[clamav-users] Rv: Is it a real attack?

Jota Pe jotape1960 at yahoo.com
Tue Jan 19 15:10:18 EST 2016


 

     ----- Mensaje reenviado -----
 De: Jota Pe <jotape1960 at yahoo.com>
 Para: "clamav-users at lists.clamav.net" <clamav-users at lists.clamav.net> 
 Enviado: Domingo, 17 de enero, 2016 12:44:23
 Asunto: Is it a real attack?
   
I performed a ClamAV scan of all my desktop PC and the result tells me about some possible infections.
As the before mail didn't include the attachement, I copy and paste the log file:
-----------------------------------------------------------------------------------------------

ClamTk, v5.19
Sun Jan 17 12:30:53 2016
Definiciones de ClamAV: 4227609
Carpetas analizadas:
/home/jjpg/.cache/winetricks/comctl32
/home/jjpg/.cache/winetricks/windowscodecs
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v1.1.4322
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v2.0.50727
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v4.0.30319
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/bin
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/2.0
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.0
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.5
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/en_us
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Flash Player/AddIns/airappinstaller
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe AIR/Versions/1.0
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe AIR/Versions/1.0/Resources
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple Application Support
/home/jjpg/.wine/drive_c/Program Files (x86)/Elica56/System
/home/jjpg/.wine/drive_c/Program Files (x86)/QuickTime
/home/jjpg/.wine/drive_c/Program Files (x86)/QuickTime/QTSystem
/home/jjpg/.wine/drive_c/Program Files (x86)/ZaraSoft/ZaraRadio
/home/jjpg/.wine/drive_c/users/Public/Application Data/Apple/Installer Cache/AppleApplicationSupport 2.3.6
/home/jjpg/.wine/drive_c/users/jjpg/Application Data/Macromedia/Flash Player/www.macromedia.com/bin/airappinstaller
/home/jjpg/.wine/drive_c/users/jjpg/Local Settings/Temporary Internet Files/Content.IE5/OPWK71SZ
/home/jjpg/.wine/drive_c/windows/Installer
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v1.1.4322
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v2.0.50727
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v4.0.30319
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/bin
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/2.0
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.0
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.5
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/gac/Novell.Directory.Ldap/2.0.0.0__0738eb9f132ed756
/home/jjpg/.wine/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef
/home/jjpg/.wine/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef
/lib/firmware/vxge
/opt/wine-devel/lib/wine/fakedlls
/opt/wine-devel/lib64/wine/fakedlls
/opt/wine-staging/lib64/wine/fakedlls
/usr/lib/mono/4.0
/usr/lib/mono/4.5
/usr/lib/python2.7/dist-packages/pyclamd
/usr/lib/python3/dist-packages/pyclamd/__pycache__
/usr/share/doc/slv2
/usr/share/mime
/usr/share/spamassassin
/usr/share/wine-gecko
/usr/share/wine/gecko

Encontrados 67 posibles amenazas (283770 archivos analizado).

