[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] windows virus?



On Tue June 1 2010, Robert Reese wrote:
> Yes, it looks like a malware first detected back on March 23rd and again
> around April 7th or 8th.
>
> http://www.prevx.com/filenames/229273247370207858-X1/PRETEE~2.EXE.html
>
>
> http://www.prevx.com/filenames/X2542718249228048748-X1/LS_ISL~1.EXE.html
>
>
> http://www.oitc.com/winnow/clamsigs/pages/table60.html
>
>
>
> Also, it appeared to have downloaded twice, hence the '2' at the end
> ?rather than a '1'.

i saw the google links to ~1, didn't think about it having downloaded twice..
>
> IIRC, Wine "automagically" takes over for Windows executables, and the
> malware was likely therefore launched through an exploit in the browser; a
> telltale sign is that it was running from a Temp directory.
when I went back, the temp directory was empty, but I had already killed the 
~2.exe process..
>
> I doubt it did anything outside of hammer your CPU, however. ?Still, I'd
> make sure there isn't anything new in the Wine startup (if there is one).

wine startup... hmm... not sure what that would be...

-- 
Paul Cartwright
Registered Linux user # 367800
Registered Ubuntu User #12459
http://usdebtclock.org/