Today, Tuesday, January, 12, 2016, 19:00 Hr. UTC, I performed a deep CLAMAV scan of all my PC (Ubuntu Studio 15.10, WineHQ 1.9.1) and the result was... A lot of probably dangerous files, including some Wine files.
The details talk about the following "Potential threat":
"PUA.Win32.Packer.PrivateExeProte-7" and "PUA.Win32.Packer.SetupExeSection"
It is related to a lot of Wine files into the directories: Wine-Gecko, Mono, Fakedlls, Microsoft.NET and Common Files.
What's about?
Is it a real threat attack?
How can we fix it? ???
Greetings & Blessings from Chile!!!!!!!
Juan
Probably viruse on Wine installation files?
-
jotape1960
- Level 2
- Posts: 44
- Joined: Tue Nov 24, 2015 12:05 am
Re: Probably viruse on Wine installation files?
Malware can run in Wine, and if you've ever run Wine as root, it can write anywhere on your system. So yes, your Wine files could be infected.
However, googling PUA.Win32.Packer.SetupExeSection turned up this: http://forums.clamwin.com/viewtopic.php?t=3600. So it's quite possible what you are seeing is a false positive from ClamAV. I'd double check any files flagged as suspicious by ClamAV with https://www.virustotal.com/.
However, googling PUA.Win32.Packer.SetupExeSection turned up this: http://forums.clamwin.com/viewtopic.php?t=3600. So it's quite possible what you are seeing is a false positive from ClamAV. I'd double check any files flagged as suspicious by ClamAV with https://www.virustotal.com/.
-
jotape1960
- Level 2
- Posts: 44
- Joined: Tue Nov 24, 2015 12:05 am
Re: Probably viruse on Wine installation files?
Thanks for your data!!!
BTW: How can I know if I run Wine as root or user?
BTW: How can I know if I run Wine as root or user?
Re: Probably viruse on Wine installation files?
Login as a normal user and don't do su or sudo.jotape1960 wrote: BTW: How can I know if I run Wine as root or user?
If you have ever run Wine as sudo, you will have messed up the permissions in the wineprefix. Follow these instructions to fix it: http://wiki.winehq.org/FAQ#head-8b89c92 ... 96093e1484.
