[clamav-users] Rv: Is it a real attack?
Jota Pe
jotape1960 at yahoo.com
Tue Jan 19 15:10:18 EST 2016
----- Mensaje reenviado -----
De: Jota Pe <jotape1960 at yahoo.com>
Para: "clamav-users at lists.clamav.net" <clamav-users at lists.clamav.net>
Enviado: Domingo, 17 de enero, 2016 12:44:23
Asunto: Is it a real attack?
I performed a ClamAV scan of all my desktop PC and the result tells me about some possible infections.
As the before mail didn't include the attachement, I copy and paste the log file:
-----------------------------------------------------------------------------------------------
ClamTk, v5.19
Sun Jan 17 12:30:53 2016
Definiciones de ClamAV: 4227609
Carpetas analizadas:
/home/jjpg/.cache/winetricks/comctl32
/home/jjpg/.cache/winetricks/windowscodecs
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v1.1.4322
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v2.0.50727
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v4.0.30319
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/bin
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/2.0
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.0
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.5
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/en_us
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Flash Player/AddIns/airappinstaller
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe AIR/Versions/1.0
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe AIR/Versions/1.0/Resources
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple Application Support
/home/jjpg/.wine/drive_c/Program Files (x86)/Elica56/System
/home/jjpg/.wine/drive_c/Program Files (x86)/QuickTime
/home/jjpg/.wine/drive_c/Program Files (x86)/QuickTime/QTSystem
/home/jjpg/.wine/drive_c/Program Files (x86)/ZaraSoft/ZaraRadio
/home/jjpg/.wine/drive_c/users/Public/Application Data/Apple/Installer Cache/AppleApplicationSupport 2.3.6
/home/jjpg/.wine/drive_c/users/jjpg/Application Data/Macromedia/Flash Player/www.macromedia.com/bin/airappinstaller
/home/jjpg/.wine/drive_c/users/jjpg/Local Settings/Temporary Internet Files/Content.IE5/OPWK71SZ
/home/jjpg/.wine/drive_c/windows/Installer
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v1.1.4322
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v2.0.50727
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v4.0.30319
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/bin
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/2.0
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.0
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.5
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/gac/Novell.Directory.Ldap/2.0.0.0__0738eb9f132ed756
/home/jjpg/.wine/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef
/home/jjpg/.wine/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef
/lib/firmware/vxge
/opt/wine-devel/lib/wine/fakedlls
/opt/wine-devel/lib64/wine/fakedlls
/opt/wine-staging/lib64/wine/fakedlls
/usr/lib/mono/4.0
/usr/lib/mono/4.5
/usr/lib/python2.7/dist-packages/pyclamd
/usr/lib/python3/dist-packages/pyclamd/__pycache__
/usr/share/doc/slv2
/usr/share/mime
/usr/share/spamassassin
/usr/share/wine-gecko
/usr/share/wine/gecko
Encontrados 67 posibles amenazas (283770 archivos analizado).
/usr/share/mime/mime.cache PUA.Win.Exploit.CVE_2012_0110
/usr/share/wine-gecko/wine_gecko-2.21-x86_64.msi PUA.Win32.Packer.PrivateExeProte-7
/usr/lib/python2.7/dist-packages/pyclamd/pyclamd.pyc Eicar-Test-Signature-1
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/bin/MonoPosixHelper-x86_64.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.0/mscorlib.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/2.0/mscorlib.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.5/mscorlib.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.5/monop.exe PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v1.1.4322/mscorlib.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll PUA.Win32.Packer.PrivateExeProte-7
/usr/share/wine-gecko/wine_gecko-2.21-x86.msi PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.cache/winetricks/comctl32/cc32inst.exe PUA.Win32.Packer.Winzip-1
/home/jjpg/.cache/winetricks/windowscodecs/wic_x86_enu.exe PUA.Win32.Packer.Msvcpp
/home/jjpg/.wine/drive_c/users/jjpg/Application Data/Macromedia/Flash Player/www.macromedia.com/bin/airappinstaller/airappinstaller.exe PUA.Win32.Packer.SetupExeSection
/home/jjpg/.wine/drive_c/users/jjpg/Local Settings/Temporary Internet Files/Content.IE5/OPWK71SZ/update[1] PUA.Win32.Packer.SetupExeSection
