Recently I ran a sweep of my computer using ClamAV and it flagged four viruses in wine. The supposedly infected files are:
.wine/drive_c/windows/Microsoft.NET/Framework64/v4.0.30319/aspnet_wp.exe
.wine/drive_c/windows/Microsoft.NET/Framework64/v4.0.30319/RegSvcs.exe
.wine/drive_c/windows/Microsoft.NET/Framework64/v4.0.30319/regtlibv12.exe
.wine/drive_c/windows/Microsoft.NET/Framework64/v4.0.30319/InstallUtil.exe
For each file it has flagged something like Win.Dropper.Memery-10001753-0.
I have heard of antiviruses like ClamAV raising false positives for wine. Are these files anything to be worried about?
Viruses flagged in Wine
Re: Viruses flagged in Wine
These files do not exist in a clean wineprefix on my computer.
Did you use winetricks to install a version of the .Net Framework?
Did you use winetricks to install a version of the .Net Framework?
Code: Select all
drive_c/windows/Microsoft.NET/Framework64/v4.0.30319$ ls -asl
totaal 1816
4 drwxr-xr-x 3 floris floris 4096 9 dec 18:31 .
4 drwxr-xr-x 7 floris floris 4096 9 dec 18:31 ..
4 drwxr-xr-x 2 floris floris 4096 9 dec 18:31 CONFIG
8 -rwxr-xr-x 1 floris floris 5632 17 okt 20:23 csc.exe
520 -rw-r--r-- 1 floris floris 530176 9 dec 18:31 diasymreader.dll
396 -rw-r--r-- 1 floris floris 401967 9 dec 18:31 fusion.dll
12 -rwxr-xr-x 1 floris floris 8704 17 okt 20:24 installutil.exe
736 -rw-r--r-- 1 floris floris 752128 17 okt 20:23 mscorlib.dll
132 -rwxr-xr-x 1 floris floris 135100 9 dec 18:31 ngen.exe
Re: Viruses flagged in Wine
No, I don't believe I did, though I installed wine years ago, so I don't really remember. In any case, I've shredded the suspect files. Is this sufficient for getting rid of them? I'm not very experienced with dealing with malware and I assumed ClamAV would take care of them.
Re: Viruses flagged in Wine
It is probably enough to discard the suspicious files.
If you want to be absolutely sure, you can create a new Wineprefix,
reinstall your programs in the new prefix,
transfer your data from the old wineprefix to the new one
and discard the old prefix.
Don't forget to reinstall Wine-mono if you use .Net programs.
If you want to be absolutely sure, you can create a new Wineprefix,
reinstall your programs in the new prefix,
transfer your data from the old wineprefix to the new one
and discard the old prefix.
Don't forget to reinstall Wine-mono if you use .Net programs.