Kernel32.dll infected

[danw58]

Hello, first time here.
I have WINE installed on Ubuntu 24.04
Hardware is 6-core Ryzen 7600, 64G DDR5, Radeon 7600 card, 8TB Barracuda
Not that it should matter.
Anyways, I did a full ClamAV scan, and it found Kernel32.dll in the WINE folders infected.
I deleted it, and reinstalled WINE, ran ClamAV again, and it was infected again.
/usr/lib/x86_64-linux-gnu/wine/x86_64-windows/kernel32.dll PUA.Win.Packer.Embedpe-3

Any chance I could get a clean kernel32 in a hurry?
I'm studying Accounting and need to get Sage50 (an accounting package for Windooze) installed over the weekend.

[DarkShadow44]

Where did you get wine from? If you get it from official sources it's more likely a false-positive.

[danw58]

I got it through Synaptic. I have,
wine-stable
wine-stable-amd64
wine-stable-i386:i386
all at 9.0.0.0~jammy-1
and then wine64 at version 9.0~repack-4build3
I'm not sure from what repo they come, exactly.

[DarkShadow44]

Probably Ubuntu, but that's something you can check.

[danw58]

My problem has gotten much worse; I trusted mistral-nemo ai to help me with this, and it recommended all kinds of commands, deleting GPG keys, adding and removing repos, and now I have a bigger problem ...
~$ sudo apt-get update
E: Conflicting values set for option Signed-By regarding source https://dl.winehq.org/wine-builds/ubuntu/ noble: /etc/apt/keyrings/winehq-archive.key !=
E: The list of sources could not be read.
Synaptic gives me an error message, too. I don't know what to do now.

PS. I understand about having to wait for a first post to be approved, but this is the third time I'm having to wait for post approval ... How long is this going to go on? What is the purpose of so much waiting around?

[danw58]

While still waiting for approval, I used help from X-Grok until it could not help me anymore.
Then I found new key instructions in another thread in this forum and gave it a try,

Code: Select all

$ wget -nc https://dl.winehq.org/wine-builds/winehq.key
--2024-10-15 13:20:29--  https://dl.winehq.org/wine-builds/winehq.key
Resolving dl.winehq.org (dl.winehq.org)... 151.101.66.217, 151.101.130.217, 151.101.2.217, ...
Connecting to dl.winehq.org (dl.winehq.org)|151.101.66.217|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3212 (3.1K) [application/pgp-keys]
winehq.key: Permission denied

Cannot write to ‘winehq.key’ (Success).
$ sudo apt-key add winehq.key
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
gpg: can't open 'winehq.key': No such file or directory
W: The key(s) in the keyring /etc/apt/trusted.gpg.d/winehq.gpg are ignored as the file has an unsupported filetype.
$ sudo apt update
E: Conflicting values set for option Signed-By regarding source https://dl.winehq.org/wine-builds/ubuntu/ noble: /etc/apt/keyrings/winehq-archive.key != /etc/apt/trusted.gpg.d/winehq.gpg
E: The list of sources could not be read.
$

[dimesio]

I understand about having to wait for a first post to be approved, but this is the third time I'm having to wait for post approval ... How long is this going to go on? What is the purpose of so much waiting around?

A new user's first three posts have to be approved by a moderator. The purpose is to keep out spam.

wine-stable
wine-stable-amd64
wine-stable-i386:i386
all at 9.0.0.0~jammy-1
and then wine64 at version 9.0~repack-4build3

You a have a mixture of wine packages from both Ubuntu and WineHQ. At this point you've created such a mess that I recommend uninstalling both, decide which one you want, and install only that one. If you decide to install our packages, follow the instructions on https://gitlab.winehq.org/wine/wine/-/w ... ian-Ubuntu. If you decide to install the distro package, ask for help on the Ubuntu forum.

I trusted mistral-nemo ai to help me with this,

That was unwise. LLMs don't actually understand anything.

[danw58]

Thanks.
Unfortunately, I'm not sure how to uninstall anything, since neither Synaptic nor apt work for me anymore.
In any case, I already uninstalled all wine packages before this problem came up.
Is there a file I can delete, or some simple way I can get lock opened?
The symptom is,

Code: Select all

~$ sudo apt-get update
E: Conflicting values set for option Signed-By regarding source https://dl.winehq.org/wine-builds/ubuntu/ noble: /etc/apt/keyrings/winehq-archive.key !=
E: The list of sources could not be read.

EDIT: This is my fourth post, and again I'm told I have to wait for approval.
I used to host a forum, myself, a decade ago, and I know about spammers all too well.
But policies to deal with them need to be weighed in terms of pro's and con's.
Arbitrarily inserting long wait times in posts hurts genuine new users far more than it hurts spammers. Spammers are in no hurry whatsoever. New users don't register at a forum when they are relaxed and have nothing to do; we register because we have an urgent problem. This policy punishes the innocent, while the spammers just laugh.

