You are here

PuTTY: Virus Found

5 posts / 0 new
Last post
Technological
Offline
Last seen: 9 years 3 months ago
Joined: 2015-08-25 12:43
PuTTY: Virus Found

I just ran clam win and it found this virus (below) in my portable app putty.exe has someone got a hold of the download and infected it?

Win.Trojan.Rozena-1108 FOUND

John T. Haller
John T. Haller's picture
Online
Last seen: 18 min 22 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Scan Online

As always, scan it online with Virus Total before proceeding:
https://portableapps.com/support#false_positive

Of course, the base putty.exe is perfectly clean, however ClamAV currently has a broken definitions set that alerts on this particular file as do the couple antiviruses that base on ClamAV:
https://www.virustotal.com/en/file/8aafc0858cb440910b9b7f237124f37338959...

Sometimes, the impossible can become possible, if you're awesome!

Technological
Offline
Last seen: 9 years 3 months ago
Joined: 2015-08-25 12:43
I use virustotal online all the time.

I use virustotal online all the time, the thing that concerned me, was for some reason this was the first time it showed up on my local clam scan and then it had those 2 others on virus total. So it got me a bit concerned. Why is it they are putting an actual identity to the "virus" if it is a false positive or they are recognizing it as a virus but not really sure what one. Why doesn't it come up unidentified?

It's Me!

John T. Haller
John T. Haller's picture
Online
Last seen: 18 min 22 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
False Positives

ClamAV and ClamWin have rather frequent false positives on Windows, so I'm surprised you haven't seen it before. Definitions aren't foolproof and look for specific markers in code to identify viruses. Virus definitions files include, essentially, both blacklists (the known virus patterns) and whitelists (patterns of legitimate software). Often the patterns that match a virus will also match some legitimate software that doesn't something similar like connect to the internet. Sometimes a given virus will actually include some legitimate software within itself to handle some of its operations like connections to the internet. This specific virus, Rozena, has caused false positives in putty on and off for the last 5 years in multiple antivirus apps. Likely, Rozena includes some bits of putty within itself.

Sometimes, the impossible can become possible, if you're awesome!

Technological
Offline
Last seen: 9 years 3 months ago
Joined: 2015-08-25 12:43
Thank you!

Thanks John,

I have seen false positives, just not on putty. That was what threw me.

I appreciate your help.

It's Me!

Log in or register to post comments