winscp.exe
Discovery date: Saturday December 26th 2009What is winscp? it is malware executable threat and has been seen here first hand.
Malware File name " winscp.exe "
Mal-ware Trojan name: This one appears under several alias's and is a Win 32 related trojan (User Email address stealer and collected address Emailer)
Found on HP 4400 Laptop
"Software used to find the Mal-ware :SpyBot S &D
Attempted removal in normal mode results :Spybot Appeared to remove yet threat remained on next reboot, detection was normal mode"
"Soybot S&D was ran a second time in normal mode."
Attempted removal in Safe mode results after removing the startup entry with SpyBot:Spybot: Mal-ware no longer detected and didn't show up on reboot or during a file search for winsc.* threat was gone on reboot into normal mode"
Apparently Spybot got it on the second normal boot ran and before the startup entry was unchecked. Other notes: This Mal-ware was found on a laptop connected to the local network with a server running on another machine yet the server (OS) went un-infected although one research attempt on the net suggested the possibility of spreading to machines within a network. The server was running a Sygate Firewall and logged UDP and ICMP attempts from the infected machine. The packet sending was so severe it brought down the networks access to and from the internet with only intermittent successful access. The trouble accessing the network led to the discovery of this particular Mal-ware problem, then Sygate was then installed on the infected machine, the attempts to access the net made from the machine was prevented by the Sygate Firewall at which time internet access returned to all other machines,a Don't ever ask me again was checked, there by also identifying the mal-ware program by name at that prompt, (winscp.exe). (Don't expect this mal-ware to always have the same name and there are legit programs by this same name and a file by this name on your machine may not be mal-ware.
And that my friend is why I still use the Sygate firewall, and it doesn't suck up all your system resources either.
