10 replies to this topic

[beastman]

Hello!

Detected as Trojan.FakeAlert
database version 7019

[nosirrah]

Please zip and attach your copy.

[nosirrah]

I double checked both versions of putty currently available and neither is detected so we wont be able to progress further without the version you have.

[beastman]

nosirrah, on 04 July 2011 - 01:35 PM, said:

Please zip and attach your copy.

sorry here it is
it's about ten years old

Attached Files

•  putty.rar   175.71KB   6 downloads

[nosirrah]

I am unable to verify that this ever existed before today, is this a custom build or modified in some way?

[beastman]

nosirrah, on 04 July 2011 - 03:00 PM, said:

I am unable to verify that this ever existed before today, is this a custom build or modified in some way?

One thing I'm almost sure is that i downloaded it from LAN sometime between 2006 and 2007.

[nosirrah]

The reason I ask is that there is decent evidence that this has only existed for about 6 hours. The MD5 has no hit as all on google and virustotal shows an initial scan earlier today. The other possibility is that for some reason putty was polymorphic back then and everyone got their own MD5 but I do not think that is likely.

The reason I was asking about default version VS. customized is that it would change how we process this.

Either way I am looking into this now.

[rpa]

Hi,
I get a false(?) positive with the version directly from the PuTTY download page:

http://www.chiark.gr...y/download.html

The latest release version (beta 0.62). For Windows on Intel x86 PuTTY: putty.exe

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Omistaja :: OMISTAJA-PC [administrator]

01/05/2012 14:14:59
mbam-log-2012-05-01 (14-14-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219798
Time elapsed: 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Omistaja\Desktop\putty.exe (Trojan.Swrort) -> Quarantined and deleted successfully.

(end)

Attached Files

•  putty.zip   258.15KB   4 downloads

[ballinascreen]

I also started receivng

rpa, on 01 May 2012 - 06:28 AM, said:

Hi,
I get a false(?) positive with the version directly from the PuTTY download page:

http://www.chiark.gr...y/download.html

The latest release version (beta 0.62). For Windows on Intel x86 PuTTY: putty.exe

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.05

Windows 7 Service Pack 1 x64 NTFS

I also started receiving warnings from Malwarebytes for the same version of PuTTY [0.62 beta] earlier today. Also tried downloading a fresh copy of PuTTY from the web and still the same Trojan.Swrort alert.


Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421

Regards,

Shane

[Imperator]

I too have begun to receive warnings from Malwarebytes for PuTTY 0.62 beta across our network. A fresh copy of PuTTY still gets flagged. Every time the alert is warning that PuTTY.exe is infected with Trojan.Swrort.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
Malwarebytes Anti-Malware (Corporate) 1.61.0.1400

Database version: v2012.05.01.05

Windows 7 SP1 x64 & x32

[Fatdcuk]

Ok looking into this now folks.Thanks for the reports(s)


Edit/Update.

Confirmed that the recent detection is indeed a F/P.

This will be fixed on the next update cycle.