I had 2 Win Trojans after installing Mono
- Inicie sesión o regístrese para enviar comentarios
So, I installed Mono so I would be able to run .Net applications.
I installed it from the main repositories. This was some days ago. Today I run ClamAv Antivirus and it found I had 2 files infected. One was in a root location. So I'm wondering if these could damage my sistem:
/home/james-saviour/Programmes/Games/Pokemon/ROM-Hackers-GBA-Tool-Pack/A-Ptch.zip: Win.Trojan.10483043-1 FOUND
/home/james-saviour/Programmes/Games/Pokemon/ROM-Hackers-GBA-Tool-Pack/Advance Text.zip: Win.Trojan.Agent-836840 FOUND
/home/james-saviour/.wine/drive_c/windows/mono/mono-2.0/bin/MonoPosixHelper-x86_64.dll: Win.Trojan.Agent-1429193 FOUND
/root/.wine/drive_c/windows/mono/mono-2.0/bin/MonoPosixHelper-x86_64.dll: Win.Trojan.Agent-1429193 FOUND
And this, which I don't know what it is (Spyware?):
/usr/share/doc/python-libxml2/examples/reader2.py: Xml.Exploit.CVE_2013_3860-1 FOUND
You should never run Wine as root. What .NET programs did you run?
As for reader2.py, that is in /usr/share/doc, so it won't be run (unless you do it manually of course). It looks like it's some example code to demonstrate the usage of libxml in Python, so don't worry about it.
I never run any programme as root unless it's to install new software, but apparently, I did.
And apparently, it's a ClamAv issue, rather. I found this:
http://r.virscan.org/report/4621a61590b1baedba405dfe10d68675
I ran some .net programmes a friend of mine created to modify gba rom files. I am helping him test these programmes. Apparently ClamAv detects them as Trojans. After doing some research, it seems it wasn't a trojan. I deleted it manually already, though...
http://r.virscan.org/report/4621a61590b1baedba405dfe10d68675
- Inicie sesión o regístrese para enviar comentarios