Wine and .url files

F_style · July 4, 2014, 7:45am

I was browsing some of my Windows files (I use dual boot) while having Firefox running, then inside a folder I accidentally double clicked an .url file. What happened next was, a Wine desktop briefly opened then disappeared (I have enabled a virtual desktop on winecfg), and a new tab opened on Firefox loading the page the url seemingly pointed.

Seems a thing named “rundll32” was the one Wine executed to run the .url…
And the file’s code opening it with gedit is:

[InternetShortcut]
URL=(the url itself)
IDList=
HotKey=0
{000214A0-0000-0000-C000-000000000046}]
Prop3=19,2

I’ve never seen this before. Is this a Wine feature? Not a virus/malware related?

wolfi323 · July 4, 2014, 11:58am

.url files are Windows’ Internet Shortcuts (or whatever they are called), i.e. links to a web page.

wine registers itself as handler for .url files (and others), by creating a file ~/.local/share/applications/wine-extension-url.desktop with the following content:

[Desktop Entry]
Type=Application
Name=rundll32
MimeType=application/x-mswinurl;
Exec=env WINEPREFIX="/home/wolfi/.wine" wine start /ProgIDOpen InternetShortcut %f
NoDisplay=true
StartupNotify=true
Icon=1CD8_rundll32.0

Just look into “Configure Desktop”->“File Associations” and search for “url” if you use KDE.

What it does is just call Firefox (via wine-gecko I think) to display the web page.

So no, this is no virus, it is a wine feature.

gogalthorp · July 4, 2014, 5:00pm

“rundll32” is a normal Windows DLL

wolfi323 · July 4, 2014, 5:12pm

Not quite. “rundll32” is a Windows program that can be used to “run” DLLs.

In this case it’s just that “rundll32” is specified as name (and icon) in the .desktop file though.
To actually open a .url file “wine” itself is started, which then launches the virtual Windows’ default browser. (see the “Exec=” line in the .desktop file)

F_style · July 4, 2014, 9:55pm

Thank you very much. I start to understand.

But just to be sure, the .url file came with this exact download, in case you could check it (I still feel a bit frightened…)
http://getebook.org/?p=152555
Yes, it’s just a German book, and I don’t know German very well, but I’m learning it and just wanted to compare some things for didactic purposes…
It’s one of those unfriendly cases in which the password to unzip the archive comes in another download, probably with publicity goals, or something…

But it’s no virus? Will not harm my Windows partition? When installed openSUSE I set it to automatically mount the NTFS Windows partition so it appears as another directory in root /. Though it always needs root permissions to make modifications on it…

Thanks very much, and sorry for this request, but I think I’m still a bit noob on several concepts after all…

wolfi323 · July 4, 2014, 10:20pm

Good book! I bought that (in german) about thirty years ago and still like to read it…

It’s one of those unfriendly cases in which the password to unzip the archive comes in another download, probably with publicity goals, or something…

No. The download is a .zip file, that contains another password protected .zip file with the PDF, a text file with the URL for the password, and that .url file with the same URL that’s pointing to a download hosted at a download hoster (megadown.us).

It’s probably done that way so that automatic scanners cannot detect that this is a copyright infringement.
At least that’s how they do it with illegal download offers, mostly.

Or they just want to get people register at the download hoster to generate income.

Btw, that whole download is just a fake apparently.
Look here for the real password: http://www.youtube.com/watch?v=kElvy1KMSPk
But the PDF file doesn’t contain the book, it just contains 15 pages of instructions for “How to download a file from the internet”.
Bad luck…

But it’s no virus?

No. Again, an .url file is just a shortcut to a web site, it contains only an URL in text form, which you can open in a Web Browser.
And the password protected .zip contains the actual PDF.

Will not harm my Windows partition?

No. Why should it?
Even if it was a virus, it would install itself into wine’s virtual “Windows”, i.e. to ~/.wine/drive_c/.
And if your Windows partition is only writeable by root, no application can do anything there unless you start it as root (which you shouldn’t do with any program anyway unless it is absolutely necessary).

F_style · July 4, 2014, 11:28pm

Thank you very much, mr Wolfi.

And yes, you’re right. It’s indeed a fantastic book, just finished it in my native language, Spanish (also on PDF). Just a bit offtopic, we could discuss a bit about books through PM if you had the will and time, would help me indeed…

But back to topic, oh cr**… So it’s probably harder to look for foreign language books than English ones…
But then, you say that even if it was the worse case possible I’d just have to delete the .wine directory and create it again? (I already did just in case…)
And I use root only when necessary indeed. In fact I feel a bit uncomfortable while as root even if I’m doing work, maintenance…

Again, thanks.

wolfi323 · July 5, 2014, 1:50pm

Well, I don’t read much these days, lack of time…
Sorry.

But back to topic, oh cr**… So it’s probably harder to look for foreign language books than English ones…

You can buy them online, on amazon f.e.

It is possible to also find “foreign language books” (well, for me german is no foreign language ) on the net, although it may be more difficult to find them.
Just have a look at that PDF you downloaded…

But most of those “free downloads” (also for english books or other stuff) are of questionable legality anyway.

But then, you say that even if it was the worse case possible I’d just have to delete the .wine directory and create it again? (I already did just in case…)

Yes. That’s essentially the same as formatting your Windows hard disk and installing Windows from scratch.