X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org F1182383F846
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1594411185;
	bh=+L0IYPmtkbPcgoO6QGCmCaO2AaffGkZCxqjW3Vpl5HQ=;
	h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=X/+sP0TUC04aPTrtg4lYdDgcrO/i87dgyQQ9C7GBTJUaPpzfpG0Qe3TLR/P9ttfv8
	HA1I6ZflkL9SH+v2uxIVDuLMoH6/UjqpCudPRQ27Ff1isdF/NhdVsXunR7kjHXYaGq
	X31jcrIq8kwVqdJmJH6pzmmu1hGLxKasEBDL4Wig=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.3.2 sourceware.org AB86E3844044
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:subject:to:references:from:message-id:date
	:user-agent:mime-version:in-reply-to:content-language
	:content-transfer-encoding;
	bh=bGZ2AGp7mNWfsslSZ6LW48c8TkES5B5QO88AYigYyAQ=;
	b=fkhzob+mfY4/beEi+Jo7EedxSq9sfdyVyT9+3U/YfbVSjPVqNhS1yipk1p3epl128d
	n8RDIr44Aoe0vKvHPFNfwHW+/OM6xRZtnCt/mWAWMNIAkFMnku05oJns8XJCFn+NvXnL
	GP5QMumMn/mytiC2+ymqflhE6xddAoci1z8e2SudQLM5DYZh255IH/v35QrxGQG6bMFB
	2FLp3HbrIyxi7e+lqaiUUXl4+PiIbg41jJVKvJky+LxrdW8qj5h3CGZr2DwY3phtLjbq
	7z/j6m3Ya7SJOUxZTJMDfN1HqKOFvEC4eYi9esiT4D6I4lNXh7tcyVlT2M/QBi2B/slx
	Ae2Q==
X-Gm-Message-State:	AOAM533Sp8DjqztKa+RxXg4SaJ8OV6fuFifZx4xxNwI1pkALRKaYnNZ9
	s7kfl2u5g9mnZaGNkFbxSK6bSltn
X-Google-Smtp-Source:	ABdhPJw8EJY6syckVNTxEMsg/ov1rI0QaLGoxNFkFHXLxvix+oKPqdh6zyp/lUA95UxOCeWo2ZHCpw==
X-Received:	by 2002:a17:906:c102:: with SMTP id
	do2mr60734253ejc.126.1594411179593;
	Fri, 10 Jul 2020 12:59:39 -0700 (PDT)
Subject:	Re: sshd.exe infected with IDP.Generic?
To:	cygwin AT cygwin DOT com
References:	<14cda058-251c-21f2-e153-edf37ef9ef91 AT raelity DOT com>
Message-ID:	<a2092c3c-e153-7035-5806-68d143000ddd@gmail.com>
Date:	Fri, 10 Jul 2020 21:59:38 +0200
User-Agent:	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
	Thunderbird/68.10.0
MIME-Version:	1.0
In-Reply-To:	<14cda058-251c-21f2-e153-edf37ef9ef91@raelity.com>
X-Spam-Status:	No, score=-1.8 required=5.0 tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version:	SpamAssassin 3.4.2 (2018-09-13) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<http://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<http://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Marco Atzeri via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Marco Atzeri <marco DOT atzeri AT gmail DOT com>
Errors-To:	cygwin-bounces AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 06AK0CuU014807

On 10.07.2020 21:01, Ernie Rael wrote:
> On Win7. To get an elevated shell, I typically do "$ ssh xxx AT yyy". And 
> not very often.
> 
> Below is an excerpt of something potentially horrible that just happened.
> 
> Note the
> 
>     rm *
> 
> I exited the shell. I did the "ssh..." again (yeah I'm crazy), in a 
> different bash window. And this time avast reported that it stashed 
> sshd.exe into the virus chest.
> 

check on a online virus scan.
I will bet in a false positive

--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -