R: Trovato trojan in distribuzione debian
No non è uno scherzo anche se capisco che data la data possa sembrare. SO Windows 10 e antivirus Bitdefender Total Security 2017.
Vi allego il report della scansione in cui c'è anche il nome del file e per comodità vi riporto uno stralcio dello stesso:
path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2.iso=>pool=>main=>k=>libwine-development_1.7.29-4_amd64.deb=>data.tar.xz=>(xz stream)=>./usr/lib/x86_64-linux-gnu/wine-development/fakedlls/dpvoice.dll" threatType="0" threatName="Trojan.Generic.20588021"
-----Messaggio originale-----
Da: Gianfranco Costamagna [mailto:locutusofborg@debian.org]
Inviato: sabato 1 aprile 2017 16:36
A: girarsi_liste <liste.girarsi@gmail.com>; debian-italian@lists.debian.org
Oggetto: Re: Trovato trojan in distribuzione debian
>Il Sabato 1 Aprile 2017 16:26, girarsi_liste <liste.girarsi@gmail.com> ha scritto:
"primo aprile" :)
>> volevo comunicarvi che il mio antivirus ha rilevato un trojan nella
>> iso del 2° DVD della release Debian 8.7.1, Gli iso li ho ottenuti
>> partendo dai torrent scaricati qui:
>> http://cdimage.debian.org/debian-cd/current/amd64/bt-dvd/
>>
>> Come programma torrent ho usato uTorrent.
>
> Resto a disposizione per ulteriori informazioni.
>
>Da che sistema operativo e che antivirus?
non mi piace rispondere alle email il primo di aprile :p
comunque, quale file sarebbe incriminato?
(sono sicuro che è uno scherzo, ma vabbè)
G.
<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type="text/xsl" href="C:\Program Files\Bitdefender\Bitdefender 2017\ondemand.xsl"?>
<ScanSession creator="Bitdefender Total Security 2017" name="Scansione completa" installPath="C:\Program Files\Bitdefender\Bitdefender 2017\" creationDate="sabato 1 aprile 2017 15:24:18" originalPath="C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\dcf483c4-26d0-4e6f-ba28-6a53a00adae1\1491039968_1_03.xml" >
<ScanSettings
statisticsRefreshInterval="1000"
scanSpeed="1.000000"
lowPriority="0"
enableExclusions="1"
enableTaskExclusions="0"
scanAdware="1"
scanSpyware="1"
scanApplications="1"
scanDialers="1"
scanKeyloggers="1"
scanFiles="1"
scanAllFiles="1"
scanProgramsOnly="0"
useCustomPrograms="0"
customPrograms=""
scanUserDefined="0"
scanPacked="1"
scanArchives="1"
useSmartScan="1"
scanEmails="1"
scanRootkits="0"
scanAllRootkits="1"
scanBoot="1"
scanMemory="1"
scanRegistry="1"
quickScan="1"
quickScanMemory="0"
quickScanAutoruns="0"
quickScanPlugins="1"
scanCookies="1"
shutdownAfter="0"
passwordPrompt="0"
onlyAllowedActions="1"
deepArchiveScan="1"
maxArchiveLevel="15"
maxArchiveSize="0"
infectedAction1="3"
infectedAction2="7"
suspectAction1="7"
suspectAction2="1"
rootkitAction="3"
userDefinedExtensions=""
scanPua="-1"
computeSha256Hash="0"
disableIndexer="0"
>
<ScanPaths>
<path>B:\</path>
<path>C:\</path>
<path>D:\</path>
</ScanPaths>
<ExcludedPaths>
</ExcludedPaths>
<ExcludedExtensions>
</ExcludedExtensions>
</ScanSettings>
<EngineSummary
totalSignatures="8022522"
/>
<ScanSummary
scannedArchives="722"
scannedPacked="804"
startTime="1491039968"
duration="12986140"
>
<TypeSummary type="1"
scanned="31"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>
<TypeSummary type="4"
scanned="0"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>
<TypeSummary type="0"
scanned="8836546"
infected="4"
suspicious="0"
disinfected="0"
deleted="0"
moved="2"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>
<TypeSummary type="5"
scanned="0"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>
<TypeSummary type="2"
scanned="10087"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>
<TypeSummary type="3"
scanned="5859"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>
<TypeSummary type="6"
scanned="1588"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>
</ScanSummary>
<ScanDetails>
<UnresolvedDetails>
<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2.iso=>pool=>main=>k=>libwine-development_1.7.29-4_amd64.deb=>data.tar.xz=>(xz stream)=>./usr/lib/x86_64-linux-gnu/wine-development/fakedlls/dpvoice.dll" threatType="0" threatName="Trojan.Generic.20588021" action="1" allActions="3 7 1 9 1" initialStatus="3" finalStatus="3" failReason="2" itemHash="" chainHash="no_hash" family="" rtvrType="" />
<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2.iso=>pool=>main=>k=>libwine-development_1.7.29-4_amd64.deb=>data.tar.xz=>(xz stream)=>./usr/lib/x86_64-linux-gnu/wine-development/fakedlls/d3dcompiler_35.dll" threatType="0" threatName="Trojan.Generic.20584987" action="1" allActions="3 7 1 9 1" initialStatus="3" finalStatus="3" failReason="2" itemHash="" chainHash="no_hash" family="" rtvrType="" />
