Het forum

Dear POL/POM developers,

I installed MalwareBytes into a POL prefix in order to check an installer for viruses. It didn't find any malware in the file but it found malware in the system directories of the Wine prefix used.

The threats found are:

Trojan.Agent, C:\windows\system32\dmusic32.dll, , [256a3140e1a9ec4a10d50e5116ee37c9], 
Backdoor.Bot, C:\windows\system32\iexplore.exe, , [fa957100e1a973c3d27281e2d92b3cc4], 
Trojan.Patched, C:\windows\system32\ksuser.dll, , [b0df01706c1e46f0cd4e174d53b17888], 
Trojan.Agent, C:\windows\rundll.exe, , [3b545d145e2c96a078b887f3b64e857b], 
Trojan.Tracur, C:\windows\system32\winnls32.dll, , [8b043140602a5adc7a97d3dcc83cb34d], 

Broken.OpenCommand, HKCR\batfile\shell\open\command, ,[ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\comfile\shell\open\command, ,[ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\piffile\shell\open\command, [ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\scrfile\shell\open\command, [ffffffffffffffffffffffffffffffff], %5
Broken.OpenCommand, HKCR\regfile\shell\open\command, [ffffffffffffffffffffffffffffffff], %5

And all of this happened in a new prefix. If anybody has/had a similar problem, then it should be reported to POL, WineHQ, etc.

I assume that's most likely a false positive. Remember, the Antivirus will expect a native Windows environment, which isn't the case when using Wine. If you want to check your system for viruses, use something like ClamAV or ClamTK to scan your Linux system + Wine bottles for threats.

Cheers,

Ocean

Aangepast door Ocean86

ClamAV finds PUA.Spyware.XPCSpyPro in MalwareBytes installer ;)