"Dan Kegel" dank@kegel.com wrote:
http://hiweed.com/node/798 offers "hiweedlayer" for download. It is supposedly a Windows layer like Wine.
Running strings on their single executable, I see messages like %s is being traced! location has changed! abnormal behavior! shell has changed! %s has expired! Please contact your provider
which look like they're from this little bit of malware:
http://forums.fedoraforum.org/archive/index.php/t-25441.html
but perhaps they're just trying to keep people from reverse-engineering their code (or finding out that they have Wine code inside?).
Exactly. Remove everything up to class.tgz.BEGIN in hiweedlayer and untar it somewhere, what we see (reminds me something):
share/ dosdevices/ lib/ bin/ drive_c/ user.reg system.reg my.reg
and inside of lib\
wine\ (with all Wine dll.so files) libwine.so.1 libwine.so.1.0