Topic "Windows 7 kaspersky WinScp: pdm worm/trojan"

Author Message
Toro

Guest


I can not install WinSCP 4.2.5 on Windows 7 64b ult.

Kaspersky says its: PDM trojan generic/PDM worm P2P generic.

Installed it from sourceforge.net, tried different mirrors on sf.

Older versions of winscp: 4.23 and before kaspersky doesn't complain about.

greets,
toro.
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Thanks for your post. Though, as it is almost two weeks from the release and you are the only one to report this, I consider it to be a false positive (unless I get more reports).
richard4339
[View user's profile]

Joined: 2010-01-04
Posts: 2
Location: IL
I've gotten it too, twice now. Verified the MD5 from the install executable. Also running Kaspersky 2010. Attached a screenshot. Glad to see it's not just me. I always get freaked out by this.

<invalid hyperlink removed by admin>
Full size here: <invalid hyperlink removed by admin>

Details:
Windows 7 Pro x64

Kaspersky Internet Security 2010 Version 9.0.0.736
Database Version: 1/4/2010

If you need any additional information, I'll do my best to provide it.

Edit: I mentioned I did do the checksum, thought I'd show that screenshot too.

<invalid hyperlink removed by admin>
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Well, I've meant another report by other anti-virus application.
The fact it is reported as "generic trojan" just supports my assumption it is false alarm.

Last edited by martin on 2010-01-11; edited 1 time in total
Guest




09.01.2010 03:41:38: PDM.Trojan.generic G:\SOFT NEW\WINSCP\WINSCP425SETUP.EXE Setup for WinSCP 4.2.5 (SFTP, FTP and SCP client)
richard4339
[View user's profile]

Joined: 2010-01-04
Posts: 2
Location: IL
Ok. Just downloaded the file again today. Kaspersky isn't identifying it now.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
richard4339 wrote:
Ok. Just downloaded the file again today. Kaspersky isn't identifying it now.

Thanks for information.

This issue is being tracked.
Me

Guest


I got it too. Happened when installing an official demo version of an audio editing programme from NCH audio and telephony software. The file was scanned with Kaspersky 2010 before opening and no threats were detected! I think its a false alarm.
Shep

Guest


My system is also picking up WINSPC as Suspicious (PDM Keylogger) It makes me a little concerned as I'd prefer to be sure that my antivirus is working. Just completed a manual update and running a full scan. Does anyone know if Kaspersky is looking into this yet?

- Shep
Guest




Report "false positives" to the AV vendor. They will use various technologies to try to detect software that may be malicious, and make mistakes in the process. Reporting it to the vendor will prompt them to clean it up.
wgtwalker
[View user's profile]

Joined: 2010-07-26
Posts: 2
Location: UK
When I downloaded Winscp432.exe installer (20:30 24-Feb-2011 GMT), Kapersky Internet Security scanned it and didn't complain.
When I ran the installer, the installer complained that it couldn't access a necessary folder, so I cancelled that installation and instead "ran as administrator".

This time, Kapersky quarantined the installer, warning that is is "legal software that can be used by criminals for damaging your computer or personal data PDM.Trojan.generic".
Nevertheless, despite this, the installer DOES appear to have upgraded winscp to version 4.3.2!

I am running Kapersky Internet Security v 11.0.1.400 (a.b.c.d) under Windows 7.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Kaspersky seem to raise alert on every recent fresh release of WinSCP. They usually fix this with the next virus definition update.
See https://winscp.net/tracker/show_bug.cgi?id=530
_________________
Martin Prikryl
Pom Bear

Guest


Sorry to disappoint You but, Yes WinSCP is a Trojan.

WinSCP hooks up to the Windows shell behind "explorer.exe" opening sub thread which full almost all Antivirus programs. But if You are careful soon or later ( most probably ) You will found that something wrong is going on - especially when You found WinSCP thread working even when You didn't Use WinSCP at all.

Welcome to the Victim List !
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Pom Bear wrote:
WinSCP hooks up to the Windows shell behind "explorer.exe" opening sub thread which full almost all Antivirus programs. But if You are careful soon or later ( most probably ) You will found that something wrong is going on - especially when You found WinSCP thread working even when You didn't Use WinSCP at all.

Can you provide us with more details about your concern? It is difficult to respond to a generic accusation like this.

But anyway, WinSCP indeed hooks Windows Explorer. You can read more about it here:
https://winscp.net/eng/docs/dragext
The extension can be loaded into Explorer, even when WinSCP is not running.
On the other hand, it is just a hook, there's no thread running behind doing anything. So I'm not sure if this is what you mean. Is it?
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License