Netflix Desktop

Virus warning

Asked by Alexander

Hi, i just scanned my home directory (ClamAV) and i get warnings about sillauncher.exe (PUA.Win32.Packer.SetupExeSection).
Since only Wine setup i run was Netflix desktop, would be interestin to know if this is ClamAV glitch or the setup files are infected.

Is there any other users having the same problem?
Lubuntu 13.04
ClamAV engine - 0.97.8
AV definitions - current

Best regards

Question information

Language:
English Edit question
Status:
Solved
For:
Netflix Desktop Edit question
Assignee:
No assignee Edit question
Solved by:
Sebastian Lackner
Solved:
Last query:
Last reply:
Revision history for this message
Best Sebastian Lackner (slackner) said : 		#1

Hi,

I assume you mean sllauncher.exe, not sillauncher.exe. This file is part of Silverlight, so I think its most likely a false positive. Moreover the term "PUA." just means "potentially unwanted software", not that it is really harmful. From what I've read in other forum threads it also recognizes a lot of other programs as "potentially unwanted" and marks them like a virus.

Some details why its very unlikely that you got a virus there:

Basically Netflix-Desktop (and also Pipelight) downloads all the required 3rd party plugins directly from the provider (in this case Microsoft), and verifies the sha256sum checksum afterwards. This ensures that the downloaded file is really the same we have checked earlier. The packages itself are signed by the launchpad server, so its also not possible that you have installed some kind of modified version, when you're using our PPA.

Even if you think that you probably somehow got a virus in your wine prefix, its sufficient to run:
rm -rf ~/.wine-browser
On the next start of Netflix-Desktop the folders will be recreated, based on the package.
If its really the file shipped with Silverlight it will of course get reinstalled immediately.

If you want to verify that the package itself has downloaded only the unmodified files (which should always be the case), you can run:
sha256sum /var/lib/wine-browser-installer/*

The expected output should look like this (depending on the modules you have installed):
abb189f17e65e73d61843247ad1af7c997318b7854fa850a04e5f9d9a20cdd03 /var/lib/wine-browser-installer/FirefoxSetup.exe
984ed15e23a00a33113f0012277e1e680c95782ce2c44f414e7af14e28e3f1a2 /var/lib/wine-browser-installer/wine-mpg2splt-installer.cab
b0e476090206b2e61ba897de9151a31e0182c0e62e8abd528c35d3857ad6131c /var/lib/wine-browser-installer/wine-silverlight4-installer.exe
dd45a55419026c592f8b6fc848dceface7e1ce98720bf13848a2e8ae366b29e8 /var/lib/wine-browser-installer/wine-silverlight5.0-installer.exe
6254f18b680a2ab4d007e5a8a344539ee819bd33d1d054e1302fcd964d63f732 /var/lib/wine-browser-installer/wine-silverlight5.1-installer.exe

If you see any file with the same name, but different checksum than above please report back, so we can take a closer look at it.

Sebastian

Revision history for this message
Alexander (alexander-starek) said : 		#2

Hi Sebastian,

here is checksum of my files:
abb189f17e65e73d61843247ad1af7c997318b7854fa850a04e5f9d9a20cdd03 /var/lib/wine-browser-installer/FirefoxSetup.exe
2b844bc6a0b5c2bbcdbb0c403475b10ca4a7dff3210a7c4f5d9521841cf052b1 /var/lib/wine-browser-installer/NetflixIcon.png
6254f18b680a2ab4d007e5a8a344539ee819bd33d1d054e1302fcd964d63f732 /var/lib/wine-browser-installer/wine-silverlight5.1-installer.exe

So no difference from your checksum..

Thanks!
Alexander