Forums

Virus in Wine prefix?

Auteur Réponses
AMouse Lundi 27 Avril 2015 à 17:53
AMouseAnonymous

Dear POL/POM developers,

I installed MalwareBytes into a POL prefix in order to check an installer for viruses. It didn't find any malware in the file but it found malware in the system directories of the Wine prefix used.

The threats found are:

Trojan.Agent, C:\windows\system32\dmusic32.dll, , [256a3140e1a9ec4a10d50e5116ee37c9], 
Backdoor.Bot, C:\windows\system32\iexplore.exe, , [fa957100e1a973c3d27281e2d92b3cc4], 
Trojan.Patched, C:\windows\system32\ksuser.dll, , [b0df01706c1e46f0cd4e174d53b17888], 
Trojan.Agent, C:\windows\rundll.exe, , [3b545d145e2c96a078b887f3b64e857b], 
Trojan.Tracur, C:\windows\system32\winnls32.dll, , [8b043140602a5adc7a97d3dcc83cb34d], 

Broken.OpenCommand, HKCR\batfile\shell\open\command, ,[ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\comfile\shell\open\command, ,[ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\piffile\shell\open\command, [ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\scrfile\shell\open\command, [ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\regfile\shell\open\command, [ffffffffffffffffffffffffffffffff], %5

And all of this happened in a new prefix. If anybody has/had a similar problem, then it should be reported to POL, WineHQ, etc.

Ocean86 Lundi 27 Avril 2015 à 18:52
Ocean86

I assume that's most likely a false positive. Remember, the Antivirus will expect a native Windows environment, which isn't the case when using Wine. If you want to check your system for viruses, use something like ClamAV or ClamTK to scan your Linux system + Wine bottles for threats.

Cheers,

Ocean

Edité par Ocean86

petch Lundi 27 Avril 2015 à 21:14
petch

ClamAV finds PUA.Spyware.XPCSpyPro in MalwareBytes installer ;)

 

This site allows content generated by members, and we promptly remove any content that infringes copyright according to our Terms of Service. To report copyright infringement, please send a notice to dmcayonlinux.com