R: Trovato trojan in distribuzione debian

To: "'Gianfranco Costamagna'" <locutusofborg@debian.org>, "'girarsi_liste'" <liste.girarsi@gmail.com>, <debian-italian@lists.debian.org>
Subject: R: Trovato trojan in distribuzione debian
From: "Luca Montanari" <lucamontanari@katamail.com>
Date: Sat, 1 Apr 2017 16:48:12 +0200
Message-id: <[🔎] 007b01d2aaf6$fd6cac00$f8460400$@katamail.com>
In-reply-to: <[🔎] 2122188060.13050173.1491057338160@mail.yahoo.com>
References: <[🔎] 006b01d2aaef$95d84510$c188cf30$@katamail.com> <[🔎] 87a1b043-3247-db2a-6997-b84d6ae06830@gmail.com> <[🔎] 2122188060.13050173.1491057338160@mail.yahoo.com>

No non è uno scherzo anche se capisco che data la data possa sembrare. SO Windows 10 e antivirus Bitdefender Total Security 2017.
Vi allego il report della scansione in cui c'è anche il nome del file e per comodità vi riporto uno stralcio dello stesso:

path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2.iso=&gt;pool=&gt;main=&gt;k=&gt;libwine-development_1.7.29-4_amd64.deb=&gt;data.tar.xz=&gt;(xz stream)=&gt;./usr/lib/x86_64-linux-gnu/wine-development/fakedlls/dpvoice.dll" threatType="0" threatName="Trojan.Generic.20588021"

-----Messaggio originale-----
Da: Gianfranco Costamagna [mailto:locutusofborg@debian.org] 
Inviato: sabato 1 aprile 2017 16:36
A: girarsi_liste <liste.girarsi@gmail.com>; debian-italian@lists.debian.org
Oggetto: Re: Trovato trojan in distribuzione debian


>Il Sabato 1 Aprile 2017 16:26, girarsi_liste <liste.girarsi@gmail.com> ha scritto:


"primo aprile" :)
>> volevo comunicarvi che il mio antivirus ha rilevato un trojan nella 
>> iso del 2° DVD della release Debian 8.7.1, Gli iso li ho ottenuti 
>> partendo dai torrent scaricati qui:
>> http://cdimage.debian.org/debian-cd/current/amd64/bt-dvd/
>> 
>> Come programma torrent ho usato uTorrent.
> 
> Resto a disposizione per ulteriori informazioni.
> 
>Da che sistema operativo e che antivirus?


non mi piace rispondere alle email il primo di aprile :p

comunque, quale file sarebbe incriminato?
(sono sicuro che è uno scherzo, ma vabbè)

G.

ï»¿<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type="text/xsl" href="C:\Program Files\Bitdefender\Bitdefender 2017\ondemand.xsl"?>
<ScanSession creator="Bitdefender Total Security 2017" name="Scansione completa" installPath="C:\Program Files\Bitdefender\Bitdefender 2017\" creationDate="sabato 1 aprile 2017 15:24:18" originalPath="C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\dcf483c4-26d0-4e6f-ba28-6a53a00adae1\1491039968_1_03.xml" >
	<ScanSettings 
		statisticsRefreshInterval="1000"
		scanSpeed="1.000000"
		lowPriority="0"
		enableExclusions="1"
		enableTaskExclusions="0"
		scanAdware="1"
		scanSpyware="1"
		scanApplications="1"
		scanDialers="1"
		scanKeyloggers="1"
		scanFiles="1"
		scanAllFiles="1"
		scanProgramsOnly="0"
		useCustomPrograms="0"
		customPrograms=""
		scanUserDefined="0"
		scanPacked="1"
		scanArchives="1"
		useSmartScan="1"
		scanEmails="1"
		scanRootkits="0"
		scanAllRootkits="1"
		scanBoot="1"
		scanMemory="1"
		scanRegistry="1"
		quickScan="1"
		quickScanMemory="0"
		quickScanAutoruns="0"
		quickScanPlugins="1"
		scanCookies="1"
		shutdownAfter="0"
		passwordPrompt="0"
		onlyAllowedActions="1"
		deepArchiveScan="1"
		maxArchiveLevel="15"
		maxArchiveSize="0"
		infectedAction1="3"
		infectedAction2="7"
		suspectAction1="7"
		suspectAction2="1"
		rootkitAction="3"
		userDefinedExtensions=""
		scanPua="-1"
		computeSha256Hash="0"
		disableIndexer="0"
	>

		<ScanPaths>
			<path>B:\</path>
			<path>C:\</path>
			<path>D:\</path>
		</ScanPaths>

		<ExcludedPaths>
		</ExcludedPaths>

		<ExcludedExtensions>
		</ExcludedExtensions>

	</ScanSettings>

	<EngineSummary
		totalSignatures="8022522"
		/>

	<ScanSummary
		scannedArchives="722"
		scannedPacked="804"
		startTime="1491039968"
		duration="12986140"
	>

