Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: WinSCP is a Trojan

Pom Bear wrote:

WinSCP hooks up to the Windows shell behind "explorer.exe" opening sub thread which full almost all Antivirus programs. But if You are careful soon or later ( most probably ) You will found that something wrong is going on - especially when You found WinSCP thread working even when You didn't Use WinSCP at all.

Can you provide us with more details about your concern? It is difficult to respond to a generic accusation like this.

But anyway, WinSCP indeed hooks Windows Explorer. You can read more about it here:
https://winscp.net/eng/docs/dragext
The extension can be loaded into Explorer, even when WinSCP is not running.
On the other hand, it is just a hook, there's no thread running behind doing anything. So I'm not sure if this is what you mean. Is it?
Pom Bear

WinSCP is a Trojan

Sorry to disappoint You but, Yes WinSCP is a Trojan.

WinSCP hooks up to the Windows shell behind "explorer.exe" opening sub thread which full almost all Antivirus programs. But if You are careful soon or later ( most probably ) You will found that something wrong is going on - especially when You found WinSCP thread working even when You didn't Use WinSCP at all.

Welcome to the Victim List !
martin

Re: Winscp432.exe quarantined by Kapersky Internet Security 2011

Kaspersky seem to raise alert on every recent fresh release of WinSCP. They usually fix this with the next virus definition update.
See https://winscp.net/tracker/530
wgtwalker

Winscp432.exe quarantined by Kapersky Internet Security 2011

When I downloaded Winscp432.exe installer (20:30 24-Feb-2011 GMT), Kapersky Internet Security scanned it and didn't complain.
When I ran the installer, the installer complained that it couldn't access a necessary folder, so I cancelled that installation and instead "ran as administrator".

This time, Kapersky quarantined the installer, warning that is is "legal software that can be used by criminals for damaging your computer or personal data PDM.Trojan.generic".
Nevertheless, despite this, the installer DOES appear to have upgraded winscp to version 4.3.2!

I am running Kapersky Internet Security v 11.0.1.400 (a.b.c.d) under Windows 7.
Guest

Report "false positives" to the AV vendor. They will use various technologies to try to detect software that may be malicious, and make mistakes in the process. Reporting it to the vendor will prompt them to clean it up.
Shep

Re: Windows 7 kaspersky WinScp: pdm worm/trojan

My system is also picking up WINSPC as Suspicious (PDM Keylogger) It makes me a little concerned as I'd prefer to be sure that my antivirus is working. Just completed a manual update and running a full scan. Does anyone know if Kaspersky is looking into this yet?

- Shep
Me

PDM Trojan/worm generic

I got it too. Happened when installing an official demo version of an audio editing programme from NCH audio and telephony software. The file was scanned with Kaspersky 2010 before opening and no threats were detected! I think its a false alarm.
martin

richard4339 wrote:

Ok. Just downloaded the file again today. Kaspersky isn't identifying it now.

Thanks for information.

This issue is being tracked.
richard4339

Ok. Just downloaded the file again today. Kaspersky isn't identifying it now.
Guest

09.01.2010 03:41:38: PDM.Trojan.generic G:\SOFT N

09.01.2010 03:41:38: PDM.Trojan.generic G:\SOFT NEW\WINSCP\WINSCP425SETUP.EXE Setup for WinSCP 4.2.5 (SFTP, FTP and SCP client)
martin

Well, I've meant another report by other anti-virus application.
The fact it is reported as "generic trojan" just supports my assumption it is false alarm.
richard4339

I've gotten it too, twice now. Verified the MD5 from the install executable. Also running Kaspersky 2010. Attached a screenshot. Glad to see it's not just me. I always get freaked out by this.

<invalid hyperlink removed by admin>
Full size here: <invalid hyperlink removed by admin>

Details:
Windows 7 Pro x64

Kaspersky Internet Security 2010 Version 9.0.0.736
Database Version: 1/4/2010

If you need any additional information, I'll do my best to provide it.

Edit: I mentioned I did do the checksum, thought I'd show that screenshot too.

<invalid hyperlink removed by admin>
martin

Re: Windows 7 kaspersky WinScp: pdm worm/trojan

Thanks for your post. Though, as it is almost two weeks from the release and you are the only one to report this, I consider it to be a false positive (unless I get more reports).
Toro

Windows 7 kaspersky WinScp: pdm worm/trojan

I can not install WinSCP 4.2.5 on Windows 7 64b ult.

Kaspersky says its: PDM trojan generic/PDM worm P2P generic.

Installed it from sourceforge.net, tried different mirrors on sf.

Older versions of winscp: 4.23 and before kaspersky doesn't complain about.

greets,
toro.