Fwd: Winetricks links with Trojans

[Dan Kegel]

fyi.

---------- Weitergeleitete Nachricht ----------
Von: "Lunac Crane" <major...@inbox.com>
Datum: 15.03.2015 19:16
Betreff: Winetricks links with Trojans
An: <da...@spamfreekegel.com>
Cc: <da...@spamfreekegel.com>, <da...@kegel.com>

Hi,

You really need to have a better way of communicating than one that requires a Google account. Your Gmail address Captcha is broken, always saying it's wrong (gotta love Captcha and Google!). They told me off for posting in WineHQ Forums about Winetricks.

In any case, I wanted to mention that while scanning for viruses with ClamAV (FOSS), it showed some of the Winetricks-downloaded files had Window$ Trojans in them:

.cache/winetricks/dx8sdk/dx81sdk_full.exe: Win.Trojan.Agent-746576 FOUND
drive_c/DXSDK/samples/Multimedia/VBSamples/DirectShow/bin/VB_Trimmer.exe: Win.Trojan.Agent-746576 FOUND

I think it's the same one by the number reference. You might want to run some virus-scan or another on any new winetricks links you add. It's unlikely that the Trojans will actually work right, but nobody wants to spread Trojans.

Thanks for all the Winetricks!

____________________________________________________________
GET FREE 5GB EMAIL - Check out spam free email with many cool features!
Visit http://www.inbox.com/email to find out more!

[Zhenbo Li]

I found a new link from Filewatcher[1]:
ftp://ftp.cles.mlc.edu.tw/msdn/MsDownload/directx/8.1/sdk/DX81SDK_FULL.exe

Is it suitable for us to use?


[1]: http://www.filewatcher.com/m/DX81SDK_FULL.exe.173778784-0.html

> --
> You received this message because you are subscribed to the Google Groups
> "winetricks-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to winetricks-de...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.



--
Have a nice day!
Zhenbo Li

[Shannon VanWagner]

Sweet! So is this the new wget?

wget https://raw.githubusercontent.com/Winetricks/winetricks/master/src/winetricks

Cheers!

[Shannon VanWagner]

Sorry, wrong email...

As for alternative download locations.. I always try to match the sha1sum of the file from the new site to the one from the old site (goes without saying probably). That should be a trojan-free way of checking it, no?

But, I guess if someone never had the original file, they might not have a reference point..

Thanks for the heads up on this... will be sure to increase scrutiny on any alternate d/l file.

Cheers!

[Austin English]

It has the same sha1sum:
austin@debian-home:~/src/winetricks$ wget
ftp://ftp.cles.mlc.edu.tw/msdn/MsDownload/directx/8.1/sdk/DX81SDK_FULL.exe
--2015-04-16 01:12:55--
ftp://ftp.cles.mlc.edu.tw/msdn/MsDownload/directx/8.1/sdk/DX81SDK_FULL.exe
=> ‘DX81SDK_FULL.exe’
Resolving ftp.cles.mlc.edu.tw (ftp.cles.mlc.edu.tw)... 203.71.16.3
Connecting to ftp.cles.mlc.edu.tw
(ftp.cles.mlc.edu.tw)|203.71.16.3|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /msdn/MsDownload/directx/8.1/sdk ... done.
==> SIZE DX81SDK_FULL.exe ... 173778784
==> PASV ... done. ==> RETR DX81SDK_FULL.exe ... done.
Length: 173778784 (166M) (unauthoritative)

DX81SDK_FULL.exe
100%[=======================================================================================================>]
165.73M 2.30MB/s in 1m 51s s

2015-04-16 01:14:51 (1.49 MB/s) - ‘DX81SDK_FULL.exe’ saved [173778784]

austin@debian-home:~/src/winetricks$ sha1sum DX81SDK_FULL.exe
61b5733209205e942f37431ee40da712e1f50e6a DX81SDK_FULL.exe
austin@debian-home:~/src/winetricks$ grep
61b5733209205e942f37431ee40da712e1f50e6a src/winetricks
w_download http://www.darwinbots.com/numsgil/dx81sdk_full.exe
61b5733209205e942f37431ee40da712e1f50e6a

I'm removing it from winetricks.

-Austin