Jump to content

putty.exe


Guest beastman

Recommended Posts

Guest beastman

I am unable to verify that this ever existed before today, is this a custom build or modified in some way?

One thing I'm almost sure is that i downloaded it from LAN sometime between 2006 and 2007.

Link to post
Share on other sites

The reason I ask is that there is decent evidence that this has only existed for about 6 hours. The MD5 has no hit as all on google and virustotal shows an initial scan earlier today. The other possibility is that for some reason putty was polymorphic back then and everyone got their own MD5 but I do not think that is likely.

The reason I was asking about default version VS. customized is that it would change how we process this.

Either way I am looking into this now.

Link to post
Share on other sites
  • 9 months later...

Hi,

I get a false(?) positive with the version directly from the PuTTY download page:

http://www.chiark.gr...y/download.html

The latest release version (beta 0.62). For Windows on Intel x86 PuTTY: putty.exe

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.01.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Omistaja :: OMISTAJA-PC [administrator]

01/05/2012 14:14:59

mbam-log-2012-05-01 (14-14-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219798

Time elapsed: 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Omistaja\Desktop\putty.exe (Trojan.Swrort) -> Quarantined and deleted successfully.

(end)

putty.zip

Link to post
Share on other sites

I also started receivng

Hi,

I get a false(?) positive with the version directly from the PuTTY download page:

http://www.chiark.gr...y/download.html

The latest release version (beta 0.62). For Windows on Intel x86 PuTTY: putty.exe

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.01.05

Windows 7 Service Pack 1 x64 NTFS

I also started receiving warnings from Malwarebytes for the same version of PuTTY [0.62 beta] earlier today. Also tried downloading a fresh copy of PuTTY from the web and still the same Trojan.Swrort alert.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.01.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Regards,

Shane

Link to post
Share on other sites

I too have begun to receive warnings from Malwarebytes for PuTTY 0.62 beta across our network. A fresh copy of PuTTY still gets flagged. Every time the alert is warning that PuTTY.exe is infected with Trojan.Swrort.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

Malwarebytes Anti-Malware (Corporate) 1.61.0.1400

Database version: v2012.05.01.05

Windows 7 SP1 x64 & x32

Link to post
Share on other sites

Ok looking into this now folks.Thanks for the reports(s)

Edit/Update.

Confirmed that the recent detection is indeed a F/P.

This will be fixed on the next update cycle.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.