[danw58]

Okay, never mind; I got my system back in order using X's Grok help. Took about 8 hours or so, but we succeeded.
So now I'm going to install winehq as per your instructions' page. Thanks!

EDIT: Strange problem installing winehq; as you can see below, everything was going well until ...

Code: Select all

$ sudo mkdir -pm755 /etc/apt/keyrings

$ sudo wget -O /etc/apt/keyrings/winehq-archive.key https://dl.winehq.org/wine-builds/winehq.key
--2024-10-15 21:10:53--  https://dl.winehq.org/wine-builds/winehq.key
Resolving dl.winehq.org (dl.winehq.org)... 151.101.194.217, 151.101.130.217, 151.101.66.217, ...
Connecting to dl.winehq.org (dl.winehq.org)|151.101.194.217|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3212 (3.1K) [application/pgp-keys]
Saving to: ‘/etc/apt/keyrings/winehq-archive.key’

/etc/apt/keyrings/w 100%[===================>]   3.14K  --.-KB/s    in 0.001s  

2024-10-15 21:10:53 (4.03 MB/s) - ‘/etc/apt/keyrings/winehq-archive.key’ saved [3212/3212]

$ sudo wget -NP /etc/apt/sources.list.d/ https://dl.winehq.org/wine-builds/ubuntu/dists/noble/winehq-noble.sources
--2024-10-15 21:12:18--  https://dl.winehq.org/wine-builds/ubuntu/dists/noble/winehq-noble.sources
Resolving dl.winehq.org (dl.winehq.org)... 151.101.194.217, 151.101.130.217, 151.101.66.217, ...
Connecting to dl.winehq.org (dl.winehq.org)|151.101.194.217|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 163
Saving to: ‘/etc/apt/sources.list.d/winehq-noble.sources’

winehq-noble.sources         100%[=============================================>]     163  --.-KB/s    in 0s      

2024-10-15 21:12:23 (14.9 MB/s) - ‘/etc/apt/sources.list.d/winehq-noble.sources’ saved [163/163]

$ sudo apt update
Get:1 https://dl.winehq.org/wine-builds/ubuntu noble InRelease [6,261 B]
Hit:2 http://us.archive.ubuntu.com/ubuntu noble InRelease                                                         
Get:3 http://us.archive.ubuntu.com/ubuntu noble-updates InRelease [126 kB]                  
Hit:4 http://security.ubuntu.com/ubuntu noble-security InRelease                            
Get:5 https://dl.winehq.org/wine-builds/ubuntu noble/main amd64 Packages [43.8 kB]          
Hit:6 http://us.archive.ubuntu.com/ubuntu noble-backports InRelease       
Get:7 https://dl.winehq.org/wine-builds/ubuntu noble/main i386 Packages [43.8 kB]
Hit:8 https://dl.google.com/linux/chrome/deb stable InRelease
Fetched 220 kB in 1s (372 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
11 packages can be upgraded. Run 'apt list --upgradable' to see them.

$ sudo apt install --install-recommends winehq-stable
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package winehq-stable     !!!!

[dimesio]

There are no stable package for noble because it did not yet exist when 9.0 came out. There will be stable packages for it with the next stable release. in the mean time, there are packages for the development and staging branches. Or if you really want stable, use the distro package.

[danw58]

Yes, thank you; I discovered experimentally that winehq-devel was present, so I installed that one.
Glad to understand now the reason why.

I subsequently installed winetricks, wine-gecko and mono.
Currently I'm struggling with the VS redistributable package, for which the 2019 and 2022 versions
fail the hash. I downloaded VC_redist.x64.exe directly from Microsoft, but I'm not sure if it's what
what I need, and can't seem to find any help online, though I haven't asked Grok for an opinion, yet.

I'm not even sure I will need it for installing Sage 50 student version, which is my goal for today; but
assuming it is, things are likely to go more smoothly if all that's needed is already installed.

[danw58]

By the way, forgot to mention, I found advice for the hash mismatch problem, to run
$ sudo winetricks --auto-update
which I did, and it said the new version is not under debian control, for whatever it's
worth. Doing so did NOT resolve the hash mismatch problem, however.
I will try to install vc_redist.x64.exe from Microsoft using winetricks, but I will
use timeshift first (for the first time for me) before installing. Formating a USB stick
at the moment, to use as backup drive.
If any of this is a poor decision on my part, please let me know asap. I have to install
Sage 50 today, for my Accounting course, so I'm working as fast as I can. I will check
this thread again one more time before installing.