[ale] windows virus?
Robert Reese
ale at sixit.com
Tue Jun 1 15:04:51 EDT 2010
Hello Paul,
Tuesday, June 1, 2010, 5:58:06 AM, you wrote:
> pbc 26683 1 0 May24 ? 00:00:00 C:
> \windows\temp\IXP000.TMP\LS_ISL~2.exe
> after killing those processes, I could not find ANY files in my windows/temp
> folder.. ( .wine/drive_c$/windows/temp )
> a google showed LS_ISL~1.exe, but not 2..
> I very rarely use wine for anything, and the last file changes in windows &
> Program Files is from December.
Yes, it looks like a malware first detected back on March 23rd and again around April 7th or 8th.
http://www.prevx.com/filenames/229273247370207858-X1/PRETEE~2.EXE.html
http://www.prevx.com/filenames/X2542718249228048748-X1/LS_ISL~1.EXE.html
http://www.oitc.com/winnow/clamsigs/pages/table60.html
Also, it appeared to have downloaded twice, hence the '2' at the end rather than a '1'.
IIRC, Wine "automagically" takes over for Windows executables, and the malware was likely therefore launched through an exploit in the browser; a telltale sign is that it was running from a Temp directory.
I doubt it did anything outside of hammer your CPU, however. Still, I'd make sure there isn't anything new in the Wine startup (if there is one).
Cheers,
Robert~
More information about the Ale
mailing list