[ale] windows virus?

Robert Reese ale at sixit.com
Tue Jun 1 15:04:51 EDT 2010

Hello Paul,

Tuesday, June 1, 2010, 5:58:06 AM, you wrote:

> pbc      26683     1  0 May24 ?        00:00:00 C:
> \windows\temp\IXP000.TMP\LS_ISL~2.exe                              

> after killing those processes, I could not find ANY files in my windows/temp
> folder.. ( .wine/drive_c$/windows/temp )

> a google showed LS_ISL~1.exe, but not 2..
> I very rarely use wine for anything, and the last file changes in windows &
> Program Files is from December.

Yes, it looks like a malware first detected back on March 23rd and again around April 7th or 8th.




Also, it appeared to have downloaded twice, hence the '2' at the end  rather than a '1'.

IIRC, Wine "automagically" takes over for Windows executables, and the malware was likely therefore launched through an exploit in the browser; a telltale sign is that it was running from a Temp directory.

I doubt it did anything outside of hammer your CPU, however.  Still, I'd make sure there isn't anything new in the Wine startup (if there is one).


More information about the Ale mailing list