OK, I plan to get round to that later today.
Thank you for your replies, it is appreciated :)
DragExt.dll is described here https://winscp.net/eng/docs/dragext
. It is an extension of the file explorer which keeps it locked and does not allow it to be deleted without uninstaller and restart.
Should you find WinSCP on your system again, please:
- Check the version: right click the .exe select Properties and check Details tab.
- Get the MD5 of the winscp.exe (you may use FCIV https://www.microsoft.com/en-us/download/details.aspx?id=11533
- Now compare the MD5 with the one from https://winscp.net/eng/download.php
At that moment we will know more. Perhaps Secunia PSI found some traces (may be incorrectly) of WinSCP on your system and decided to install newer version over it.
It seems unlikely to me that someone would install WinSCP on your system to do something nasty with it. WinSCP does not listen on any port for commands. It needs to be operated locally. Someone would need access for instance to your remote desktop to do something with it. If this is possible then you should be looking for open ports on your system. But be prepared to Google on those ports to exclude false positives:
netstat -a | find "LISTENING"