djdexter Posted February 18, 2011 Share Posted February 18, 2011 So randomly while looking with mc one under mnt/user a file xi.exe shows up...which brings the question..is there antivirus for unraid? do we need it...and is the xi.exe a virus? is my unraid build have virus now or can i delete it? Link to comment
Thornwood Posted February 18, 2011 Share Posted February 18, 2011 Linux has very few viruses and it is dificult to infect.... if you copy a file that has a windows virus it wont infect the server but it will infect the windows computers you copy the file to... i would worry about the windows for any virus. Link to comment
sacretagent Posted February 18, 2011 Share Posted February 18, 2011 you could run a scan from your windows machine on the networked share .... if it says this file is a virus ... then eliminate it from within MC but like the user above said ... it will have been probably the windows machine who will have been infected and who wrote the file on the share i would start checking all your windows machines to see if they are not infected also NEVER use a thumbdrive from somebody else without checking it first ... seen this happen already a few times with colleagues that just pass on thumbdrives and then got infected... kaspersky and a few others have a nice app for that that checks every thumb upon insertion Link to comment
sacretagent Posted February 18, 2011 Share Posted February 18, 2011 it is definately a windows worm http://about-threats.trendmicro.com/ArchiveMalware.aspx?language=us&name=WORM_YDORB.FF Malware type: Worm Aliases: Backdoor.Win32.Rirc.b (Kaspersky), W32/Rirc.worm.gen (McAfee), W32.IRCBot (Symantec), BDS/Rirc.B (Avira), W32/Rirc-C (Sophos), In the wild: Yes Destructive: No Language: English Platform: Windows 95, 98, ME, NT, 2000, XP Encrypted: No Overall risk rating: Low Reported infections: Low Damage potential: High Distribution potential: High Description: This malware has both worm and backdoor functionalities. It tries to propagate across the network by accessing shares using a list of user names and passwords. It drops a copy of itself as XI.EXE on accessed shares. It utilizes Internet Relay Chat (IRC) for its backdoor routines. It attempts to connect to an IRC server with IP address, 213.221.189.3. Through this connection, a remote user can gain access to the system, leaving it compromised. It allows the remote user to do any or all of the following: * Create an IRC user account and join a channel * Download WINLIB.EXE from a remote Web site and execute it * Send a message * Get status report from the compromised machine * Ping a particular URL * Disconnect the backdoor connection For additional information about this threat, see: Description created: Apr. 2, 2004 12:05:19 PM GMT -0800 Description updated: Apr. 2, 2004 12:46:54 PM GMT -0800 Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.