Viruses flagged in Wine

[winemom]

Recently I ran a sweep of my computer using ClamAV and it flagged four viruses in wine. The supposedly infected files are:

.wine/drive_c/windows/Microsoft.NET/Framework64/v4.0.30319/aspnet_wp.exe
.wine/drive_c/windows/Microsoft.NET/Framework64/v4.0.30319/RegSvcs.exe
.wine/drive_c/windows/Microsoft.NET/Framework64/v4.0.30319/regtlibv12.exe
.wine/drive_c/windows/Microsoft.NET/Framework64/v4.0.30319/InstallUtil.exe

For each file it has flagged something like Win.Dropper.Memery-10001753-0.

I have heard of antiviruses like ClamAV raising false positives for wine. Are these files anything to be worried about?

[jkfloris]

These files do not exist in a clean wineprefix on my computer.
Did you use winetricks to install a version of the .Net Framework?

Code: Select all

drive_c/windows/Microsoft.NET/Framework64/v4.0.30319$ ls -asl
totaal 1816
  4 drwxr-xr-x 3 floris floris   4096  9 dec 18:31 .
  4 drwxr-xr-x 7 floris floris   4096  9 dec 18:31 ..
  4 drwxr-xr-x 2 floris floris   4096  9 dec 18:31 CONFIG
  8 -rwxr-xr-x 1 floris floris   5632 17 okt 20:23 csc.exe
520 -rw-r--r-- 1 floris floris 530176  9 dec 18:31 diasymreader.dll
396 -rw-r--r-- 1 floris floris 401967  9 dec 18:31 fusion.dll
 12 -rwxr-xr-x 1 floris floris   8704 17 okt 20:24 installutil.exe
736 -rw-r--r-- 1 floris floris 752128 17 okt 20:23 mscorlib.dll
132 -rwxr-xr-x 1 floris floris 135100  9 dec 18:31 ngen.exe

[winemom]

No, I don't believe I did, though I installed wine years ago, so I don't really remember. In any case, I've shredded the suspect files. Is this sufficient for getting rid of them? I'm not very experienced with dealing with malware and I assumed ClamAV would take care of them.

[jkfloris]

It is probably enough to discard the suspicious files.
If you want to be absolutely sure, you can create a new Wineprefix,
reinstall your programs in the new prefix,
transfer your data from the old wineprefix to the new one
and discard the old prefix.

Don't forget to reinstall Wine-mono if you use .Net programs.