Virus Detected on Lite 2.6 Wallpapers

[rokytnji]

Trying a different route with

http://scanthis.net/

which uses

ScanThis is powered by the open source and industry-recognised Clam AV software.

because the file info is not informative at all to me . There is no .exe in it just for starters.
Since the file in question is entrance.jpg.
I am only uploading that one to be scanned presently.
It is still scanning as I type this post out. So will wait to see what is what for sure.
That injected code the other site showed was just jumbled html code which I cannot decipher.

Sure is taking a long long time to scan one .jpg. Must be a zillion virus signatures to look for I guess.



Ok. Got tired of waiting so went to

https://www.metascan-online.com/#!/results/file/c15d48726a80498490d8b8b1e8cfe6da/regular



So my uneducated conclusion is that entrance.jpg in /usr/share/backgrounds/xfce/entrance.jpg is tainted somehow since double checked on another site  and I am going to delete it of all my boxes/installs.

It can't hurt to do so. Plus. If you look at my screenshots. I never use the default stuff anyways.


Up to the team to decide where to take this from here. I can only speak for myself.


Because. Even after all that. You still get

Only a few scan engines detected this file as a threat. If you think it might be a false positive, find out how to contact the engine vendor on our blog

Edit> I am closing the scan this tab open right now. It is still not done scanning and my patience aint what it used to be.

[avj]

If you click on the link I provided for more info, and then click on the "File detail" tab it states:  The file being studied is an image file! More specifically, it is a JPEG. The image has been injected with malicious web content.

In the box right below that statement is what appears to be the code that was injected into the file.

[anon222]

I have been able to verify this as being flagged by https://www.virustotal.com/en/

The file in question is :  /usr/share/backgrounds/xfce/Entrance.jpg

it was identified by 7 of the 56 scans at virus total as the following:

AVware                              Trojan.Win32.Jpgiframe (v)                           20150901
AhnLab-V3                          HEUR/Iframe                                              20150904
Bkav                                 W32.HfsJPEG.D0FF                                       20150904
Cyren                                HTML/IFRAME.gen                                        20150904
F-Prot                                HTML/IFRAME.gen                                        20150904
NANO-Antivirus                   Trojan.Html.Heuristic-script.cadouz                 20150904
VIPRE                                Trojan.Win32.Jpgiframe (v)                            20150904

more info at:

https://www.virustotal.com/en/file/650d430d3ce9d90784f88bbe8e1aa056631e67de66072d03e6331e51f0d9d6cb/analysis/1441406529/

From that list I've heared about F-prot and VIPRE.
I'm not an expert on viruses. Could be false positive.
Did the check on LL 2.2 also.
https://www.virustotal.com/en/file/1dc15dfe32b6e563024a77cdd15a3de194d4756ce720d83b39417e19fa872b7f/analysis/1441398029/

[rokytnji]

Weird how comodo, AVG,Avast,ClamAV, Eset-Nod 32, among others give a green check and pass on that file.
Not being a virus expert myself.

With the r/h devel scale practically in the middle with 0   0 on the guage.
No wonder I only use Windows to tune Motorcycles and only for that purpose.

[avj]

I have been able to verify this as being flagged by https://www.virustotal.com/en/

The file in question is :  /usr/share/backgrounds/xfce/Entrance.jpg

it was identified by 7 of the 56 scans at virus total as the following:

AVware                              Trojan.Win32.Jpgiframe (v)                           20150901
AhnLab-V3                          HEUR/Iframe                                              20150904
Bkav                                 W32.HfsJPEG.D0FF                                       20150904
Cyren                                HTML/IFRAME.gen                                        20150904
F-Prot                                HTML/IFRAME.gen                                        20150904
NANO-Antivirus                   Trojan.Html.Heuristic-script.cadouz                 20150904
VIPRE                                Trojan.Win32.Jpgiframe (v)                            20150904

more info at:

https://www.virustotal.com/en/file/650d430d3ce9d90784f88bbe8e1aa056631e67de66072d03e6331e51f0d9d6cb/analysis/1441406529/

[vagnerafonso]

Greetings,

Thank you for this information.  I've uploaded the wallpaper archive using my outlook.com account and it uploaded without issue. I appreciate the feedback and information.

Thanks

[rokytnji]

Gmail gives false positives to err on the side of caution.  They would not take zome zipped up text files of mine for Icewm folder in ~/.icewm that I tried to save.

Gmail is weird like that.

I am not saying there might be a virus embedded in the image since I do not know yet.

https://www.virustotal.com/

[torreydale]

You should probably include screenshots of the warning and of the actual archive.

[vagnerafonso]

Greetings,

I recently downloaded Lite 2.6 32Bit and booted it up in Virtual Box.  I grabbed all of the wallpapers located in /usr/share/backgrounds/xfce and created a .zip archive.  When I went to email that archive to myself via Gmail, Google warned me that there was a virus detected. I wanted to bring this up with the community and hopefully someone would have an answer as to why this occurred.

Thank you

ScreenShots