This is most likely a false positive. Trojan.ADH.2 is a name Symantec uses to identify heuristically detected "unknown" threats -- i.e. things that don't match the signature of any known threat but have qualities that make Symantec suspicious. A quick web search suggests that false positives identifying this threat are quite common. Cygwin's FAQ also suggests that their product in general tends to spook antivirus software.
A thread on the Norton forums contains instructions to restore the files from quarantine, exclude the files from future scanning, and submit samples of them to Symantec engineers so they can adjust the heuristic to avoid that particular class of false positive.
Спасибо за ответ. Я думал, что это также был ложный положительный результат, но потом я заметил, что все мои ключи ssh были изменены на доступ 777, что заставляет меня думать, что это была законная инфекция.
Sinsanator 10 лет назад
1
2
Ben Cassell
I had the exact same problem after I updated yesterday, but my SSH keys are all fine. It is almost definitely a false positive from Symantec. Unfortunately Symantec also decided to --delete-- my executables instead of quarantining them.
Just in case you've encountered the same problem, you can re-install these executables by rerunning the Cygwin installer and choosing to re-install the cygwin / coreutils / cygutils packages.
1
hiroki
Я отправил ложный положительный запрос на locale.exe в Symantec, и они подтвердили мое представление. Они будут распространять новые определения LiveUpdate, которая удаляет обнаружение для locate.exe.
Но извините, у меня не было проблем с tzset.exe, поэтому статус этого пока неизвестен ...
1
Chris Kuklewicz
Update from July 2014: Symantec again uses the (obviously crazy) Tojan.ADH.2 heuristics to label Cygwin's latest col.exe, tzset.exe, and locale.exe as viruses (for the quarantine or deletetion thereof).
So any learning that Symantec did last year has work off.
I have also submitted these to Symantec as false positives, they have (again?) verified their tools is rogue:
In relation to submission [3576111].
Upon further analysis and investigation we have verified your submission and as such this detection will be removed from our products.
The updated detection will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at ...