virus?

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read this

virus?

Postby anselm on Tue Nov 28, 2006 12:06 am

Installed Aegis virius scanner and had it scan my entire drive to see if anything would happen, to my suprise :shock:

File is infected!

The file //usr/lib/codecs/vp31vfw.dll is infected with the W32/Magistr.a@MM virus!

this is a windows only virius, but I was wonder could I spread this to windows machines? That is if the scanner is reporting right.
anselm
Level 1
Level 1
 
Posts: 15
Joined: Sat Nov 18, 2006 10:24 am

Linux Mint is funded by ads and donations.
 

Postby Fragadelic on Tue Nov 28, 2006 10:15 am

The only way that could spread to windows is if you linked that library with a windows program which won't happen.
User avatar
Fragadelic
Level 4
Level 4
 
Posts: 469
Joined: Wed Nov 15, 2006 11:05 am
Location: Canada

Postby rlozano on Wed Dec 20, 2006 9:15 am

that should not harm you at all..... :)
User avatar
rlozano
Level 2
Level 2
 
Posts: 67
Joined: Tue Dec 19, 2006 7:57 am

Postby Matthyis on Fri Jul 06, 2007 3:01 pm

will this harm virtual box I'm not running a dule boot but I do run virtual box sometimes ?
Matthyis
Level 1
Level 1
 
Posts: 4
Joined: Tue Jun 26, 2007 1:54 pm

Postby frank392 on Fri Jul 06, 2007 3:35 pm

Hi
I have just install aegis and I have the same virus, I do not think it is a virus.
this is my error message
The file /home/frank/.cxoffice/win98/drive_c/Windows/msdownld.tmp/AS01E72B.tmp/advpack.dll is infected with the W32/Magistr.a@MM virus!


it is a virus and worm:
http://vil.nai.com/vil/content/v_99040.htm
I have no idea how my computer got it. but it is in my crossover office
frank392
Level 4
Level 4
 
Posts: 353
Joined: Wed Nov 22, 2006 1:29 pm

Postby scorp123 on Fri Jul 06, 2007 4:49 pm

frank392 wrote: I have no idea how my computer got it. but it is in my crossover office
Guessing from this: " ... /home/frank/.cxoffice/win98/drive_c/Windows/msdownld.tmp/AS01E72B.tmp/ ..." I would assume you maybe have MS Office or MSIE in CrossOver and that you downloaded something ... or maybe just surfed the web? Voila. It got infected and downloaded the worm. It can't do any harm to your Linux programs, but any Windows *.EXE file inside CrossOver might get infected too.
User avatar
scorp123
Level 8
Level 8
 
Posts: 2287
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Postby Matthyis on Fri Jul 06, 2007 5:11 pm

will this affect virtual box? will it inject it

also I know how I got this virus as well but its a windows virus I just was shocked it came up I seen it before on my system so but the path was

The file //usr/lib/codecs/vp31vfw.dll is infected with the W32/Magistr.a@MM virus!
Matthyis
Level 1
Level 1
 
Posts: 4
Joined: Tue Jun 26, 2007 1:54 pm

Postby frank392 on Fri Jul 06, 2007 6:12 pm

Hi Scorp,
thank you for you reply, and yes I do have MSIE not because I want to but a program that I use to do my cd labels needs it, in order to install. the weird thing is that I would never use MSIE to surf the web. that is why I was wondering how those file got infected.
thanks
Frank
frank392
Level 4
Level 4
 
Posts: 353
Joined: Wed Nov 22, 2006 1:29 pm

Postby scorp123 on Fri Jul 06, 2007 7:31 pm

Matthyis wrote:The file //usr/lib/codecs/vp31vfw.dll is infected with the W32/Magistr.a@MM virus!
You probably got that one via the w32-codecs package which is needed to playback some closed-source formats. Some of those files originate from Windows and probably one file was infected somehow and got into the package. The guy who packed it (probably some MPlayer developer??) could have done a better job at scanning this stuff .... But then again: Why? The virus won't do anything.

The virus will sit there for all eternity and wait for prey ... in vain. It is a Windows virus, there is no way it could do any harm to any Linux executable (the binary formats are drastically different). Even if it could do harm to any Linux programs, the file permissions would stop it dead in its tracks. BTW, as far as I know the codecs and those DLL's are only used by programs such as VLC and MPlayer to interpret the info on how to open certain closed-source media formats ... that DLL never ever gets executed per se, so it can't infect your Linux system or any neighbouring system in any way.

So for as long as you don't put that infected file on a Windows machine (e.g. via a network share) the virus will sit there frozen for all eternity ... it can't go anywhere on your Linux system and it poses no threat whatsoever.
User avatar
scorp123
Level 8
Level 8
 
Posts: 2287
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Postby scorp123 on Fri Jul 06, 2007 7:33 pm

Matthyis wrote:will this affect virtual box?
VirtualBox itself won't be hurt ... but the virtual OS running inside could be very well infected.

In our company we used VMware and VirtualBox to infect virtual Windows machines with backdoors, trojans and viruses for testing purposes and to see how quickly they spread from one virtual Windows to the other (the virtual Windows machines were setup so that they would be in the same virtual LAN).

So yes, if you have a virtual Windows inside VirtualBox it can be attacked by viruses, just like a real Windows installation.
User avatar
scorp123
Level 8
Level 8
 
Posts: 2287
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Postby Matthyis on Fri Jul 06, 2007 9:56 pm

cool thanks for the peace of mind I guess this is a good file to test a virus scanner
I guess but anyway thanks agine








Linux Mint Bea
Matthyis
Level 1
Level 1
 
Posts: 4
Joined: Tue Jun 26, 2007 1:54 pm

Postby mrreality13 on Wed Jul 18, 2007 5:00 pm

scorp123 wrote:
Matthyis wrote:will this affect virtual box?
VirtualBox itself won't be hurt ... but the virtual OS running inside could be very well infected.

In our company we used VMware and VirtualBox to infect virtual Windows machines with backdoors, trojans and viruses for testing purposes and to see how quickly they spread from one virtual Windows to the other (the virtual Windows machines were setup so that they would be in the same virtual LAN).

So yes, if you have a virtual Windows inside VirtualBox it can be attacked by viruses, just like a real Windows installation.


on a much lighter note could this become a PC with a split personality? :roll: :wink: J/K
mrreality13
Level 1
Level 1
 
Posts: 22
Joined: Wed Apr 11, 2007 9:09 pm

Linux Mint is funded by ads and donations.
 

Return to Other topics

Who is online

Users browsing this forum: No registered users and 4 guests