Well, I have seen false alarms before, due to false positives.... but this time, there are several AV reporting the presence of a virus in sha256t.exe (part of OpenSSH folder):
From virustotal.com
AntiVir 7.8.1.28 2008.09.11 BDS/Padodor.IL
Authentium 5.1.0.4 2008.09.11 W32/Backdoor.XMA
Avast 4.8.1195.0 2008.09.11 Win32:Trojan-gen {Other}
BitDefender 7.2 2008.09.11 Backdoor.Padodor.IL
F-Prot 4.4.4.56 2008.09.11 W32/Backdoor.XMA
Fortinet 3.113.0.0 2008.09.11 PossibleThreat
GData 19 2008.09.11 Backdoor.Padodor.IL
K7AntiVirus 7.10.452 2008.09.11 Backdoor.Win32.Padodor.IL
McAfee 5382 2008.09.11 Generic BackDoor
Panda 9.0.0.4 2008.09.11 Bck/Webber.BU
Prevx1 V2 2008.09.11 Worm
Rising 20.61.32.00 2008.09.11 Backdoor.Agent.iba
Sunbelt 3.1.1628.1 2008.09.11 Backdoor.Padodor.IL
VBA32 3.12.8.5 2008.09.10 Backdoor.Win32.Padodor.gen
Webwasher-Gateway 6.6.2 2008.09.11 Trojan.Backdoor.Padodor.IL
So... maybe this time it is not a false alarm... can somebody confirm if it is a virus, or a lot of false positives? The advantage of opensource software is it can be checked, compiled, and scanned... but "checking" the code is far beyond my capability.