I just ran clam win and it found this virus (below) in my portable app putty.exe has someone got a hold of the download and infected it?
Win.Trojan.Rozena-1108 FOUND
New: Kanri (Oct 09, 2024), Platform 29.5.3 (Jun 27, 2024)
1,100+ portable packages, 1.1 billion downloads
No Ads November, Please donate today
As always, scan it online with Virus Total before proceeding:
https://portableapps.com/support#false_positive
Of course, the base putty.exe is perfectly clean, however ClamAV currently has a broken definitions set that alerts on this particular file as do the couple antiviruses that base on ClamAV:
https://www.virustotal.com/en/file/8aafc0858cb440910b9b7f237124f37338959...
Sometimes, the impossible can become possible, if you're awesome!
I use virustotal online all the time, the thing that concerned me, was for some reason this was the first time it showed up on my local clam scan and then it had those 2 others on virus total. So it got me a bit concerned. Why is it they are putting an actual identity to the "virus" if it is a false positive or they are recognizing it as a virus but not really sure what one. Why doesn't it come up unidentified?
It's Me!
ClamAV and ClamWin have rather frequent false positives on Windows, so I'm surprised you haven't seen it before. Definitions aren't foolproof and look for specific markers in code to identify viruses. Virus definitions files include, essentially, both blacklists (the known virus patterns) and whitelists (patterns of legitimate software). Often the patterns that match a virus will also match some legitimate software that doesn't something similar like connect to the internet. Sometimes a given virus will actually include some legitimate software within itself to handle some of its operations like connections to the internet. This specific virus, Rozena, has caused false positives in putty on and off for the last 5 years in multiple antivirus apps. Likely, Rozena includes some bits of putty within itself.
Sometimes, the impossible can become possible, if you're awesome!
Thanks John,
I have seen false positives, just not on putty. That was what threw me.
I appreciate your help.
It's Me!