[Bug 34556] New: wineserver sending SYNs to remote ports 139 and 445
http://bugs.winehq.org/show_bug.cgi?id=34556 Bug #: 34556 Summary: wineserver sending SYNs to remote ports 139 and 445 Product: Wine Version: 1.7.1 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: wineserver AssignedTo: wine-bugs(a)winehq.org ReportedBy: ppalloy(a)gmail.com Classification: Unclassified Created attachment 46006 --> http://bugs.winehq.org/attachment.cgi?id=46006 screenshot of UbSC history Ubuntu 13.04 + ppa.launchpad.net/ubuntu-wine/ppa/ubuntu raring main Since automatic updates via Ubuntu Software Centre to wine on 15 Sept (attached) whenever wineserver is running, it is sending out lots of SYNs to lots of remote IPs on ports 139 and 445. This ( http://www.davekimble.org.au/problem.wineserver.txt )is the output from sudo netstat -anp | grep tcp done before, during and after wineserver is launched to run Paint Shop Pro v5. It shows the current network connections and their processes. It doesn't matter what .exe is running, or if none is. These packets amount to 56 kbps of outgoing data. It only stops when I kill wineserver. Since ports 139 and 445 are network folder ports for Samba and Windows File Sharing, this looks like an attempt to connect to unprotected remote network folders. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34556 --- Comment #1 from Dave Kimble <ppalloy(a)gmail.com> 2013-09-19 23:02:45 CDT --- Created attachment 46007 --> http://bugs.winehq.org/attachment.cgi?id=46007 netstat output -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34556 Dmitry Timoshkov <dmitry(a)baikal.ru> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |normal --- Comment #2 from Dmitry Timoshkov <dmitry(a)baikal.ru> 2013-09-19 23:30:18 CDT --- Looks like you've got a virus. Does this happen with a fresh wine prefix? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34556 --- Comment #3 from Dave Kimble <ppalloy(a)gmail.com> 2013-09-20 00:27:15 CDT --- Sorry, I don't know what you mean by "a fresh wine prefix". -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34556 --- Comment #4 from Dmitry Timoshkov <dmitry(a)baikal.ru> 2013-09-20 01:00:55 CDT --- (In reply to comment #3)
Sorry, I don't know what you mean by "a fresh wine prefix".
rm -rf ~/.wine -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34556 --- Comment #5 from Dave Kimble <ppalloy(a)gmail.com> 2013-09-20 01:43:38 CDT --- After "rm -rf ~/.wine" my launcher icons in lxpanel were still present, and when clicked there was a dialog saying ~/.wine was being reconfigured, and then nothing else happened. I suppose that's not surprising. So I tried to install a safe application via teracopy-setup.exe right-> Open With > Wine Windows Program Loader > and it said the file was corrupt. npp.6.4.5.Installer.exe the same. And Wine has disappeared from Ubuntu/lxpanel's top level menu. I think it's time to do a clean install, don't you? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34556 --- Comment #6 from Dave Kimble <ppalloy(a)gmail.com> 2013-09-20 01:45:23 CDT --- I should add that the SYNs started again with wineserver, and ended when I killed it. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34556 --- Comment #7 from Dave Kimble <ppalloy(a)gmail.com> 2013-09-20 17:39:12 CDT --- Having archived the damaged wine, I tried to uninstall with USC GUI, but it said it wasn't installed. Same from the CLI. Nevertheless "wine --version" reports wine-1.6 . -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34556 Dave Kimble <ppalloy(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |INVALID --- Comment #8 from Dave Kimble <ppalloy(a)gmail.com> 2013-09-22 17:17:15 CDT --- W32:Tenga discovered. It spread from Wine to the other Windows boxes on my LAN via port 139, and trashed them all. CLOSED -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34556 Dan Kegel <dank(a)kegel.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED CC| |dank(a)kegel.com --- Comment #9 from Dan Kegel <dank(a)kegel.com> 2013-09-22 23:21:29 CDT --- Closing invalid. Also sent a note to wine-devel noting the successful run of a virus. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org