Virus Detected on Lite 2.6 Wallpapers

[vagnerafonso]

Greetings,

I recently downloaded Lite 2.6 32Bit and booted it up in Virtual Box.  I grabbed all of the wallpapers located in /usr/share/backgrounds/xfce and created a .zip archive.  When I went to email that archive to myself via Gmail, Google warned me that there was a virus detected. I wanted to bring this up with the community and hopefully someone would have an answer as to why this occurred.

Thank you

ScreenShots

[torreydale]

You should probably include screenshots of the warning and of the actual archive.

[rokytnji]

Gmail gives false positives to err on the side of caution.  They would not take zome zipped up text files of mine for Icewm folder in ~/.icewm that I tried to save.

Gmail is weird like that.

I am not saying there might be a virus embedded in the image since I do not know yet.

https://www.virustotal.com/

[vagnerafonso]

Greetings,

Thank you for this information.  I've uploaded the wallpaper archive using my outlook.com account and it uploaded without issue. I appreciate the feedback and information.

Thanks

[avj]

I have been able to verify this as being flagged by https://www.virustotal.com/en/

The file in question is :  /usr/share/backgrounds/xfce/Entrance.jpg

it was identified by 7 of the 56 scans at virus total as the following:

AVware                              Trojan.Win32.Jpgiframe (v)                          20150901
AhnLab-V3                          HEUR/Iframe                                              20150904
Bkav                                W32.HfsJPEG.D0FF                                      20150904
Cyren                                HTML/IFRAME.gen                                        20150904
F-Prot                                HTML/IFRAME.gen                                        20150904
NANO-Antivirus                  Trojan.Html.Heuristic-script.cadouz                20150904
VIPRE                                Trojan.Win32.Jpgiframe (v)                            20150904

more info at:

https://www.virustotal.com/en/file/650d4...441406529/

[rokytnji]

Weird how comodo, AVG,Avast,ClamAV, Eset-Nod 32, among others give a green check and pass on that file.
Not being a virus expert myself.

With the r/h devel scale practically in the middle with 0  0 on the guage.
No wonder I only use Windows to tune Motorcycles and only for that purpose.

[anon222]

I have been able to verify this as being flagged by https://www.virustotal.com/en/

The file in question is :  /usr/share/backgrounds/xfce/Entrance.jpg

it was identified by 7 of the 56 scans at virus total as the following:

AVware                              Trojan.Win32.Jpgiframe (v)                          20150901
AhnLab-V3                          HEUR/Iframe                                              20150904
Bkav                                W32.HfsJPEG.D0FF                                      20150904
Cyren                                HTML/IFRAME.gen                                        20150904
F-Prot                                HTML/IFRAME.gen                                        20150904
NANO-Antivirus                  Trojan.Html.Heuristic-script.cadouz                20150904
VIPRE                                Trojan.Win32.Jpgiframe (v)                            20150904

more info at:

https://www.virustotal.com/en/file/650d4...441406529/

From that list I've heared about F-prot and VIPRE.
I'm not an expert on viruses. Could be false positive.
Did the check on LL 2.2 also.
https://www.virustotal.com/en/file/1dc15...441398029/

[avj]

If you click on the link I provided for more info, and then click on the "File detail" tab it states:  The file being studied is an image file! More specifically, it is a JPEG. The image has been injected with malicious web content.

In the box right below that statement is what appears to be the code that was injected into the file.

[rokytnji]

Trying a different route with

http://scanthis.net/

which uses

ScanThis is powered by the open source and industry-recognised Clam AV software.

because the file info is not informative at all to me . There is no .exe in it just for starters.
Since the file in question is entrance.jpg.
I am only uploading that one to be scanned presently.
It is still scanning as I type this post out. So will wait to see what is what for sure.
That injected code the other site showed was just jumbled html code which I cannot decipher.

Sure is taking a long long time to scan one .jpg. Must be a zillion virus signatures to look for I guess.



Ok. Got tired of waiting so went to

https://www.metascan-online.com/#!/resul...da/regular



So my uneducated conclusion is that entrance.jpg in /usr/share/backgrounds/xfce/entrance.jpg is tainted somehow since double checked on another site  and I am going to delete it of all my boxes/installs.

It can't hurt to do so. Plus. If you look at my screenshots. I never use the default stuff anyways.


Up to the team to decide where to take this from here. I can only speak for myself.


Because. Even after all that. You still get

[color=rgb(84, 84, 84)]Only a few scan engines detected this file as a threat. If you think it might be a false positive, [/color][color=rgb(0, 166, 221)]find out how to contact the engine vendor on our blog[/color]

Edit> I am closing the scan this tab open right now. It is still not done scanning and my patience aint what it used to be.

[rokytnji]

Code:

harry@harry-Latitude-XT2:~$ sudo -s
[sudo] password for harry:
root@harry-Latitude-XT2:~# cd /usr/share/backgrounds/xfce
root@harry-Latitude-XT2:/usr/share/backgrounds/xfce# ls
Car.jpg        Linux-Lite-Bridge.png          Lite-Coral.png      Stadium.jpg
Cubes.jpg      Linux-Lite-Coast.png           Lite-Gold.png       Thames.jpg
Entrance.jpg   Linux-Lite.jpg                 Lite-Grey.png       Winter.jpg
Gaming.jpeg    Linux-Lite-Mountains-Gold.png  Lite-Lite-2.2.jpg   xfce-blue.jpg
Kids.jpg       Linux-Lite-Sand-Feather.jpg    Lite-Parchment.png
Landscape.jpg  Linux-Lite-Simple-Gray.png     River-Dock.jpg
Liberty.jpg    Linux-Lite-Waves.png           Sea-House.jpg
root@harry-Latitude-XT2:/usr/share/backgrounds/xfce# rm -f Entrance.jpg
root@harry-Latitude-XT2:/usr/share/backgrounds/xfce# ls
Car.jpg                Linux-Lite.jpg                 Lite-Lite-2.2.jpg
Cubes.jpg              Linux-Lite-Mountains-Gold.png  Lite-Parchment.png
Gaming.jpeg            Linux-Lite-Sand-Feather.jpg    River-Dock.jpg
Kids.jpg               Linux-Lite-Simple-Gray.png     Sea-House.jpg
Landscape.jpg          Linux-Lite-Waves.png           Stadium.jpg
Liberty.jpg            Lite-Coral.png                 Thames.jpg
Linux-Lite-Bridge.png  Lite-Gold.png                  Winter.jpg
Linux-Lite-Coast.png   Lite-Grey.png                  xfce-blue.jpg
root@harry-Latitude-XT2:/usr/share/backgrounds/xfce# exit
exit
harry@harry-Latitude-XT2:~$