• Support
  • Articles
  • Resources
  • Products

Virus Detected during downloading teraterm

Moderator: boris

7 postsPage 1 of 1

zg3409
Newbie

Posts:
4
Joined: Tue Sep 13, 2016 1:43 pm
by zg3409 » Tue Sep 13, 2016 1:49 pm
Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
file:c:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{604AFCDB-CDF9-4291-8FD0-B103AC196AC9}-teraterm-4.92.exe

I am using windows 7. Downloading using Chrome Browser. It refused to run and Microsoft security essentials gave this error, cleaned it and rebooted. I downloaded directly the EXE version (not the ZIP)
boris
Moderator, LogMeTT and TTLEditor developer

Posts:
1593
Joined: Sat Jan 08, 2005 2:52 pm
by boris » Tue Sep 13, 2016 3:02 pm
The download file name from LogMeTT.com is teraterm492.exe. Could you please tell from which website did you download the file teraterm-4.92.exe
Thanks.
Best regards,
Boris
zg3409
Newbie

Posts:
4
Joined: Tue Sep 13, 2016 1:43 pm
by zg3409 » Tue Sep 13, 2016 3:09 pm
From here:
https://en.osdn.jp/projects/ttssh2/releases/

The support link on that page leads to your site.

I think it may be a false positive from Microsofts Secuity essentials. There is a webpage microsoft have where you can upload a password protected zip of the file (with the password "infected". ) If the zip is less than 10MB they allow it.

There is then an option "I believe this file should not be detected as malware"

https://www.microsoft.com/en-us/securit ... ubmit.aspx

Can you compare your version with the version on this site and check and confirm if it is a false positive
zg3409
Newbie

Posts:
4
Joined: Tue Sep 13, 2016 1:43 pm
by zg3409 » Tue Sep 13, 2016 3:12 pm
The exact same happens when I also downloaded it direct from logmett.com
Yutaka Hirata
TeraTerm Developer

Posts:
598
Joined: Wed Jan 12, 2005 2:35 pm
by Yutaka Hirata » Tue Sep 13, 2016 3:13 pm
Hi Boris and everyone,

Thank you for your feedback.

Tera Term does not include virus and malware because Windows defender
or same product reports a suspected erroneous detection(false positive).

My Tera Term v4.92 works well on Windows10(+Norton360) and
Windows7(McAfee VirusScan).

Thanks.
Best regards, Yutaka Hirata
(yutakakn at gmail.com)
http://hp.vector.co.jp/authors/VA013320/
zg3409
Newbie

Posts:
4
Joined: Tue Sep 13, 2016 1:43 pm
by zg3409 » Tue Sep 13, 2016 3:19 pm
I will report the false positive to microsoft
boris
Moderator, LogMeTT and TTLEditor developer

Posts:
1593
Joined: Sat Jan 08, 2005 2:52 pm
by boris » Tue Sep 13, 2016 3:21 pm
I'm personally running version 4.92 on several Windows 7 and 10 PCs and never had issue, however one of the users send us the following message via Contact Us page of our website
I attempted to upgrade TeraTerm to v4.92 and our Malware protection blocked it stating it contained a Trojan.

Malware Name: Trojan:Win32/Varpes.M!cl

This was detected by MS System Center Endpoint Protection.

Tera Term project team will need to investigate this further .

In relation to this it is probably time to start thinking about digitally signing Tera Term executable files. This will help to get rid of numerous popups about' Unknown publisher' at file execution and ensure users that the files are genuine. I've started digitally signing LogMeTT executables 2 years ago. The certificate costs about 100$ per year. I'm not suggesting Tera Term project team to pay for it out of their pocket like I do, but they could revisit their not-taking-donations policy to address this and get the cert.
Thanks.
Best regards,
Boris
Display posts from previous:
Sort by:

7 postsPage 1 of 1

Users browsing this forum: No registered users
cron