Windows 7 kaspersky WinScp: pdm worm/trojan

Advertisement

Toro
Guest

Windows 7 kaspersky WinScp: pdm worm/trojan

I can not install WinSCP 4.2.5 on Windows 7 64b ult.

Kaspersky says its: PDM trojan generic/PDM worm P2P generic.

Installed it from sourceforge.net, tried different mirrors on sf.

Older versions of winscp: 4.23 and before kaspersky doesn't complain about.

greets,
toro.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,506
Location:
Prague, Czechia

Re: Windows 7 kaspersky WinScp: pdm worm/trojan

Thanks for your post. Though, as it is almost two weeks from the release and you are the only one to report this, I consider it to be a false positive (unless I get more reports).

Reply with quote

richard4339
Joined:
Posts:
2
Location:
IL

I've gotten it too, twice now. Verified the MD5 from the install executable. Also running Kaspersky 2010. Attached a screenshot. Glad to see it's not just me. I always get freaked out by this.

<invalid hyperlink removed by admin>
Full size here: <invalid hyperlink removed by admin>

Details:
Windows 7 Pro x64

Kaspersky Internet Security 2010 Version 9.0.0.736
Database Version: 1/4/2010

If you need any additional information, I'll do my best to provide it.

Edit: I mentioned I did do the checksum, thought I'd show that screenshot too.

<invalid hyperlink removed by admin>

Reply with quote

martin
Site Admin
martin avatar

Well, I've meant another report by other anti-virus application.
The fact it is reported as "generic trojan" just supports my assumption it is false alarm.
Last edited by martin on 2010-01-11; edited 1 time in total

Reply with quote

Guest

09.01.2010 03:41:38: PDM.Trojan.generic G:\SOFT N

09.01.2010 03:41:38: PDM.Trojan.generic G:\SOFT NEW\WINSCP\WINSCP425SETUP.EXE Setup for WinSCP 4.2.5 (SFTP, FTP and SCP client)

Reply with quote

Advertisement

Me
Guest

PDM Trojan/worm generic

I got it too. Happened when installing an official demo version of an audio editing programme from NCH audio and telephony software. The file was scanned with Kaspersky 2010 before opening and no threats were detected! I think its a false alarm.

Reply with quote

Shep
Guest

Re: Windows 7 kaspersky WinScp: pdm worm/trojan

My system is also picking up WINSPC as Suspicious (PDM Keylogger) It makes me a little concerned as I'd prefer to be sure that my antivirus is working. Just completed a manual update and running a full scan. Does anyone know if Kaspersky is looking into this yet?

- Shep

Reply with quote

Advertisement

Guest

Report "false positives" to the AV vendor. They will use various technologies to try to detect software that may be malicious, and make mistakes in the process. Reporting it to the vendor will prompt them to clean it up.

Reply with quote

wgtwalker
Joined:
Posts:
2
Location:
UK

Winscp432.exe quarantined by Kapersky Internet Security 2011

When I downloaded Winscp432.exe installer (20:30 24-Feb-2011 GMT), Kapersky Internet Security scanned it and didn't complain.
When I ran the installer, the installer complained that it couldn't access a necessary folder, so I cancelled that installation and instead "ran as administrator".

This time, Kapersky quarantined the installer, warning that is is "legal software that can be used by criminals for damaging your computer or personal data PDM.Trojan.generic".
Nevertheless, despite this, the installer DOES appear to have upgraded winscp to version 4.3.2!

I am running Kapersky Internet Security v 11.0.1.400 (a.b.c.d) under Windows 7.

Reply with quote

Pom Bear
Guest

WinSCP is a Trojan

Sorry to disappoint You but, Yes WinSCP is a Trojan.

WinSCP hooks up to the Windows shell behind "explorer.exe" opening sub thread which full almost all Antivirus programs. But if You are careful soon or later ( most probably ) You will found that something wrong is going on - especially when You found WinSCP thread working even when You didn't Use WinSCP at all.

Welcome to the Victim List !

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,506
Location:
Prague, Czechia

Re: WinSCP is a Trojan

Pom Bear wrote:

WinSCP hooks up to the Windows shell behind "explorer.exe" opening sub thread which full almost all Antivirus programs. But if You are careful soon or later ( most probably ) You will found that something wrong is going on - especially when You found WinSCP thread working even when You didn't Use WinSCP at all.
Can you provide us with more details about your concern? It is difficult to respond to a generic accusation like this.

But anyway, WinSCP indeed hooks Windows Explorer. You can read more about it here:
https://winscp.net/eng/docs/dragext
The extension can be loaded into Explorer, even when WinSCP is not running.
On the other hand, it is just a hook, there's no thread running behind doing anything. So I'm not sure if this is what you mean. Is it?

Reply with quote

Advertisement

You can post new topics in this forum