[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] windows virus?

Hello Paul,

Tuesday, June 1, 2010, 5:58:06 AM, you wrote:

> pbc      26683     1  0 May24 ?        00:00:00 C:
> \windows\temp\IXP000.TMP\LS_ISL~2.exe                              

> after killing those processes, I could not find ANY files in my windows/temp
> folder.. ( .wine/drive_c$/windows/temp )

> a google showed LS_ISL~1.exe, but not 2..
> I very rarely use wine for anything, and the last file changes in windows &
> Program Files is from December.

Yes, it looks like a malware first detected back on March 23rd and again around April 7th or 8th.




Also, it appeared to have downloaded twice, hence the '2' at the end  rather than a '1'.

IIRC, Wine "automagically" takes over for Windows executables, and the malware was likely therefore launched through an exploit in the browser; a telltale sign is that it was running from a Temp directory.

I doubt it did anything outside of hammer your CPU, however.  Still, I'd make sure there isn't anything new in the Wine startup (if there is one).