From: "Michael Miles" <mmamiga6@xxxxxxxxx> Sent: Sunday, 2010/April/18 10:03 > On 04/17/2010 07:45 PM, jdow wrote: >> From: "Michael Miles"<mmamiga6@xxxxxxxxx> >> Sent: Saturday, 2010/April/17 10:14 >> >>> this is what I find with avira >>> I'm just scanning and not doing anything with this file or files >>> >>> >>> >>> file: /home/amiga5/.wine-x86_64/drive_c/windows/twain.dll >>> last modified on date: 2010-03-09 time: 14:16:14, size: 1032 >>> bytes >>> ALERT: TR/Crypt.XPACK.Gen2 ; trojan ; Is the Trojan horse >>> TR/Crypt.XPACK.Gen2 >>> ALERT-URL: >>> http://www.avira.com/en/threats?q=TR%2FCrypt%2EXPACK%2EGen2 >>> >>> >>> >>> file: /home/amiga5/.wine-x86_64/drive_c/windows/system32/dosx.exe.XXX >>> last modified on date: 2010-03-09 time: 14:16:14, size: 1032 >>> bytes >>> ALERT: TR/Crypt.XPACK.Gen2 ; trojan ; Is the Trojan horse >>> TR/Crypt.XPACK.Gen2 >>> ALERT-URL: >>> http://www.avira.com/en/threats?q=TR%2FCrypt%2EXPACK%2EGen2 >>> >>> >>> file: >>> /home/amiga5/.wine-x86_64/drive_c/windows/system32/dsound.vxd.XXX >>> last modified on date: 2010-03-09 time: 14:16:14, size: 1032 >>> bytes >>> ALERT: TR/Crypt.XPACK.Gen2 ; trojan ; Is the Trojan horse >>> TR/Crypt.XPACK.Gen2 >>> ALERT-URL: >>> http://www.avira.com/en/threats?q=TR%2FCrypt%2EXPACK%2EGen2 >>> >>> >>> file: >>> /home/amiga5/.wine-x86_64/drive_c/windows/system32/ddhelp.exe.XXX >>> last modified on date: 2010-03-09 time: 14:16:14, size: 1032 >>> bytes >>> ALERT: TR/Crypt.XPACK.Gen2 ; trojan ; Is the Trojan horse >>> TR/Crypt.XPACK.Gen2 >>> ALERT-URL: >>> http://www.avira.com/en/threats?q=TR%2FCrypt%2EXPACK%2EGen2 >>> >>> >>> file: /home/amiga5/.wine-x86_64/drive_c/windows/system/ddeml.dll.XXX >>> last modified on date: 2010-03-09 time: 14:16:14, size: 1032 >>> bytes >>> ALERT: TR/Crypt.XPACK.Gen2 ; trojan ; Is the Trojan horse >>> TR/Crypt.XPACK.Gen2 >>> ALERT-URL: >>> http://www.avira.com/en/threats?q=TR%2FCrypt%2EXPACK%2EGen2 >>> >>> >>> file: /home/amiga5/.wine-x86_64/drive_c/windows/winhelp.exe.XXX >>> last modified on date: 2010-03-09 time: 14:16:14, size: 1032 >>> bytes >>> ALERT: TR/Crypt.XPACK.Gen2 ; trojan ; Is the Trojan horse >>> TR/Crypt.XPACK.Gen2 >>> ALERT-URL: >>> http://www.avira.com/en/threats?q=TR%2FCrypt%2EXPACK%2EGen2 >>> >>> >>> Are these false alerts or are they real? >>> >>> Considering they are all the same trojan I would suspect false alert. >>> >>> I could be wrong...Avira and Bitdefender both found these.... Clamav did >>> not find any. >>> >> If you haven't installed an XP set of files under Wine for your >> winhelp.exe >> and the like - I do believe you have been infected - somehow. What do you >> run in your Wine? And do you know what the .XXX added to the files is? >> Double check that they don't track back to the wine install. And if they >> don't nukem or reinstall wine. >> >> Those are files with standard Windows names and .XXX suffixes. They >> probably found their way into your wine setup. I don't know if they have >> been unpacked and installed except for twain.dll. They all have the same >> modified date. That is suggestive of having a malware infection. >> (Twain.dll >> on a fully up to date XP Pro install is dated back in 2004/08/04 and is >> 93k on disk.) >> >> {^_^} >> >> > I set up win xp in wine but did not install any software other than that. > I just did not like the way wine worked and then used Virtualbox for win > 7 instead. > > I did leave the xp installation there. > > I have used both xp and win 7 on this machine as a native os and there > were no infections present on Win machines. > > Clearly there is an infection on Fedora 12 in wine now. > It just figures that the powers to be would incorporate windows > vulnerabilities into Fedora through wine. > > I had Clamav running the entire life of Fedora 12 on this computer and > the virus made it by there. > > Clam av will not even pick up these viruses now and they are still there. > > Avira sees them no problem. I'd do an "rpm -qf" on each of the files and see if they are things wine thinks it owns. {^_^} -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
