Jump to content

I ran a worm in wine [solved]

ffi

By ffi
in Security

 Share

Recommended Posts

ffi Mandriva Guru

ffi

Posted
Posted

I was on msn, when I got an obvious message from someone with a worm, curious as I am and thinking I nothing could really happen in linux, I ran visited the link to see what would happen:

 

_http://www.hothotpics.com/photo8.php

 

Anyway I ran the processes which it tries to install (even from console) but they would die with an error:

 

Desktop$ wine "./doc.exe"

wine: could not load L"Z:\\home\\ffi\\Desktop\\doc.exe": Bad EXE format for

 

~/Desktop$ wine "./mon.exe"

wine: could not load L"Z:\\home\\ffi\\Desktop\\mon.exe": Bad EXE format for

 

I killed wineserver but then later a few hours later I noticed a process c:/windows/explorer.exe going crazy in the taskmanager, anyway I deleted the .wine dir, should I worry my system has been comprised or any private data leaked?

Link to comment
Share on other sites
scarecrow Platinum

scarecrow

Posted
Posted (edited)

Maybe you had more than one wineserver instances running? Anyway "killall wineserver" should suffice, unless wine is loaded as a service at system startup (this does happen in a few distros). The only thing you should check is if the windows executables you had downloaded in your /home directory are clean, there's nothing worse than that likely to have occured, unless you were running wine as root

Edited by scarecrow
Link to comment
Share on other sites
ianw1974 Platinum

ianw1974

Posted
Posted

I normally do:

 

wineserver -k

 

for shutting wine down. But I'd have to say as long as you weren't running as root, you should be OK. Look for any ports listening for connections and reset your password. Although chances are, whatever it was will be trying to run in wine anyway since that was where it was launched.

Link to comment
Share on other sites
ffi Mandriva Guru

ffi

Posted
  • Author
Posted

I was using feisty, don' t know if they have wine running at startup :s

 

The only thing you should check is if the windows executables you had downloaded in your /home directory are clean

 

what do you mean, they are malware of course?

 

 

But I really wonder what this explorer.exe process was doing, it was taking up *a lot* of cpu

Link to comment
Share on other sites
iphitus Mandriva Guru

iphitus

Posted
Posted
I was using feisty, don' t know if they have wine running at startup :s

what do you mean, they are malware of course?

But I really wonder what this explorer.exe process was doing, it was taking up *a lot* of cpu

 

coulda been doing anything...

 

sending spam, participating in a botnet, ddos attacks, infecting documents...

 

maybe it might be good if you get one of those virus scanners for linux and make sure you've left no traces :)

 

James

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...