Another report of malware running on Wine
Pavel Troller
patrol at sinus.cz
Tue Jan 30 01:52:58 CST 2007
Hi!
This weekend my son downloaded a trojan masking as keygen for a Symbian
mobile application. After running a trojan, a tooltip in the systray appeared
saying something like "Your computer is infected". After that, I inspected his
.wine directory.
There were many files added in various directories (system32, windows, even
root of c:, they were partly .exe, partly .dll, ane one even .htm :-). I looked
it in the web browser and it displayed a page saying that my comp is full of
malware, spyware and various other *ware and that the only cure is to download
a specialized application from them :-). They tried to make me shocked by
displaying something that "THEY know that your computer has IP address <my real
IP ADDRESS>, you are using Windows XP (hahaha) and your browser is MSIE 6
(hahahaha). However, this page was not displayed by the trojan, so I think that
something has failed in it and it was unable to fire the formerly mentioned
MSIE6 :-). Two unknown processes were permanently running by wine. After
cleaning all this mess, normal wine operation has been fully restored.
With regards, Pavel Troller
More information about the wine-devel
mailing list