Jump to content


Photo

putty.exe


  • Please log in to reply
10 replies to this topic

#1 beastman

beastman

    New Member

  • Members
  • Pip
  • 3 posts

Posted 04 July 2011 - 11:24 AM

Hello!

Detected as Trojan.FakeAlert
database version 7019

#2 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 04 July 2011 - 01:35 PM

Please zip and attach your copy.
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 04 July 2011 - 01:38 PM

I double checked both versions of putty currently available and neither is detected so we wont be able to progress further without the version you have.
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 beastman

beastman

    New Member

  • Members
  • Pip
  • 3 posts

Posted 04 July 2011 - 02:29 PM

Please zip and attach your copy.

sorry here it is
it's about ten years old

Attached Files



#5 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 04 July 2011 - 03:00 PM

I am unable to verify that this ever existed before today, is this a custom build or modified in some way?
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 beastman

beastman

    New Member

  • Members
  • Pip
  • 3 posts

Posted 04 July 2011 - 03:21 PM

I am unable to verify that this ever existed before today, is this a custom build or modified in some way?

One thing I'm almost sure is that i downloaded it from LAN sometime between 2006 and 2007.

#7 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 04 July 2011 - 03:31 PM

The reason I ask is that there is decent evidence that this has only existed for about 6 hours. The MD5 has no hit as all on google and virustotal shows an initial scan earlier today. The other possibility is that for some reason putty was polymorphic back then and everyone got their own MD5 but I do not think that is likely.

The reason I was asking about default version VS. customized is that it would change how we process this.

Either way I am looking into this now.
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 rpa

rpa

    New Member

  • Members
  • Pip
  • 1 posts

Posted 01 May 2012 - 06:28 AM

Hi,
I get a false(?) positive with the version directly from the PuTTY download page:

http://www.chiark.gr...y/download.html

The latest release version (beta 0.62). For Windows on Intel x86 PuTTY: putty.exe

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Omistaja :: OMISTAJA-PC [administrator]

01/05/2012 14:14:59
mbam-log-2012-05-01 (14-14-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219798
Time elapsed: 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Omistaja\Desktop\putty.exe (Trojan.Swrort) -> Quarantined and deleted successfully.

(end)

Attached Files



#9 ballinascreen

ballinascreen

    New Member

  • Members
  • Pip
  • 1 posts

Posted 01 May 2012 - 07:58 AM

I also started receivng

Hi,
I get a false(?) positive with the version directly from the PuTTY download page:

http://www.chiark.gr...y/download.html

The latest release version (beta 0.62). For Windows on Intel x86 PuTTY: putty.exe

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.05

Windows 7 Service Pack 1 x64 NTFS


I also started receiving warnings from Malwarebytes for the same version of PuTTY [0.62 beta] earlier today. Also tried downloading a fresh copy of PuTTY from the web and still the same Trojan.Swrort alert.


Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421

Regards,

Shane

#10 Imperator

Imperator

    New Member

  • Members
  • Pip
  • 2 posts
  • Gender:Male

Posted 01 May 2012 - 09:15 AM

I too have begun to receive warnings from Malwarebytes for PuTTY 0.62 beta across our network. A fresh copy of PuTTY still gets flagged. Every time the alert is warning that PuTTY.exe is infected with Trojan.Swrort.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
Malwarebytes Anti-Malware (Corporate) 1.61.0.1400

Database version: v2012.05.01.05

Windows 7 SP1 x64 & x32

#11 Fatdcuk

Fatdcuk

    Malware BBQ'er

  • Moderators
  • PipPipPipPipPipPip
  • 20,543 posts
  • Gender:Male
  • Location:127.0.0.1

Posted 01 May 2012 - 10:04 AM

Ok looking into this now folks.Thanks for the reports(s)


Edit/Update.

Confirmed that the recent detection is indeed a F/P.

This will be fixed on the next update cycle.
Ade Gill
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users