix used.

The threats found are:

Trojan.Agent, C:\windows\system32\dmusic32.dll, , [256a3140e1a9ec4a10d50e5116ee37c9], 
Backdoor.Bot, C:\windows\system32\iexplore.exe, , [fa957100e1a973c3d27281e2d92b3cc4], 
Trojan.Patched, C:\windows\system32\ksuser.dll, , [b0df01706c1e46f0cd4e174d53b17888], 
Trojan.Agent, C:\windows\rundll.exe, , [3b545d145e2c96a078b887f3b64e857b], 
Trojan.Tracur, C:\windows\system32\winnls32.dll, , [8b043140602a5adc7a97d3dcc83cb34d], 

Broken.OpenCommand, HKCR\batfile\shell\open\command, ,[ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\comfile\shell\open\command, ,[ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\piffile\shell\open\command, [ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\scrfile\shell\open\command, [ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\regfile\shell\open\command, [ffffffffffffffffffffffffffffffff], %5

And all of this happened in a new prefix. If anybody has/had a similar problem, then it should be reported to POL, WineHQ, etc.

Ocean86 Monday 27 April 2015 at 18:52
Ocean86

I assume that's most likely a false positive. Remember, the Antivirus will expect a native Windows environment, which isn't the case when using Wine. If you want to check your system for viruses, use something like ClamAV or ClamTK to scan your Linux system + Wine bottles for threats.

Cheers,

Ocean

Edited by Ocean86

petch Monday 27 April 2015 at 21:14
petch

ClamAV finds PUA.Spyware.XPCSpyPro in MalwareBytes installer ;)

 

This site allows content generated by members, and we promptly remove any content that infringes copyright according to our Terms of Service. To report copyright infringement, please send a notice to dmca-notice@playonlinux.com