Guest beastman

putty.exe

11 posts in this topic

Hello!

Detected as Trojan.FakeAlert

database version 7019

Share this post


Link to post
Share on other sites

Please zip and attach your copy.

Share this post


Link to post
Share on other sites

I double checked both versions of putty currently available and neither is detected so we wont be able to progress further without the version you have.

Share this post


Link to post
Share on other sites

Please zip and attach your copy.

sorry here it is

it's about ten years old

putty.rar

Share this post


Link to post
Share on other sites

I am unable to verify that this ever existed before today, is this a custom build or modified in some way?

Share this post


Link to post
Share on other sites

I am unable to verify that this ever existed before today, is this a custom build or modified in some way?

One thing I'm almost sure is that i downloaded it from LAN sometime between 2006 and 2007.

Share this post


Link to post
Share on other sites

The reason I ask is that there is decent evidence that this has only existed for about 6 hours. The MD5 has no hit as all on google and virustotal shows an initial scan earlier today. The other possibility is that for some reason putty was polymorphic back then and everyone got their own MD5 but I do not think that is likely.

The reason I was asking about default version VS. customized is that it would change how we process this.

Either way I am looking into this now.

Share this post


Link to post
Share on other sites

Hi,

I get a false(?) positive with the version directly from the PuTTY download page:

http://www.chiark.gr...y/download.html

The latest release version (beta 0.62). For Windows on Intel x86 PuTTY: putty.exe

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.01.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Omistaja :: OMISTAJA-PC [administrator]

01/05/2012 14:14:59

mbam-log-2012-05-01 (14-14-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219798

Time elapsed: 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Omistaja\Desktop\putty.exe (Trojan.Swrort) -> Quarantined and deleted successfully.

(end)

putty.zip

Share this post


Link to post
Share on other sites

I also started receivng

Hi,

I get a false(?) positive with the version directly from the PuTTY download page:

http://www.chiark.gr...y/download.html

The latest release version (beta 0.62). For Windows on Intel x86 PuTTY: putty.exe

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.01.05

Windows 7 Service Pack 1 x64 NTFS

I also started receiving warnings from Malwarebytes for the same version of PuTTY [0.62 beta] earlier today. Also tried downloading a fresh copy of PuTTY from the web and still the same Trojan.Swrort alert.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.01.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Regards,

Shane

Share this post


Link to post
Share on other sites

I too have begun to receive warnings from Malwarebytes for PuTTY 0.62 beta across our network. A fresh copy of PuTTY still gets flagged. Every time the alert is warning that PuTTY.exe is infected with Trojan.Swrort.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

Malwarebytes Anti-Malware (Corporate) 1.61.0.1400

Database version: v2012.05.01.05

Windows 7 SP1 x64 & x32

Share this post


Link to post
Share on other sites

Ok looking into this now folks.Thanks for the reports(s)

Edit/Update.

Confirmed that the recent detection is indeed a F/P.

This will be fixed on the next update cycle.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.