http://bugs.winehq.org/show_bug.cgi?id=34556
Bug #: 34556 Summary: wineserver sending SYNs to remote ports 139 and 445 Product: Wine Version: 1.7.1 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: wineserver AssignedTo: wine-bugs@winehq.org ReportedBy: ppalloy@gmail.com Classification: Unclassified
Created attachment 46006 --> http://bugs.winehq.org/attachment.cgi?id=46006 screenshot of UbSC history
Ubuntu 13.04 + ppa.launchpad.net/ubuntu-wine/ppa/ubuntu raring main
Since automatic updates via Ubuntu Software Centre to wine on 15 Sept (attached) whenever wineserver is running, it is sending out lots of SYNs to lots of remote IPs on ports 139 and 445.
This ( http://www.davekimble.org.au/problem.wineserver.txt )is the output from sudo netstat -anp | grep tcp done before, during and after wineserver is launched to run Paint Shop Pro v5. It shows the current network connections and their processes. It doesn't matter what .exe is running, or if none is. These packets amount to 56 kbps of outgoing data. It only stops when I kill wineserver.
Since ports 139 and 445 are network folder ports for Samba and Windows File Sharing, this looks like an attempt to connect to unprotected remote network folders.
http://bugs.winehq.org/show_bug.cgi?id=34556
--- Comment #1 from Dave Kimble ppalloy@gmail.com 2013-09-19 23:02:45 CDT --- Created attachment 46007 --> http://bugs.winehq.org/attachment.cgi?id=46007 netstat output
http://bugs.winehq.org/show_bug.cgi?id=34556
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|major |normal
--- Comment #2 from Dmitry Timoshkov dmitry@baikal.ru 2013-09-19 23:30:18 CDT --- Looks like you've got a virus. Does this happen with a fresh wine prefix?
http://bugs.winehq.org/show_bug.cgi?id=34556
--- Comment #3 from Dave Kimble ppalloy@gmail.com 2013-09-20 00:27:15 CDT --- Sorry, I don't know what you mean by "a fresh wine prefix".
http://bugs.winehq.org/show_bug.cgi?id=34556
--- Comment #4 from Dmitry Timoshkov dmitry@baikal.ru 2013-09-20 01:00:55 CDT --- (In reply to comment #3)
Sorry, I don't know what you mean by "a fresh wine prefix".
rm -rf ~/.wine
http://bugs.winehq.org/show_bug.cgi?id=34556
--- Comment #5 from Dave Kimble ppalloy@gmail.com 2013-09-20 01:43:38 CDT --- After "rm -rf ~/.wine" my launcher icons in lxpanel were still present, and when clicked there was a dialog saying ~/.wine was being reconfigured, and then nothing else happened. I suppose that's not surprising.
So I tried to install a safe application via teracopy-setup.exe right-> Open With > Wine Windows Program Loader > and it said the file was corrupt. npp.6.4.5.Installer.exe the same.
And Wine has disappeared from Ubuntu/lxpanel's top level menu.
I think it's time to do a clean install, don't you?
http://bugs.winehq.org/show_bug.cgi?id=34556
--- Comment #6 from Dave Kimble ppalloy@gmail.com 2013-09-20 01:45:23 CDT --- I should add that the SYNs started again with wineserver, and ended when I killed it.
http://bugs.winehq.org/show_bug.cgi?id=34556
--- Comment #7 from Dave Kimble ppalloy@gmail.com 2013-09-20 17:39:12 CDT --- Having archived the damaged wine, I tried to uninstall with USC GUI, but it said it wasn't installed. Same from the CLI. Nevertheless "wine --version" reports wine-1.6 .
http://bugs.winehq.org/show_bug.cgi?id=34556
Dave Kimble ppalloy@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |INVALID
--- Comment #8 from Dave Kimble ppalloy@gmail.com 2013-09-22 17:17:15 CDT --- W32:Tenga discovered. It spread from Wine to the other Windows boxes on my LAN via port 139, and trashed them all.
CLOSED
http://bugs.winehq.org/show_bug.cgi?id=34556
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED CC| |dank@kegel.com
--- Comment #9 from Dan Kegel dank@kegel.com 2013-09-22 23:21:29 CDT --- Closing invalid.
Also sent a note to wine-devel noting the successful run of a virus.
-
wine-bugs@winehq.org