		<TypeSummary type="1"
			scanned="31"
			infected="0"
			suspicious="0"
			disinfected="0"
			deleted="0"
			moved="0"
			moved_reboot="0"
			delete_reboot="0"
			renamed="0"
			hidden="0"
		/>

		<TypeSummary type="4"
			scanned="0"
			infected="0"
			suspicious="0"
			disinfected="0"
			deleted="0"
			moved="0"
			moved_reboot="0"
			delete_reboot="0"
			renamed="0"
			hidden="0"
		/>

		<TypeSummary type="0"
			scanned="8836546"
			infected="4"
			suspicious="0"
			disinfected="0"
			deleted="0"
			moved="2"
			moved_reboot="0"
			delete_reboot="0"
			renamed="0"
			hidden="0"
		/>

		<TypeSummary type="5"
			scanned="0"
			infected="0"
			suspicious="0"
			disinfected="0"
			deleted="0"
			moved="0"
			moved_reboot="0"
			delete_reboot="0"
			renamed="0"
			hidden="0"
		/>

		<TypeSummary type="2"
			scanned="10087"
			infected="0"
			suspicious="0"
			disinfected="0"
			deleted="0"
			moved="0"
			moved_reboot="0"
			delete_reboot="0"
			renamed="0"
			hidden="0"
		/>

		<TypeSummary type="3"
			scanned="5859"
			infected="0"
			suspicious="0"
			disinfected="0"
			deleted="0"
			moved="0"
			moved_reboot="0"
			delete_reboot="0"
			renamed="0"
			hidden="0"
		/>

		<TypeSummary type="6"
			scanned="1588"
			infected="0"
			suspicious="0"
			disinfected="0"
			deleted="0"
			moved="0"
			moved_reboot="0"
			delete_reboot="0"
			renamed="0"
			hidden="0"
		/>

	</ScanSummary>

	<ScanDetails>
		<UnresolvedDetails>
			<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2.iso=&gt;pool=&gt;main=&gt;k=&gt;libwine-development_1.7.29-4_amd64.deb=&gt;data.tar.xz=&gt;(xz stream)=&gt;./usr/lib/x86_64-linux-gnu/wine-development/fakedlls/dpvoice.dll" threatType="0" threatName="Trojan.Generic.20588021" action="1" allActions="3 7 1 9 1" initialStatus="3" finalStatus="3" failReason="2" itemHash="" chainHash="no_hash" family="" rtvrType="" />
			<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2.iso=&gt;pool=&gt;main=&gt;k=&gt;libwine-development_1.7.29-4_amd64.deb=&gt;data.tar.xz=&gt;(xz stream)=&gt;./usr/lib/x86_64-linux-gnu/wine-development/fakedlls/d3dcompiler_35.dll" threatType="0" threatName="Trojan.Generic.20584987" action="1" allActions="3 7 1 9 1" initialStatus="3" finalStatus="3" failReason="2" itemHash="" chainHash="no_hash" family="" rtvrType="" />
		</UnresolvedDetails>

		<ResolvedDetails>
			<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2\pool\main\w\wine-development\libwine-development_1.7.29-4_amd64.deb=&gt;data.tar.xz=&gt;(xz stream)=&gt;./usr/lib/x86_64-linux-gnu/wine-development/fakedlls/dpvoice.dll" threatType="0" threatName="Trojan.Generic.20588021" action="9" allActions="3 7 1 9 1 9" initialStatus="3" finalStatus="6" quarId="b3bea490-af74-4d75-9377-63e51e610517" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType="" />
			<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2\pool\main\w\wine-development\libwine-development_1.7.29-4_amd64.deb=&gt;data.tar.xz=&gt;(xz stream)=&gt;./usr/lib/x86_64-linux-gnu/wine-development/fakedlls/d3dcompiler_35.dll" threatType="0" threatName="Trojan.Generic.20584987" action="9" allActions="3 7 1 9 1 9" initialStatus="3" finalStatus="6" quarId="b3bea490-af74-4d75-9377-63e51e610517" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType="" />
		</ResolvedDetails>

		<IgnoredDetails>
		</IgnoredDetails>

		<QuickScanDetails>
		</QuickScanDetails>
		<NotScannedDetails
			skipped="243317"
			ioerrors="0"
			archiveBombs="5"
			passwordProtected="8"
		>

			<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-1.iso=&gt;pool=&gt;main=&gt;g=&gt;gcc-4.9=&gt;g++-4.9_4.9.2-10_amd64.deb=&gt;data.tar.xz=&gt;(xz stream)=&gt;.=&gt;usr=&gt;share=&gt;doc=&gt;gcc-4.9-base=&gt;test-summaries=&gt;g++.log.xz=&gt;(xz stream)" threatType="7" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="4" />
			<Item type="0" objectType="0" path="D:\System Volume Information\_restore{41816963-4E71-46CD-8433-A2A33E9F8C42}\RP109\A0031955.exe=&gt;(RAR Sfx o)=&gt;support.exe=&gt;(RAR Sfx o)=&gt;(REMOVED_NULLS)=&gt;rules.app.html&quot;},&quot;35127&quot;:{&quot;build_id&quot;:&quot;35127&quot;,&quot;module_id&quot;:&quot;3&quot;,&quot;lang&quot;:&quot;2015_is_it_IT&quot;,&quot;title&quot;:&quot;Protezione web&quot;,&quot;link_id&quot;:&quot;128740&quot;,&quot;item_type&quot;:&quot;2&quot;,&quot;manual_name&quot;:&quot;web_protection.html&quot;},&quot;35128&quot;:{&quot;build_id&quot;:&quot;35128&quot;,&quot;module_id&quot;:&quot;3&quot;,&quot;lang&quot;:&quot;2015_is_it_IT&quot;,&quot;title&quot;" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
			<Item type="0" objectType="0" path="D:\Quella gran troia della mia ex\Foto.rar" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
			<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2\pool\main\g\golang\golang-src_1.3.3-1_amd64.deb=&gt;data.tar.xz=&gt;(xz stream)=&gt;./usr/share/go/src/pkg/compress/gzip/testdata/issue6550.gz" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
			<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-3\pool\main\p\python-astropy\python-astropy_0.4.2-2_amd64.deb=&gt;data.tar.xz=&gt;(xz stream)=&gt;./usr/lib/python2.7/dist-packages/astropy/utils/tests/data/invalid.dat.gz" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
			<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2\pool\main\t\texlive-lang\texlive-lang-japanese_2014.20141024-1_all.deb=&gt;data.tar.xz=&gt;(xz stream)=&gt;./usr/share/texlive/texmf-dist/fonts/vf/public/japanese-otf-uptex/upnmlgothbn-v.vf" threatType="7" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="4" />
			<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-3\pool\main\f\fcrackzip\fcrackzip_1.0-5_amd64.deb=&gt;data.tar.gz=&gt;(gzip)=&gt;.=&gt;usr=&gt;share=&gt;doc=&gt;fcrackzip=&gt;examples=&gt;noradi.zip=&gt;TEXT1.TXT" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
			<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-3\pool\main\f\fcrackzip\fcrackzip_1.0-5_amd64.deb=&gt;data.tar.gz=&gt;(gzip)=&gt;.=&gt;usr=&gt;share=&gt;doc=&gt;fcrackzip=&gt;examples=&gt;noradi.zip=&gt;TEXT2.TXT" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
			<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-3\pool\main\f\fcrackzip\fcrackzip_1.0-5_amd64.deb=&gt;data.tar.gz=&gt;(gzip)=&gt;.=&gt;usr=&gt;share=&gt;doc=&gt;fcrackzip=&gt;examples=&gt;noradi.zip=&gt;TEXT3.TXT" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
			<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-1\pool\main\g\gcc-4.9\g++-4.9_4.9.2-10_amd64.deb=&gt;data.tar.xz=&gt;(xz stream)=&gt;.=&gt;usr=&gt;share=&gt;doc=&gt;gcc-4.9-base=&gt;test-summaries=&gt;g++.log.xz=&gt;(xz stream)" threatType="7" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="4" />
			<Item type="0" objectType="0" path="C:\Users\Luca\AppData\Roaming\Roxio\Roxio Burn\RoxioBurnGroup.ini" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
			<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2\pool\main\g\gcc-4.8\g++-4.8_4.8.4-1_amd64.deb=&gt;data.tar.xz=&gt;(xz stream)=&gt;.=&gt;usr=&gt;share=&gt;doc=&gt;gcc-4.8-base=&gt;test-summaries=&gt;libstdc++.log.xz=&gt;(xz stream)" threatType="7" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="4" />
			<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2.iso=&gt;pool=&gt;main=&gt;k=&gt;texlive-lang-japanese_2014.20141024-1_all.deb=&gt;data.tar.xz=&gt;(xz stream)=&gt;./usr/share/texlive/texmf-dist/fonts/vf/public/japanese-otf-uptex/upnmlgothbn-v.vf" threatType="7" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="4" />
		</NotScannedDetails>
	</ScanDetails>

</ScanSession>

Reply to:

Follow-Ups:
- R: Trovato trojan in distribuzione debian
  - From: "Luca Montanari" <lucamontanari@katamail.com>
- Re: Trovato trojan in distribuzione debian
  - From: girarsi_liste <liste.girarsi@gmail.com>
- Re: Trovato trojan in distribuzione debian
  - From: Mauro <mauro@teppisti.it>
- Re: Trovato trojan in distribuzione debian
  - From: Gerlos <gerlosgm@gmail.com>

References:
- Trovato trojan in distribuzione debian
  - From: "Luca Montanari" <lucamontanari@katamail.com>
- Re: Trovato trojan in distribuzione debian
  - From: girarsi_liste <liste.girarsi@gmail.com>
- Re: Trovato trojan in distribuzione debian
  - From: Gianfranco Costamagna <locutusofborg@debian.org>

Prev by Date: Re: Trovato trojan in distribuzione debian
Next by Date: R: Trovato trojan in distribuzione debian
Previous by thread: Re: Trovato trojan in distribuzione debian
Next by thread: R: Trovato trojan in distribuzione debian
Index(es):
- Date
- Thread