----- Mensaje reenviado -----
De: Jota Pe <jotape1...@yahoo.com>
Para: "clamav-users@lists.clamav.net" <clamav-users@lists.clamav.net>
Enviado: Domingo, 17 de enero, 2016 12:44:23
Asunto: Is it a real attack?
I performed a ClamAV scan of all my desktop PC and the result tells me about
some possible infections.
As the before mail didn't include the attachement, I copy and paste the log
file:
-----------------------------------------------------------------------------------------------
ClamTk, v5.19
Sun Jan 17 12:30:53 2016
Definiciones de ClamAV: 4227609
Carpetas analizadas:
/home/jjpg/.cache/winetricks/comctl32
/home/jjpg/.cache/winetricks/windowscodecs
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v1.1.4322
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v2.0.50727
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v4.0.30319
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/bin
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/2.0
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.0
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.5
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/en_us
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Flash
Player/AddIns/airappinstaller
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe AIR/Versions/1.0
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe
AIR/Versions/1.0/Resources
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple
Application Support
/home/jjpg/.wine/drive_c/Program Files (x86)/Elica56/System
/home/jjpg/.wine/drive_c/Program Files (x86)/QuickTime
/home/jjpg/.wine/drive_c/Program Files (x86)/QuickTime/QTSystem
/home/jjpg/.wine/drive_c/Program Files (x86)/ZaraSoft/ZaraRadio
/home/jjpg/.wine/drive_c/users/Public/Application Data/Apple/Installer
Cache/AppleApplicationSupport 2.3.6
/home/jjpg/.wine/drive_c/users/jjpg/Application Data/Macromedia/Flash
Player/www.macromedia.com/bin/airappinstaller
/home/jjpg/.wine/drive_c/users/jjpg/Local Settings/Temporary Internet
Files/Content.IE5/OPWK71SZ
/home/jjpg/.wine/drive_c/windows/Installer
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v1.1.4322
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v2.0.50727
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v4.0.30319
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/bin
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/2.0
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.0
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.5
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/gac/Novell.Directory.Ldap/2.0.0.0__0738eb9f132ed756
/home/jjpg/.wine/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef
/home/jjpg/.wine/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef
/lib/firmware/vxge
/opt/wine-devel/lib/wine/fakedlls
/opt/wine-devel/lib64/wine/fakedlls
/opt/wine-staging/lib64/wine/fakedlls
/usr/lib/mono/4.0
/usr/lib/mono/4.5
/usr/lib/python2.7/dist-packages/pyclamd
/usr/lib/python3/dist-packages/pyclamd/__pycache__
/usr/share/doc/slv2
/usr/share/mime
/usr/share/spamassassin
/usr/share/wine-gecko
/usr/share/wine/gecko
Encontrados 67 posibles amenazas (283770 archivos analizado).
/usr/share/mime/mime.cache
PUA.Win.Exploit.CVE_2012_0110
/usr/share/wine-gecko/wine_gecko-2.21-x86_64.msi
PUA.Win32.Packer.PrivateExeProte-7
/usr/lib/python2.7/dist-packages/pyclamd/pyclamd.pyc
Eicar-Test-Signature-1
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/bin/MonoPosixHelper-x86_64.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.0/mscorlib.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/2.0/mscorlib.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.5/mscorlib.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.5/monop.exe
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v1.1.4322/mscorlib.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll
PUA.Win32.Packer.PrivateExeProte-7
/usr/share/wine-gecko/wine_gecko-2.21-x86.msi
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.cache/winetricks/comctl32/cc32inst.exe
PUA.Win32.Packer.Winzip-1
/home/jjpg/.cache/winetricks/windowscodecs/wic_x86_enu.exe
PUA.Win32.Packer.Msvcpp
/home/jjpg/.wine/drive_c/users/jjpg/Application Data/Macromedia/Flash
Player/www.macromedia.com/bin/airappinstaller/airappinstaller.exe
PUA.Win32.Packer.SetupExeSection
/home/jjpg/.wine/drive_c/users/jjpg/Local Settings/Temporary Internet
Files/Content.IE5/OPWK71SZ/update[1]
PUA.Win32.Packer.SetupExeSection
/home/jjpg/.wine/drive_c/users/jjpg/Local Settings/Temporary Internet