</UnresolvedDetails>
<ResolvedDetails>
<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2\pool\main\w\wine-development\libwine-development_1.7.29-4_amd64.deb=>data.tar.xz=>(xz stream)=>./usr/lib/x86_64-linux-gnu/wine-development/fakedlls/dpvoice.dll" threatType="0" threatName="Trojan.Generic.20588021" action="9" allActions="3 7 1 9 1 9" initialStatus="3" finalStatus="6" quarId="b3bea490-af74-4d75-9377-63e51e610517" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType="" />
<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2\pool\main\w\wine-development\libwine-development_1.7.29-4_amd64.deb=>data.tar.xz=>(xz stream)=>./usr/lib/x86_64-linux-gnu/wine-development/fakedlls/d3dcompiler_35.dll" threatType="0" threatName="Trojan.Generic.20584987" action="9" allActions="3 7 1 9 1 9" initialStatus="3" finalStatus="6" quarId="b3bea490-af74-4d75-9377-63e51e610517" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType="" />
</ResolvedDetails>
<IgnoredDetails>
</IgnoredDetails>
<QuickScanDetails>
</QuickScanDetails>
<NotScannedDetails
skipped="243317"
ioerrors="0"
archiveBombs="5"
passwordProtected="8"
>
<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-1.iso=>pool=>main=>g=>gcc-4.9=>g++-4.9_4.9.2-10_amd64.deb=>data.tar.xz=>(xz stream)=>.=>usr=>share=>doc=>gcc-4.9-base=>test-summaries=>g++.log.xz=>(xz stream)" threatType="7" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="4" />
<Item type="0" objectType="0" path="D:\System Volume Information\_restore{41816963-4E71-46CD-8433-A2A33E9F8C42}\RP109\A0031955.exe=>(RAR Sfx o)=>support.exe=>(RAR Sfx o)=>(REMOVED_NULLS)=>rules.app.html"},"35127":{"build_id":"35127","module_id":"3","lang":"2015_is_it_IT","title":"Protezione web","link_id":"128740","item_type":"2","manual_name":"web_protection.html"},"35128":{"build_id":"35128","module_id":"3","lang":"2015_is_it_IT","title"" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
<Item type="0" objectType="0" path="D:\Quella gran troia della mia ex\Foto.rar" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2\pool\main\g\golang\golang-src_1.3.3-1_amd64.deb=>data.tar.xz=>(xz stream)=>./usr/share/go/src/pkg/compress/gzip/testdata/issue6550.gz" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-3\pool\main\p\python-astropy\python-astropy_0.4.2-2_amd64.deb=>data.tar.xz=>(xz stream)=>./usr/lib/python2.7/dist-packages/astropy/utils/tests/data/invalid.dat.gz" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2\pool\main\t\texlive-lang\texlive-lang-japanese_2014.20141024-1_all.deb=>data.tar.xz=>(xz stream)=>./usr/share/texlive/texmf-dist/fonts/vf/public/japanese-otf-uptex/upnmlgothbn-v.vf" threatType="7" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="4" />
<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-3\pool\main\f\fcrackzip\fcrackzip_1.0-5_amd64.deb=>data.tar.gz=>(gzip)=>.=>usr=>share=>doc=>fcrackzip=>examples=>noradi.zip=>TEXT1.TXT" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-3\pool\main\f\fcrackzip\fcrackzip_1.0-5_amd64.deb=>data.tar.gz=>(gzip)=>.=>usr=>share=>doc=>fcrackzip=>examples=>noradi.zip=>TEXT2.TXT" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-3\pool\main\f\fcrackzip\fcrackzip_1.0-5_amd64.deb=>data.tar.gz=>(gzip)=>.=>usr=>share=>doc=>fcrackzip=>examples=>noradi.zip=>TEXT3.TXT" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-1\pool\main\g\gcc-4.9\g++-4.9_4.9.2-10_amd64.deb=>data.tar.xz=>(xz stream)=>.=>usr=>share=>doc=>gcc-4.9-base=>test-summaries=>g++.log.xz=>(xz stream)" threatType="7" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="4" />
<Item type="0" objectType="0" path="C:\Users\Luca\AppData\Roaming\Roxio\Roxio Burn\RoxioBurnGroup.ini" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2\pool\main\g\gcc-4.8\g++-4.8_4.8.4-1_amd64.deb=>data.tar.xz=>(xz stream)=>.=>usr=>share=>doc=>gcc-4.8-base=>test-summaries=>libstdc++.log.xz=>(xz stream)" threatType="7" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="4" />
<Item type="0" objectType="0" path="C:\Users\Luca\Downloads\debian-8.7.1-amd64-DVD-2.iso=>pool=>main=>k=>texlive-lang-japanese_2014.20141024-1_all.deb=>data.tar.xz=>(xz stream)=>./usr/share/texlive/texmf-dist/fonts/vf/public/japanese-otf-uptex/upnmlgothbn-v.vf" threatType="7" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="4" />
</NotScannedDetails>
</ScanDetails>
</ScanSession>
Reply to: