X-Recipient: archive-cygwin@delorie.com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org F1182383F846
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1594411185;
	bh=+L0IYPmtkbPcgoO6QGCmCaO2AaffGkZCxqjW3Vpl5HQ=;
	h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=X/+sP0TUC04aPTrtg4lYdDgcrO/i87dgyQQ9C7GBTJUaPpzfpG0Qe3TLR/P9ttfv8
	 HA1I6ZflkL9SH+v2uxIVDuLMoH6/UjqpCudPRQ27Ff1isdF/NhdVsXunR7kjHXYaGq
	 X31jcrIq8kwVqdJmJH6pzmmu1hGLxKasEBDL4Wig=
X-Original-To: cygwin@cygwin.com
Delivered-To: cygwin@cygwin.com
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org AB86E3844044
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=bGZ2AGp7mNWfsslSZ6LW48c8TkES5B5QO88AYigYyAQ=;
 b=fkhzob+mfY4/beEi+Jo7EedxSq9sfdyVyT9+3U/YfbVSjPVqNhS1yipk1p3epl128d
 n8RDIr44Aoe0vKvHPFNfwHW+/OM6xRZtnCt/mWAWMNIAkFMnku05oJns8XJCFn+NvXnL
 GP5QMumMn/mytiC2+ymqflhE6xddAoci1z8e2SudQLM5DYZh255IH/v35QrxGQG6bMFB
 2FLp3HbrIyxi7e+lqaiUUXl4+PiIbg41jJVKvJky+LxrdW8qj5h3CGZr2DwY3phtLjbq
 7z/j6m3Ya7SJOUxZTJMDfN1HqKOFvEC4eYi9esiT4D6I4lNXh7tcyVlT2M/QBi2B/slx
 Ae2Q==
X-Gm-Message-State: AOAM533Sp8DjqztKa+RxXg4SaJ8OV6fuFifZx4xxNwI1pkALRKaYnNZ9
 s7kfl2u5g9mnZaGNkFbxSK6bSltn
X-Google-Smtp-Source: ABdhPJw8EJY6syckVNTxEMsg/ov1rI0QaLGoxNFkFHXLxvix+oKPqdh6zyp/lUA95UxOCeWo2ZHCpw==
X-Received: by 2002:a17:906:c102:: with SMTP id
 do2mr60734253ejc.126.1594411179593; 
 Fri, 10 Jul 2020 12:59:39 -0700 (PDT)
Subject: Re: sshd.exe infected with IDP.Generic?
To: cygwin@cygwin.com
References: <14cda058-251c-21f2-e153-edf37ef9ef91@raelity.com>
Message-ID: <a2092c3c-e153-7035-5806-68d143000ddd@gmail.com>
Date: Fri, 10 Jul 2020 21:59:38 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <14cda058-251c-21f2-e153-edf37ef9ef91@raelity.com>
Content-Language: it
X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <http://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <http://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
From: Marco Atzeri via Cygwin <cygwin@cygwin.com>
Reply-To: Marco Atzeri <marco.atzeri@gmail.com>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: cygwin-bounces@cygwin.com
Sender: "Cygwin" <cygwin-bounces@cygwin.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 06AK0CuU014807

On 10.07.2020 21:01, Ernie Rael wrote:
> On Win7. To get an elevated shell, I typically do "$ ssh xxx@yyy". And 
> not very often.
> 
> Below is an excerpt of something potentially horrible that just happened.
> 
> Note the
> 
>     rm *
> 
> I exited the shell. I did the "ssh..." again (yeah I'm crazy), in a 
> different bash window. And this time avast reported that it stashed 
> sshd.exe into the virus chest.
> 

check on a online virus scan.
I will bet in a false positive

--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple