Linux Lite Forums

Linux Lite Forums > Software - Support > Other > Virus Detected on Lite 2.6 Wallpapers
Full Version: Virus Detected on Lite 2.6 Wallpapers
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3

vagnerafonso

09-04-2015, 06:44 PM
Greetings,

I recently downloaded Lite 2.6 32Bit and booted it up in Virtual Box.  I grabbed all of the wallpapers located in /usr/share/backgrounds/xfce and created a .zip archive.  When I went to email that archive to myself via Gmail, Google warned me that there was a virus detected. I wanted to bring this up with the community and hopefully someone would have an answer as to why this occurred.

Thank you

ScreenShots



[Image: wallpaperarchive.png]

torreydale

09-04-2015, 07:10 PM
You should probably include screenshots of the warning and of the actual archive.

rokytnji

09-04-2015, 07:35 PM
Gmail gives false positives to err on the side of caution.  They would not take zome zipped up text files of mine for Icewm folder in ~/.icewm that I tried to save.

Gmail is weird like that.

I am not saying there might be a virus embedded in the image since I do not know yet.

https://www.virustotal.com/

vagnerafonso

09-04-2015, 07:49 PM
Greetings,

Thank you for this information.  I've uploaded the wallpaper archive using my outlook.com account and it uploaded without issue. I appreciate the feedback and information.

Thanks

avj

09-04-2015, 11:05 PM
I have been able to verify this as being flagged by https://www.virustotal.com/en/

The file in question is :  /usr/share/backgrounds/xfce/Entrance.jpg

it was identified by 7 of the 56 scans at virus total as the following:

AVware                              Trojan.Win32.Jpgiframe (v)                          20150901
AhnLab-V3                          HEUR/Iframe                                              20150904
Bkav                                W32.HfsJPEG.D0FF                                      20150904
Cyren                                HTML/IFRAME.gen                                        20150904
F-Prot                                HTML/IFRAME.gen                                        20150904
NANO-Antivirus                  Trojan.Html.Heuristic-script.cadouz                20150904
VIPRE                                Trojan.Win32.Jpgiframe (v)                            20150904

more info at:

https://www.virustotal.com/en/file/650d4...441406529/

rokytnji

09-04-2015, 11:25 PM
Weird how comodo, AVG,Avast,ClamAV, Eset-Nod 32, among others give a green check and pass on that file.
Not being a virus expert myself.

With the r/h devel scale practically in the middle with 0  0 on the guage.
No wonder I only use Windows to tune Motorcycles and only for that purpose.

anon222

09-04-2015, 11:53 PM
(09-04-2015, 11:05 PM)avj link Wrote: [ -> ]I have been able to verify this as being flagged by https://www.virustotal.com/en/

The file in question is :  /usr/share/backgrounds/xfce/Entrance.jpg

it was identified by 7 of the 56 scans at virus total as the following:

AVware                              Trojan.Win32.Jpgiframe (v)                          20150901
AhnLab-V3                          HEUR/Iframe                                              20150904
Bkav                                W32.HfsJPEG.D0FF                                      20150904
Cyren                                HTML/IFRAME.gen                                        20150904
F-Prot                                HTML/IFRAME.gen                                        20150904
NANO-Antivirus                  Trojan.Html.Heuristic-script.cadouz                20150904
VIPRE                                Trojan.Win32.Jpgiframe (v)                            20150904

more info at:

https://www.virustotal.com/en/file/650d4...441406529/
From that list I've heared about F-prot and VIPRE.
I'm not an expert on viruses. Could be false positive.
Did the check on LL 2.2 also.
https://www.virustotal.com/en/file/1dc15...441398029/

avj

09-05-2015, 12:12 AM
If you click on the link I provided for more info, and then click on the "File detail" tab it states:  The file being studied is an image file! More specifically, it is a JPEG. The image has been injected with malicious web content.

In the box right below that statement is what appears to be the code that was injected into the file.

rokytnji

09-05-2015, 12:50 AM
Trying a different route with

http://scanthis.net/

which uses

Quote:ScanThis is powered by the open source and industry-recognised Clam AV software.

because the file info is not informative at all to me . There is no .exe in it just for starters.
Since the file in question is entrance.jpg.
I am only uploading that one to be scanned presently.
It is still scanning as I type this post out. So will wait to see what is what for sure.
That injected code the other site showed was just jumbled html code which I cannot decipher.

Sure is taking a long long time to scan one .jpg. Must be a zillion virus signatures to look for I guess.

[Image: q5EdANC.png]

Ok. Got tired of waiting so went to

https://www.metascan-online.com/#!/resul...da/regular

[Image: AJHvRRd.png]

So my uneducated conclusion is that entrance.jpg in /usr/share/backgrounds/xfce/entrance.jpg is tainted somehow since double checked on another site  and I am going to delete it of all my boxes/installs.

It can't hurt to do so. Plus. If you look at my screenshots. I never use the default stuff anyways.


Up to the team to decide where to take this from here. I can only speak for myself.


Because. Even after all that. You still get


Quote:[color=rgb(84, 84, 84)]Only a few scan engines detected this file as a threat. If you think it might be a false positive, [/color][color=rgb(0, 166, 221)]find out how to contact the engine vendor on our blog[/color]


Edit> I am closing the scan this tab open right now. It is still not done scanning and my patience aint what it used to be.



rokytnji

09-05-2015, 01:04 AM
Code:
harry@harry-Latitude-XT2:~$ sudo -s
[sudo] password for harry:
root@harry-Latitude-XT2:~# cd /usr/share/backgrounds/xfce
root@harry-Latitude-XT2:/usr/share/backgrounds/xfce# ls
Car.jpg        Linux-Lite-Bridge.png          Lite-Coral.png      Stadium.jpg
Cubes.jpg      Linux-Lite-Coast.png           Lite-Gold.png       Thames.jpg
Entrance.jpg   Linux-Lite.jpg                 Lite-Grey.png       Winter.jpg
Gaming.jpeg    Linux-Lite-Mountains-Gold.png  Lite-Lite-2.2.jpg   xfce-blue.jpg
Kids.jpg       Linux-Lite-Sand-Feather.jpg    Lite-Parchment.png
Landscape.jpg  Linux-Lite-Simple-Gray.png     River-Dock.jpg
Liberty.jpg    Linux-Lite-Waves.png           Sea-House.jpg
root@harry-Latitude-XT2:/usr/share/backgrounds/xfce# rm -f Entrance.jpg
root@harry-Latitude-XT2:/usr/share/backgrounds/xfce# ls
Car.jpg                Linux-Lite.jpg                 Lite-Lite-2.2.jpg
Cubes.jpg              Linux-Lite-Mountains-Gold.png  Lite-Parchment.png
Gaming.jpeg            Linux-Lite-Sand-Feather.jpg    River-Dock.jpg
Kids.jpg               Linux-Lite-Simple-Gray.png     Sea-House.jpg
Landscape.jpg          Linux-Lite-Waves.png           Stadium.jpg
Liberty.jpg            Lite-Coral.png                 Thames.jpg
Linux-Lite-Bridge.png  Lite-Gold.png                  Winter.jpg
Linux-Lite-Coast.png   Lite-Grey.png                  xfce-blue.jpg
root@harry-Latitude-XT2:/usr/share/backgrounds/xfce# exit
exit
harry@harry-Latitude-XT2:~$
Pages: 1 2 3
Linux Lite Forums > Software - Support > Other > Virus Detected on Lite 2.6 Wallpapers