Forums

Virus in Wine prefix?

Auteur Réponses
AMouse Lundi 27 Avril 2015 à 17:53
AMouseAnonymous

Dear POL/POM developers,

I installed MalwareBytes into a POL prefix in order to check an installer for viruses. It didn't find any malware in the file but it found malware in the system directories of the Wine prefix used.

The threats found are:

Trojan.Agent, C:\windows\system32\dmusic32.dll, , [256a3140e1a9ec4a10d50e5116ee37c9], 
Backdoor.Bot, C:\windows\system32\iexplore.exe, , [fa957100e1a973c3d27281e2d92b3cc4], 
Trojan.Patched, C:\windows\system32\ksuser.dll, , [b0df01706c1e46f0cd4e174d53b17888], 
Trojan.Agent, C:\windows\rundll.exe, , [3b545d145e2c96a078b887f3b64e857b], 
Trojan.Tracur, C:\windows\system32\winnls32.dll, , [8b043140602a5adc7a97d3dcc83cb34d], 

Broken.OpenCommand, HKCR\batfile\shell\open\command, ,[ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\comfile\shell\open\command, ,[ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\piffile\shell\open\command, [ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\scrfile\shell\open\command, [ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\regfile\shell\open\command, [ffffffffffffffffffffffffffffffff], %5

And all of this happened in a new prefix. If anybody has/had a similar problem, then it should be reported to POL, WineHQ, etc.

Ocean86 Lundi 27 Avril 2015 à 18:52
Ocean86

I assume that's most likely a false positive. Remember, the Antivirus will expect a native Windows environment, which isn't the case when using Wine. If you want to check your system for viruses, use something like ClamAV or ClamTK to scan your Linux system + Wine bottles for threats.

Cheers,

Ocean

Edité par Ocean86

petch Lundi 27 Avril 2015 à 21:14
petch
Développeur

ClamAV finds PUA.Spyware.XPCSpyPro in MalwareBytes installer ;)