ffi Posted June 16, 2007 Report Share Posted June 16, 2007 I was on msn, when I got an obvious message from someone with a worm, curious as I am and thinking I nothing could really happen in linux, I ran visited the link to see what would happen: _http://www.hothotpics.com/photo8.php Anyway I ran the processes which it tries to install (even from console) but they would die with an error: Desktop$ wine "./doc.exe" wine: could not load L"Z:\\home\\ffi\\Desktop\\doc.exe": Bad EXE format for ~/Desktop$ wine "./mon.exe" wine: could not load L"Z:\\home\\ffi\\Desktop\\mon.exe": Bad EXE format for I killed wineserver but then later a few hours later I noticed a process c:/windows/explorer.exe going crazy in the taskmanager, anyway I deleted the .wine dir, should I worry my system has been comprised or any private data leaked? Quote Link to comment Share on other sites More sharing options...
ffi Posted June 16, 2007 Author Report Share Posted June 16, 2007 I also did and then ctrl+c $ wine ./photo8.com and that process was still running also.. Quote Link to comment Share on other sites More sharing options...
scarecrow Posted June 16, 2007 Report Share Posted June 16, 2007 (edited) Maybe you had more than one wineserver instances running? Anyway "killall wineserver" should suffice, unless wine is loaded as a service at system startup (this does happen in a few distros). The only thing you should check is if the windows executables you had downloaded in your /home directory are clean, there's nothing worse than that likely to have occured, unless you were running wine as root Edited June 16, 2007 by scarecrow Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted June 16, 2007 Report Share Posted June 16, 2007 I normally do: wineserver -k for shutting wine down. But I'd have to say as long as you weren't running as root, you should be OK. Look for any ports listening for connections and reset your password. Although chances are, whatever it was will be trying to run in wine anyway since that was where it was launched. Quote Link to comment Share on other sites More sharing options...
ffi Posted June 16, 2007 Author Report Share Posted June 16, 2007 I was using feisty, don' t know if they have wine running at startup :s The only thing you should check is if the windows executables you had downloaded in your /home directory are clean what do you mean, they are malware of course? But I really wonder what this explorer.exe process was doing, it was taking up *a lot* of cpu Quote Link to comment Share on other sites More sharing options...
iphitus Posted June 16, 2007 Report Share Posted June 16, 2007 I was using feisty, don' t know if they have wine running at startup :swhat do you mean, they are malware of course? But I really wonder what this explorer.exe process was doing, it was taking up *a lot* of cpu coulda been doing anything... sending spam, participating in a botnet, ddos attacks, infecting documents... maybe it might be good if you get one of those virus scanners for linux and make sure you've left no traces :) James Quote Link to comment Share on other sites More sharing options...
ffi Posted June 17, 2007 Author Report Share Posted June 17, 2007 nasty bugger, nod32 didnt even recognise it Quote Link to comment Share on other sites More sharing options...
Greg2 Posted June 17, 2007 Report Share Posted June 17, 2007 nasty bugger, nod32 didnt even recognise it If you are still concerned about it, just install and run Clamav (or Klamav) from the repos. Quote Link to comment Share on other sites More sharing options...
ffi Posted June 17, 2007 Author Report Share Posted June 17, 2007 no not really anymore, just curious... B) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.