I accidentally did a clamscan on my own system (I thought I was doing it on a server I was ssh'd into), before I went to bed last night. When I woke up this morning I found two trojans. Because I had to do other stuff, I decided to just remove my $HOME/.wine directory instead as a safety precaution and deal with it later.
Well, now is later. Unfortunately due to an awful typo the results were not logged. However, after re-installing steam on a fresh wine prefix, fresh new user, proper groups, etc. (as well as my own user) both $HOME/.wine directories for both users picked up the same trojan (note: neither of these users were root).
Code: Select all
# freshclam
# clamscan -ri /home/user1/.wine
.wine/drive_c/Program Files/Steam/bin/avcodec-53.dll: Win.Trojan.5946697 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 1377310
Engine version: 0.97.6
Scanned directories: 417
Scanned files: 2323
Infected files: 1
Data scanned: 210.51 MB
Data read: 185.99 MB (ratio 1.13:1)
Time: 17.146 sec (0 m 17 s)
Now, before I removed my wine prefix, I found a similarly named Trojan in my Team Fortress 2 directory: $HOME/.wine/drive_c/Program\ Files/Steam/steamapps/<steam username>/team\ fortress\ 2/bin/*avcod*.dll
I don't remember the exact name (but it was a similar filename along the lines of avcodec or whatnot) in the directory I've shown, which is why I used the * wildcard in my line above.
I know Steam (and Team Fortress 2) were updated recently (as in less than a week ago from this post), so I was wondering if anybody else could also clamscan their WINEPREFIX that has Steam in it and confirm the same Trojans (on your current WINEPREFIX and another one for a new user if the new user installs only Steam)?
Otherwise I think maybe I downloaded a bad Steaminstall.msi, or the update servers for Steam were affected maliciously (crossing my fingers it's neither).
