Hi guys, I'm new to Linux and have been learning it for the past week or so. I've installed many distros on VM's just to mess around. Anyways, I just installed another Kali VM and when I opened it up the antivirus on my host OS found a virus:
Object: http://archive-2.kali.org/kali/pool/main/w/webshells/webshells_1.1-0kali0_all.deb
Threat: ASP/Ace.Q Trojan
Connection terminated

Is this something I need to worry about? From what I've read its a pretty severe backdoor? I was surprised when it was found because I thought there were no connections between the host OS and guest OS (unless there are shared folders?)

Appreciate any help!

Given the nature of the tools in Kali, I'm sure many/most of them would be flagged by anti-virus.

Just to be safe, I'd verify the SHA1 hashes; even if you got the download from kali.org or an authorized mirror.

Given the nature of the tools in Kali, I'm sure many/most of them would be flagged by anti-virus.

Just to be safe, I'd verify the SHA1 hashes; even if you got the download from kali.org or an authorized mirror.

Appreciate the reply. I'm pretty sure I downloaded it via torrent through the official page. The hashes don't match though. Also, the .iso I have is 3.09gb compared to the 2.6gb on the official page. The hashes match this torrent: https://kat.cr/kali-linux-2-0-x64-t11079575.html#main

I forgot to mention that this virus was detected when I did apt-get update. Is it possible for my host OS (Win 7) to flag the tools in my Kali VM? I have another Kali VM installed and I haven't had any issues with it.

You're welcome :)

Hmm, if the hashes don't match, then something went wrong somewhere.

I haven't had AV flag anything in a Kali VM. However, I did tell my anti-virus to ignore the directory where my VMs are stored, just to be safe.

Hei guys I just installed NOD32 on my Kali 2.0 after complete scan I get "a variant of Java/Exploit.CVE-2012-4681.DA" on location usr/share/metasploit-framework/vendor/bundle/ruby/2.2.0/cache/........ my question is this metasploit tool for the(my) kali OS or Im fucked? I also getting threats 23237.pl, 17.pl, 22999.pl, 474.sh on location usr/share/exploitdb/platforms/windows/dos/ and usr/share/exploitdb/platforms/php/webapps/... Is it completely normal or do I ned some hard cleaning, someone?