Files/Content.IE5/OPWK71SZ/update[0]
PUA.Win32.Packer.SetupExeSection
/home/jjpg/.wine/drive_c/users/Public/Application Data/Apple/Installer
Cache/AppleApplicationSupport 2.3.6/AppleApplicationSupport.msi
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/bin/MonoPosixHelper-x86_64.dll
PUA.Win32.Packer.PrivateExeProte-7
/usr/share/doc/slv2/jquery.js
PUA.HTML.Exploit.CVE_2014_0322
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.0/mscorlib.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/2.0/mscorlib.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/gac/Novell.Directory.Ldap/2.0.0.0__0738eb9f132ed756/Novell.Directory.Ldap.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.5/mscorlib.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.5/monop.exe
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/Installer/8ff4.msi
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/Installer/8d09.msi
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v1.1.4322/mscorlib.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
PUA.Win32.Packer.PrivateExeProte-7
/usr/share/spamassassin/72_active.cf
PUA.Phishing.Bank
/home/jjpg/.wine/drive_c/Program Files (x86)/Elica56/System/borlndmm.dll
PUA.Win32.Packer.BorlandDelphi-13
/home/jjpg/.wine/drive_c/Program Files (x86)/Elica56/System/Elica.exe
PUA.Win32.Packer.BorlandDelphi-14
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition
1.5/en_us/multitap.dll
PUA.Win32.Packer.Starforce-1
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition
1.5/en_us/sweeper.dll
PUA.Win32.Packer.Starforce-1
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/en_us/para.dll
PUA.Win32.Packer.Starforce-1
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/Audition.exe
PUA.Win32.Packer.Upx-28
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/Voc.flt
PUA.Win32.Packer.CreativeAudioFi
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Flash
Player/AddIns/airappinstaller/airappinstaller.exe
PUA.Win32.Packer.SetupExeSection
/home/jjpg/.wine/drive_c/Program Files (x86)/ZaraSoft/ZaraRadio/ZaraRadio.exe
PUA.Win32.Packer.Devcpp
/home/jjpg/.wine/drive_c/Program Files
(x86)/QuickTime/QTSystem/QuickTimeUpdateHelper.exe
PUA.Win32.Packer.SetupExeSection
/usr/share/wine/gecko/wine_gecko-2.21-x86.msi
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/Program Files (x86)/QuickTime/PictureViewer.exe
PUA.Packed.Armadillo-1
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple
Application Support/libicuuc.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple
Application Support/libicuin.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple
Application Support/icudt46.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe
AIR/Versions/1.0/Resources/airappinstaller.exe
PUA.Win32.Packer.SetupExeSection
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe
AIR/Versions/1.0/Resources/WebKit.dll
PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe
AIR/Versions/1.0/Resources/Adobe AIR Updater.exe
PUA.Win32.Packer.SetupExeSection
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe
AIR/Versions/1.0/Adobe AIR Application Installer.exe
PUA.Win32.Packer.SetupExeSection
/opt/wine-devel/lib64/wine/fakedlls/comctl32.dll
PUA.Win32.Packer.PrivateExeProte-7
/opt/wine-devel/lib64/wine/fakedlls/clock.exe
PUA.Win32.Packer.PrivateExeProte-7
/usr/lib/python3/dist-packages/pyclamd/__pycache__/pyclamd.cpython-35.pyc
Eicar-Test-Signature-1
/opt/wine-devel/lib64/wine/fakedlls/user32.dll
PUA.Win32.Packer.PrivateExeProte-7
/opt/wine-devel/lib/wine/fakedlls/comctl32.dll
PUA.Win32.Packer.PrivateExeProte-7
/opt/wine-devel/lib/wine/fakedlls/clock.exe
PUA.Win32.Packer.PrivateExeProte-7
/opt/wine-devel/lib/wine/fakedlls/user32.dll
PUA.Win32.Packer.PrivateExeProte-7
/opt/wine-staging/lib64/wine/fakedlls/comctl32.dll
PUA.Win32.Packer.PrivateExeProte-7
/opt/wine-staging/lib64/wine/fakedlls/clock.exe
PUA.Win32.Packer.PrivateExeProte-7
/opt/wine-staging/lib64/wine/fakedlls/user32.dll
PUA.Win32.Packer.PrivateExeProte-7
/usr/lib/python3/dist-packages/pyclamd/__pycache__/pyclamd.cpython-34.pyc
Eicar-Test-Signature-1
/usr/lib/mono/4.0/mscorlib.dll
PUA.Win32.Packer.PrivateExeProte-7
/usr/lib/mono/4.5/mscorlib.dll
PUA.Win32.Packer.PrivateExeProte-7
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many? ???
Is it a real attack? or False positive? ???
Thanks a lot for your time!!!
Greetings and Blessings from Chile!!!!!!!
Juan
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
