Originally Posted by unixfool
No virtual environment alone makes you safe from attacks or malware, no matter what OS you're using.
Not seeing the AV alert description or name would mean that we'd have to make some assumptions. One assumption is that if you're running Linux in a virtual environment and the host OS is Windows-based, you're safe, if you've checked the Linux ISO's MD5 hash to ensure it wasn't altered and that you've check to see that the software is authentic. In my experience, most Windows-based AV products generate false positives when they attempt to scan *nix-based files (I believe this may be what has happened to you).
You probably need to try again to see if you can duplicate the alert and do a deeper investigation.
Thanks unixfool. Here's an update.
I also believed it could be a false positive. AVG offered to go online for information but I was't on the net.
To be safe, I deleted and formated the pendrive. I then scanned the Ubunto .exe from pendrivelinux which I had stored elsewhere but which had never been on the net. It reported the same backdoor trojan. So unless the home site was infected it had to be a false positive.
Back online I downloaded new copies of the QKB.exe(Knoppix) @ the Ubunto form of it. I updated the AVG. With the new update everythng scanned clean. So it was apparently a false positive for a few days or less and then was correted.
I further experimented with the actual pendrivelinux OS. It is much smaller and uses the actual windows media player which comes up in the vista window, not the virtual window! So some sort of crossover is at work, at least with that setup. It may be only a HAL sort of virtual crossover that may not allow an active code through - like using the cd player or the wireless. I don't know.
I am not too worried about the knoppix being corrupted, it is an ISO. The little .exe programs are another matter. But the great thing is that with the separate bits in files on my hardrive I can make a new setup in minutes. This allows a total "scorched earth" policy towards the pendrive knoppix virtual machine. Corrupted? Goodbye. I'm only concerned about the host machine being infected.
I read somewhere that reaseachers use virtual machines to explore the darkside of the internet and then merely delete them when corrupted. That's what inspired me to look for this setup - along with convience of use and carry. Plus changing a windows box to linux while you use it, then taking it all away with you.
If anyone else has insights into this "virtual window crossover to host" I hope you will comment. Thanks to all.