Folks: For the last few days I've been receiving a spat of rejected e-mails; ones I did not send. So I installed ClamAV, and ClamTK and did a complete system-wide scan and came up with these two:

/usr/lib/mono/4.0/mscorelib.dll - UA win32 packerprivateexeprote-7

and

/home/kcredden/.mozaillafirefox/yhm UA win32p packerprivateexeprote-7

Now, I told it to quarantine these files, it did the Mozilla one, but the one in mono was not. I assume I need to be in / to do that since it's /USR

But let me ask; firstly are they malware? I cannot find this on goggle.

#2: Would it be safe to rip this out? For that matter, do I even NEED mono? I did not install mono when I reinstalled the system.

I'll do an image before I do anything risky of course but I wanted your opinion first.

I'm very new to malware on linux. I feel a bit honored. 12 years on linux, first one.

First of all you didn't copy the name right, please be careful what you post, it's "PUA.Win32.Packer.PrivateExeProte-7".
- PUA stands for Potentially Unwanted Applications so it's not a virus but a definition of what some would call "unwanted".
- If you don't trust a package or its contents then verify it against a clean copy from a known trustworthy repo.
- (upload and) scan with another antivirus tool.
*While I shouldn't speculate you'll likely find it's not a virus. That doesn't matter as it's knowing how to verify things that matters.


You didn't tell us what you run and I'm not clairvoyant so only you know if you need Mono.
If unsure just try uninstalling Mono and see what b0rks ;-p


That's like saying "I didn't install /sbin/init" ;-p
It may have been a dependency of Something Completely Different.

the microsoft emulators can get Windows viruses
wine and the "dot net " mono

and this is odd
it should be very different

that is NOT!!! the firefox folder
that would look something like this
replace the 8 ???????? with a random string