/usr/share/mime/mime.cache                                                                                                                                                       PUA.Win.Exploit.CVE_2012_0110          
/usr/share/wine-gecko/wine_gecko-2.21-x86_64.msi                                                                                                                                 PUA.Win32.Packer.PrivateExeProte-7     
/usr/lib/python2.7/dist-packages/pyclamd/pyclamd.pyc                                                                                                                             Eicar-Test-Signature-1                 
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll        PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll      PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/bin/MonoPosixHelper-x86_64.dll                                                                  PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.0/mscorlib.dll                                                                       PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/2.0/mscorlib.dll                                                                       PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.5/mscorlib.dll                                                                       PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.5/monop.exe                                                                          PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v1.1.4322/mscorlib.dll                                                                PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll                                                               PUA.Win32.Packer.PrivateExeProte-7     
/usr/share/wine-gecko/wine_gecko-2.21-x86.msi                                                                                                                                    PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll                                                               PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.cache/winetricks/comctl32/cc32inst.exe                                                                                                                               PUA.Win32.Packer.Winzip-1              
/home/jjpg/.cache/winetricks/windowscodecs/wic_x86_enu.exe                                                                                                                       PUA.Win32.Packer.Msvcpp                
/home/jjpg/.wine/drive_c/users/jjpg/Application Data/Macromedia/Flash Player/www.macromedia.com/bin/airappinstaller/airappinstaller.exe                                          PUA.Win32.Packer.SetupExeSection       
/home/jjpg/.wine/drive_c/users/jjpg/Local Settings/Temporary Internet Files/Content.IE5/OPWK71SZ/update[1]                                                                       PUA.Win32.Packer.SetupExeSection       
/home/jjpg/.wine/drive_c/users/jjpg/Local Settings/Temporary Internet Files/Content.IE5/OPWK71SZ/update[0]                                                                       PUA.Win32.Packer.SetupExeSection       
/home/jjpg/.wine/drive_c/users/Public/Application Data/Apple/Installer Cache/AppleApplicationSupport 2.3.6/AppleApplicationSupport.msi                                           PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll                                          PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll                                        PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/bin/MonoPosixHelper-x86_64.dll                                                                                                    PUA.Win32.Packer.PrivateExeProte-7     
/usr/share/doc/slv2/jquery.js                                                                                                                                                    PUA.HTML.Exploit.CVE_2014_0322         
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.0/mscorlib.dll                                                                                                         PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/2.0/mscorlib.dll                                                                                                         PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/gac/Novell.Directory.Ldap/2.0.0.0__0738eb9f132ed756/Novell.Directory.Ldap.dll                                            PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.5/mscorlib.dll                                                                                                         PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.5/monop.exe                                                                                                            PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/windows/Installer/8ff4.msi                                                                                                                              PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/windows/Installer/8d09.msi                                                                                                                              PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v1.1.4322/mscorlib.dll                                                                                                  PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll                                                                                                 PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll                                                                                                 PUA.Win32.Packer.PrivateExeProte-7     
/usr/share/spamassassin/72_active.cf                                                                                                                                             PUA.Phishing.Bank                      
/home/jjpg/.wine/drive_c/Program Files (x86)/Elica56/System/borlndmm.dll                                                                                                         PUA.Win32.Packer.BorlandDelphi-13      
/home/jjpg/.wine/drive_c/Program Files (x86)/Elica56/System/Elica.exe                                                                                                            PUA.Win32.Packer.BorlandDelphi-14      
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/en_us/multitap.dll                                                                                               PUA.Win32.Packer.Starforce-1           
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/en_us/sweeper.dll                                                                                                PUA.Win32.Packer.Starforce-1           
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/en_us/para.dll                                                                                                   PUA.Win32.Packer.Starforce-1           
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/Audition.exe                                                                                                     PUA.Win32.Packer.Upx-28                
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/Voc.flt                                                                                                          PUA.Win32.Packer.CreativeAudioFi       
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Flash Player/AddIns/airappinstaller/airappinstaller.exe                                                                       PUA.Win32.Packer.SetupExeSection       
/home/jjpg/.wine/drive_c/Program Files (x86)/ZaraSoft/ZaraRadio/ZaraRadio.exe                                                                                                    PUA.Win32.Packer.Devcpp                
/home/jjpg/.wine/drive_c/Program Files (x86)/QuickTime/QTSystem/QuickTimeUpdateHelper.exe                                                                                        PUA.Win32.Packer.SetupExeSection       
/usr/share/wine/gecko/wine_gecko-2.21-x86.msi                                                                                                                                    PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/Program Files (x86)/QuickTime/PictureViewer.exe                                                                                                         PUA.Packed.Armadillo-1                 
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple Application Support/libicuuc.dll                                                                           PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple Application Support/libicuin.dll                                                                           PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple Application Support/icudt46.dll                                                                            PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe AIR/Versions/1.0/Resources/airappinstaller.exe                                                                   PUA.Win32.Packer.SetupExeSection       
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe AIR/Versions/1.0/Resources/WebKit.dll                                                                            PUA.Win32.Packer.PrivateExeProte-7     
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe AIR/Versions/1.0/Resources/Adobe AIR Updater.exe                                                                 PUA.Win32.Packer.SetupExeSection       
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe AIR/Versions/1.0/Adobe AIR Application Installer.exe                                                             PUA.Win32.Packer.SetupExeSection       
/opt/wine-devel/lib64/wine/fakedlls/comctl32.dll                                                                                                                                 PUA.Win32.Packer.PrivateExeProte-7     
/opt/wine-devel/lib64/wine/fakedlls/clock.exe                                                                                                                                    PUA.Win32.Packer.PrivateExeProte-7     
/usr/lib/python3/dist-packages/pyclamd/__pycache__/pyclamd.cpython-35.pyc                                                                                                        Eicar-Test-Signature-1                 
/opt/wine-devel/lib64/wine/fakedlls/user32.dll                                                                                                                                   PUA.Win32.Packer.PrivateExeProte-7     
/opt/wine-devel/lib/wine/fakedlls/comctl32.dll                                                                                                                                   PUA.Win32.Packer.PrivateExeProte-7     
/opt/wine-devel/lib/wine/fakedlls/clock.exe                                                                                                                                      PUA.Win32.Packer.PrivateExeProte-7     
/opt/wine-devel/lib/wine/fakedlls/user32.dll                                                                                                                                     PUA.Win32.Packer.PrivateExeProte-7     
/opt/wine-staging/lib64/wine/fakedlls/comctl32.dll                                                                                                                               PUA.Win32.Packer.PrivateExeProte-7     
/opt/wine-staging/lib64/wine/fakedlls/clock.exe                                                                                                                                  PUA.Win32.Packer.PrivateExeProte-7     
/opt/wine-staging/lib64/wine/fakedlls/user32.dll                                                                                                                                 PUA.Win32.Packer.PrivateExeProte-7     
/usr/lib/python3/dist-packages/pyclamd/__pycache__/pyclamd.cpython-34.pyc                                                                                                        Eicar-Test-Signature-1                 
/usr/lib/mono/4.0/mscorlib.dll                                                                                                                                                   PUA.Win32.Packer.PrivateExeProte-7     
/usr/lib/mono/4.5/mscorlib.dll                                                                                                                                                   PUA.Win32.Packer.PrivateExeProte-7     


----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

How many? ???
Is it a real attack? or False positive? ???
Thanks a lot for your time!!!
Greetings and Blessings from Chile!!!!!!!
Juan


   


More information about the clamav-users mailing list