[ale] windows virus?
Paul Cartwright
ale at pcartwright.com
Tue Jun 1 15:28:37 EDT 2010
On Tue June 1 2010, Robert Reese wrote:
> Yes, it looks like a malware first detected back on March 23rd and again
> around April 7th or 8th.
>
> http://www.prevx.com/filenames/229273247370207858-X1/PRETEE~2.EXE.html
>
>
> http://www.prevx.com/filenames/X2542718249228048748-X1/LS_ISL~1.EXE.html
>
>
> http://www.oitc.com/winnow/clamsigs/pages/table60.html
>
>
>
> Also, it appeared to have downloaded twice, hence the '2' at the end
> rather than a '1'.
i saw the google links to ~1, didn't think about it having downloaded twice..
>
> IIRC, Wine "automagically" takes over for Windows executables, and the
> malware was likely therefore launched through an exploit in the browser; a
> telltale sign is that it was running from a Temp directory.
when I went back, the temp directory was empty, but I had already killed the
~2.exe process..
>
> I doubt it did anything outside of hammer your CPU, however. Still, I'd
> make sure there isn't anything new in the Wine startup (if there is one).
wine startup... hmm... not sure what that would be...
--
Paul Cartwright
Registered Linux user # 367800
Registered Ubuntu User #12459
http://usdebtclock.org/
More information about the Ale
mailing list