I was on msn, when I got an obvious message from someone with a worm, curious as I am and thinking I nothing could really happen in linux, I ran visited the link to see what would happen:
_http://www.hothotpics.com/photo8.php
Anyway I ran the processes which it tries to install (even from console) but they would die with an error:
Desktop$ wine "./doc.exe"
wine: could not load L"Z:\\home\\ffi\\Desktop\\doc.exe": Bad EXE format for
~/Desktop$ wine "./mon.exe"
wine: could not load L"Z:\\home\\ffi\\Desktop\\mon.exe": Bad EXE format for
I killed wineserver but then later a few hours later I noticed a process c:/windows/explorer.exe going crazy in the taskmanager, anyway I deleted the .wine dir, should I worry my system has been comprised or any private data leaked?
Full Version: I ran a worm in wine [solved]
I also did and then ctrl+c
$ wine ./photo8.com
and that process was still running also..
$ wine ./photo8.com
and that process was still running also..
Maybe you had more than one wineserver instances running? Anyway "killall wineserver" should suffice, unless wine is loaded as a service at system startup (this does happen in a few distros). The only thing you should check is if the windows executables you had downloaded in your /home directory are clean, there's nothing worse than that likely to have occured, unless you were running wine as root
I normally do:
for shutting wine down. But I'd have to say as long as you weren't running as root, you should be OK. Look for any ports listening for connections and reset your password. Although chances are, whatever it was will be trying to run in wine anyway since that was where it was launched.
CODE
wineserver -k
for shutting wine down. But I'd have to say as long as you weren't running as root, you should be OK. Look for any ports listening for connections and reset your password. Although chances are, whatever it was will be trying to run in wine anyway since that was where it was launched.
I was using feisty, don' t know if they have wine running at startup :s
what do you mean, they are malware of course?
But I really wonder what this explorer.exe process was doing, it was taking up *a lot* of cpu
QUOTE
The only thing you should check is if the windows executables you had downloaded in your /home directory are clean
what do you mean, they are malware of course?
But I really wonder what this explorer.exe process was doing, it was taking up *a lot* of cpu
QUOTE (ffi @ Jun 17 2007, 08:35 AM) 
I was using feisty, don' t know if they have wine running at startup :s
what do you mean, they are malware of course?
But I really wonder what this explorer.exe process was doing, it was taking up *a lot* of cpu
what do you mean, they are malware of course?
But I really wonder what this explorer.exe process was doing, it was taking up *a lot* of cpu
coulda been doing anything...
sending spam, participating in a botnet, ddos attacks, infecting documents...
maybe it might be good if you get one of those virus scanners for linux and make sure you've left no traces
James
nasty bugger, nod32 didnt even recognise it
QUOTE (ffi @ Jun 17 2007, 08:24 AM)
nasty bugger, nod32 didnt even recognise it
If you are still concerned about it, just install and run Clamav (or Klamav) from the repos.
no not really anymore, just curious... 
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.