/home/jjpg/.wine/drive_c/users/jjpg/Local Settings/Temporary Internet Files/Content.IE5/OPWK71SZ/update[0] PUA.Win32.Packer.SetupExeSection
/home/jjpg/.wine/drive_c/users/Public/Application Data/Apple/Installer Cache/AppleApplicationSupport 2.3.6/AppleApplicationSupport.msi PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/bin/MonoPosixHelper-x86_64.dll PUA.Win32.Packer.PrivateExeProte-7
/usr/share/doc/slv2/jquery.js PUA.HTML.Exploit.CVE_2014_0322
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.0/mscorlib.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/2.0/mscorlib.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/gac/Novell.Directory.Ldap/2.0.0.0__0738eb9f132ed756/Novell.Directory.Ldap.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.5/mscorlib.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.5/monop.exe PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/Installer/8ff4.msi PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/Installer/8d09.msi PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v1.1.4322/mscorlib.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll PUA.Win32.Packer.PrivateExeProte-7
/usr/share/spamassassin/72_active.cf PUA.Phishing.Bank
/home/jjpg/.wine/drive_c/Program Files (x86)/Elica56/System/borlndmm.dll PUA.Win32.Packer.BorlandDelphi-13
/home/jjpg/.wine/drive_c/Program Files (x86)/Elica56/System/Elica.exe PUA.Win32.Packer.BorlandDelphi-14
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/en_us/multitap.dll PUA.Win32.Packer.Starforce-1
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/en_us/sweeper.dll PUA.Win32.Packer.Starforce-1
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/en_us/para.dll PUA.Win32.Packer.Starforce-1
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/Audition.exe PUA.Win32.Packer.Upx-28
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/Voc.flt PUA.Win32.Packer.CreativeAudioFi
/home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Flash Player/AddIns/airappinstaller/airappinstaller.exe PUA.Win32.Packer.SetupExeSection
/home/jjpg/.wine/drive_c/Program Files (x86)/ZaraSoft/ZaraRadio/ZaraRadio.exe PUA.Win32.Packer.Devcpp
/home/jjpg/.wine/drive_c/Program Files (x86)/QuickTime/QTSystem/QuickTimeUpdateHelper.exe PUA.Win32.Packer.SetupExeSection
/usr/share/wine/gecko/wine_gecko-2.21-x86.msi PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/Program Files (x86)/QuickTime/PictureViewer.exe PUA.Packed.Armadillo-1
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple Application Support/libicuuc.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple Application Support/libicuin.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple Application Support/icudt46.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe AIR/Versions/1.0/Resources/airappinstaller.exe PUA.Win32.Packer.SetupExeSection
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe AIR/Versions/1.0/Resources/WebKit.dll PUA.Win32.Packer.PrivateExeProte-7
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe AIR/Versions/1.0/Resources/Adobe AIR Updater.exe PUA.Win32.Packer.SetupExeSection
/home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe AIR/Versions/1.0/Adobe AIR Application Installer.exe PUA.Win32.Packer.SetupExeSection
/opt/wine-devel/lib64/wine/fakedlls/comctl32.dll PUA.Win32.Packer.PrivateExeProte-7
/opt/wine-devel/lib64/wine/fakedlls/clock.exe PUA.Win32.Packer.PrivateExeProte-7
/usr/lib/python3/dist-packages/pyclamd/__pycache__/pyclamd.cpython-35.pyc Eicar-Test-Signature-1
/opt/wine-devel/lib64/wine/fakedlls/user32.dll PUA.Win32.Packer.PrivateExeProte-7
/opt/wine-devel/lib/wine/fakedlls/comctl32.dll PUA.Win32.Packer.PrivateExeProte-7
/opt/wine-devel/lib/wine/fakedlls/clock.exe PUA.Win32.Packer.PrivateExeProte-7
/opt/wine-devel/lib/wine/fakedlls/user32.dll PUA.Win32.Packer.PrivateExeProte-7
/opt/wine-staging/lib64/wine/fakedlls/comctl32.dll PUA.Win32.Packer.PrivateExeProte-7
/opt/wine-staging/lib64/wine/fakedlls/clock.exe PUA.Win32.Packer.PrivateExeProte-7
/opt/wine-staging/lib64/wine/fakedlls/user32.dll PUA.Win32.Packer.PrivateExeProte-7
/usr/lib/python3/dist-packages/pyclamd/__pycache__/pyclamd.cpython-34.pyc Eicar-Test-Signature-1
/usr/lib/mono/4.0/mscorlib.dll PUA.Win32.Packer.PrivateExeProte-7
/usr/lib/mono/4.5/mscorlib.dll PUA.Win32.Packer.PrivateExeProte-7
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many? ???
Is it a real attack? or False positive? ???
Thanks a lot for your time!!!
Greetings and Blessings from Chile!!!!!!!
Juan
More information about the clamav-users
mailing list