What would happen if you ran a windows virus using Wine?

**redfez** · February 23rd, 2007

Do you relize that you have posted a a log of files on your system that appear to be not of the legal ilk if you will.

**MannaPC** · February 23rd, 2007

Originally Posted by redfez

Do you relize that you have posted a a log of files on your system that appear to be not of the legal ilk if you will.

I do seriously hope you are joking and know those are fake files intended to make you think what you just said and open them...

If not, I laugh at your stupidity

!

**owenleej** · February 23rd, 2007

Originally Posted by redfez

Do you relize that you have posted a a log of files on your system that appear to be not of the legal ilk if you will.

YOU run a virus and lets see what stuff it decides to install for YOU and then we can blame YOU for it! Awesome!

**jobo5432** · February 23rd, 2007

Wow...look at all the warez in that folder, and to think it was all infected...That sucks man.

**trmentry** · February 24th, 2007

This is why I run my windows applications inside a VMWare install of XP on vmware server. I just RDP into the machine and run what I need. If it goes all wonky, then I just restore back to the last known good snapshot and move on.

**faradesla** · February 24th, 2007

That's hilarious. I hope you got everything fixed, Mustard.

I guess this is just further testament to how well WINE works.

**MannaPC** · February 24th, 2007

Originally Posted by jobo5432

Wow...look at all the warez in that folder, and to think it was all infected...That sucks man.

It's not warez at all...! It's infected files named to look like warez which will entice you to open said files..

**shane2peru** · February 24th, 2007

Well, two scans still finishing up, but I don't expect them to turn anything up, they haven't so far. I had a grand total of 1305 viruses on my computer. All in my /home/user partition and my /mnt/data partition that stores all my work. That is all! Probably will have to re-install a few of my wine programs but nothing more than time lost. If it had been windows that would not have been the case!

Shane

**oolunchbox** · February 24th, 2007

Unless I've misread any of the posts nobody has actually touched on why it worked like it did. My understanding of Wine is that it's a "compatibility layer" (WINE itself stands for WINE IS NOT an EMULATOR). Being a compatibility layer it translates commands sent from windows programs into commands Linux understands, thus allowing the program to run. The comment about being in Russia and telling someone to F off is incorrect, wine works like the translator- it receives the foreign windows commands and tells your linux system how to make it work (the russian wouldnt know what you said until the translator told them, then they would understand, and get rightfully angry). Apparently the virus sent instructions to create or download files to the users main directory thus all the files in the /home directory and /usr directory.

or maybe im wrong.

**ardchoille42** · February 24th, 2007

Originally Posted by oolunchbox

Unless I've misread any of the posts nobody has actually touched on why it worked like it did.

Because wine runs Windows programs.. including viruses, trojans, worms, etc. I've been saying this for a while but no one listens, now we have proof. And, as you saw from an earlier post, those viruses, trojans, worms can wreak havoc in any folder in $HOME as well as system folders. If the infected user runs a virus within the sudo timeout of running a command with sudo, the virus can gain sudo privs. Think about it, if the user runs "sudo command", there is a certain amount of time that the sudo password is cached. If the user runs a virus that calls sudo within that sudo cache timeframe, then the virus can run "sudo rm -rf /" and that command will succeed because the virus is running as the sudo user with sudo privs:

Originally Posted by Mustard

I ended up finding more viruses in my usr directory way down deep in some /cups related sub directory. Somehow in all the sudo'ing and mucking around I have managed to trash my Evolution Inbox, so I ended up throwing the mondo backup CD into the drive and restored the system that way.

Originally Posted by Mustard

It seemed to be limited to my home folder and the /usr directory. It was interesting to watch on etherape. As soon as I executed it, I could see all those connections starting up with unfamiliar IP's all around the world and it similtaneously started downloading different versions of itself onto the system. I should have deleted the ones that I still had sitting in the email inbox first, before doing a 'mv' command on all the other virii that had been downloaded, as the way I went about cleaning them up didn't sit well with Evolution afterwards. It no longer recognised my default account in the Inbox. That's about the only damage I can say for sure was done and that is more related to my clumsy command line work than anything else.

This is why I say wine/cedega/cxoffice/other are bad things and should not be used at all. It wouldn't be hard (probably already been done) to write a keylogger into a Windows file and capture every keystroke you make and send all your personal info to a server where it is sold to the highest bidder. Some folks think that running Windows apps in wine offers them some layer of protection against bad Windows apps, but this is simply a myth.

I don't know about others, but the files in my $HOME are more important to me than the rest of the system. I won't ever use Windows files on any of my systems.. and now you see why.