sshd.exe infected with IDP.Generic?

Brian Inglis Brian.Inglis@SystematicSw.ab.ca
Sat Jul 11 19:45:08 GMT 2020


On 2020-07-11 08:47, Ernie Rael wrote:
> I guess I'll chalk up to coincidence the "rm *" that I didn't knowingly type (it
> was in the typeahead buffer when less finally finished and I had been "randomly"
> hitting keys to get it to end) followed shortly thereafter by avast moving
> sshd.exe to quarantine. I suppose the command could have mysteriously come from
> some history since I do use the rm command regularly ;-) Hmm, use -I? I lost
> almost nothing since the admin acct in cygwin's /home is only used for ssh to
> local and there are backups to look at.
> 
> As far as getting things back to normal...
> 
> Asking avast to "put it back" failed. I did "extract" it, but owner/permissions
> seem screwed up.
>> $ ls -l sshd.exe
>> ----rwxr-x+ 1 Administrators SYSTEM 721939 Feb 18 09:05 sshd.exe
> I put it back, with u+rx, ran cygwin's setup and it's package had been updated
> recently, sshd was updated, and things seem back to normal. First I had virus
> scanned the entire system, took all day, it did find something in an archived
> copy of a system I had 10 years ago.

To extract anything from your downloaded packages directory, you can use an
elevated admin shell command like:

$ tar -xv -C / -f <downloaded packages
directory>/*tp*%3a%2f%2f*cygwin*%2f/x86*/release/openssh/openssh-8.3p1-1.tar.xz
usr/sbin/sshd.exe

to extract the relative path under the Cygwin root  (important, why I jam -c /
before -f to avoid forgetting it!) - that way I don't have to mv it from under
my current directory if I forget to add it at the end.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in IEC units and prefixes, physical quantities in SI.]


More information about the Cygwin mailing list