I have a very nasty virus on wine...

Open forum for end-user questions about Wine. Before asking questions, check out the Wiki as a first step.
Forum Rules
Locked
wacossusca34
Level 1
Level 1
Posts: 7
Joined: Mon Aug 15, 2011 1:44 pm

I have a very nasty virus on wine...

Post by wacossusca34 »

Like the title says, I have a very nasty virus on wine. I swear I've also encountered this same one (A few months ago) on a seperate vista machine. I Have a virus that does not seem to be doing anything, and stopped working after an 'X' reboot. However, It did try to execute a modified version of winlogo.exe (Windows logon executable), but we all know you can't log onto a Linux system with Wine.

So ever since it went doormat, The ONLY issue i've been having is with BitTorrent (And that is not much of an issue since I now use a different torrent manager), it just lags a lot, and takes forever to process a single click into the application.

I can run much more complicated applications on wine, such as Spore, a windows game including GLSL rendering, and I'm surprised a game like this runs under a virus without an issue. (It's awesome! :D)

I'm just asking if I should be worried about this. I also want to remove anyways, and is there a way I can protect my wine from malicious software before things like this happen?

Thanks.
John Drescher

I have a very nasty virus on wine...

Post by John Drescher »

On Sat, Sep 24, 2011 at 11:06 AM, wacossusca34
<[email protected]> wrote:
Like the title says, I have a very nasty virus on wine. I swear I've also encountered this same one (A few months ago) on a seperate vista machine. I Have a virus that does not seem to be doing anything, and stopped working after an 'X' reboot. However, It did try to execute a modified version of winlogo.exe (Windows logon executable),  but we all know you can't log onto a Linux system with Wine.

So ever since it went doormat, The ONLY issue i've been having is with BitTorrent (And that is not much of an issue since I now use a different torrent manager), it just lags a lot, and takes forever to process a single click into the application.

I can run much more complicated applications on wine, such as Spore, a windows game including GLSL rendering, and I'm surprised a game like this runs under a virus without an issue. (It's awesome! :D)

I'm just asking if I should be worried about this. I also want to remove anyways, and is there a way I can protect my wine from malicious software before things like this happen?

Thanks.
1. Delete your wine prefix
2. Do not run anything under wine using root, su or sudo
3. Install clamav in linux - this will protect against windows viruses
but not malware.
4. Use a linux native bittorrent client. There are many good ones.


John M. Drescher
User avatar
dimesio
Moderator
Moderator
Posts: 13200
Joined: Tue Mar 25, 2008 10:30 pm

Re: I have a very nasty virus on wine...

Post by dimesio »

wacossusca34 wrote: I'm just asking if I should be worried about this. I also want to remove anyways, and is there a way I can protect my wine from malicious software before things like this happen?
http://wiki.winehq.org/FAQ#head-3cb8f05 ... 4e305a0459

Delete the wineprefix and run a virus scan on your home directory. And in the future, be more careful.
Entanglement
Level 3
Level 3
Posts: 62
Joined: Tue Aug 02, 2011 1:12 am

Post by Entanglement »

4. Use a linux native bittorrent client. There are many good ones.
I personally think that's going to be the biggest thing here.
wacossusca34
Level 1
Level 1
Posts: 7
Joined: Mon Aug 15, 2011 1:44 pm

Post by wacossusca34 »

I have to run under root, Puppy Linux by default logs into root.

Thanks for your input guys!
User avatar
SpawnHappyJake
Level 5
Level 5
Posts: 272
Joined: Sun Feb 06, 2011 5:57 am

Post by SpawnHappyJake »

Bend it to your will! It logging in as root is bad! Make a on-root account, and log into that, and never as root. Use sudo or su or gksudo or whatever when you need elevated rights. It logging in as root by default could have something to do with this virus.

Get Well Soon,
Jake
Islevi
Newbie
Newbie
Posts: 2
Joined: Thu Sep 22, 2011 3:58 am

Post by Islevi »

And you'd better check your pc with several antiviruses. Some of them may not find the virus.
oiaohm
Level 8
Level 8
Posts: 1020
Joined: Fri Feb 29, 2008 2:54 am

Post by oiaohm »

There is the universal window virus sledhammer. Clamav can be altered to be paranoid. Its a exe dll or contain any macros delete can be set to be marked as a virus and deleted by creating virus signatures to this effect.

Since exe and dll are not Linux binary you can set it to paranoid and not blow you feet completely out from out of you.

On windows running clamav paranoid will kill you since it basically deletes everything that is windows.

Islevi this is Linux there are far more effective ways to getting rid of the problem. Scorched earth policy. Check the system core against the packages it was installed from. Check the configuration files to rule out tampering.

Basically scorch earth all MS windows releated parts from the Linux system.

http://www.clamav.net/lang/en/faq/pua/ scripts from here is also possible.

Mind you scorched earth policy also applies to Linux Servers that are infected as well. Anything that cannot be confirmed as clean is removed.

This is why kernel.org is taking so long to bring back on line. The Linux world nature is do not mess around with virus or malware we want them dead and gone.

Lot of cases Linux differences to windows that effect wine do slow down virus spreed in wine.

For those running as root. The worse case I have seen giving support was to a person running wine as root. The windows virus could not tell the difference between a PE file and a ELF file thought both were executables so infected the lot yes the ELF files patched completely incorrectly so rendered non operating. Result vmlinux yes the boot image of Linux was virus damaged so Linux would not boot at all same with every other Linux executable and script. Clean install was the only option.

Basically you are bonkers running Wine as root you are playing Russian rollete with your system.

wacossusca34 user separation is an option. clamav runtime scanning or other runtime scanning where wine is. Please note this is not perfect some viruses will slip threw.

Finally don't do internet access to toxic locations like bittorrent providing non legal content. Legal provides of torrents I have never ever see a virus come from one of those sources. So you must be playing somewhere that you should not be.

I don't mean to be mean there is a lot of legal above board ways to get content or at least in away that has low risk.

One low risk way is downloading video clip from youtube and using vlc to cut the audio off into a mp3 file. Not like youtube is going to tolerate viruses. Basically start thinking of other locations you could get what you are getting bittorrent stuff from. Of course this depend on country if doing this is 100 percent legal.

Better slightly illegal and away from virus pricks than slightly illegal hanging out with virus pricks. Really I don't feel sorry for you wacossusca34 its basically if you lay down with dogs expect to get up with fleas.

Best thing you can do wacossusca34 is associate with a better crowd because to be infected the way you were you are most likely hang out with the wrong crowd.
Locked