Forums Help & support AxCrypt infected?

This topic contains 3 replies, has 2 voices, and was last updated by  Svante 3 weeks ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #5361 Reply

    Ralph

    I read a topic on here about a tampered AxCrypt file circulating.

    I downloaded AxCrypt 2 today and scanned it on VirusTotal like I do with all my downloads and it suggests that the installation file is infected with <TrojanDropper.Daws.gpp>.

    I know that this is probably a false positive as only 1 of 55 scanners (Jiangmin) reported it infected but it got me worried.

    https://www.virustotal.com/en/file/8c6856038c15ff231e66521fc4cef210226083b6b134de64e36b31f149b22b48/analysis/

    #5362 Reply

    Svante
    Keymaster

    Hello Ralph,

    Thanks for the heads up. It does indeed to appear to be a false positive. Googling for ‘TrojanDropper.Daws.gpp’ finds other instances where ‘Jiangmin’ is the only only engine to report that threat for other files.

    Fortunately virustotal also shows a SHA256 hash of the submitted sample, so I can confirm that your download was not tampered with – it’s the original from us. We publish current checksums here: https://www.axcrypt.net/cryptographic-hashes-files/ .

    I cannot stress how important it is that anyone who finds something suspicious, such as virus engine alerts or incorrect or suspicious digital signatures include:

    – A sample of the file in question.
    – A correct and full URL of where it was downloaded. (‘The AxCrypt site’ is not precise enough, the full URL as shown in the browser address bar, please!). I.e.: https://www.axcrypt.net/download/ which is the official download page, or even  https://account.axcrypt.net/download/axcrypt-2-setup.exe which is the actual download itself.

    #10186 Reply

    Ray

    Hi Ralph,

    I noticed that VirusTotal detects the following for version 1.7.31.80.0

    Is this a false positive?

    3/64 detections

    SHA-256 6a075e415a3c98e835997d0896aab2da5ba0565bd2bf4a6a7a05afdd8c25870a
    File name AxCrypt-1.7.3180.0-Setup.exe
    File size 3.16 MB
    Last analysis 2018-03-26 21:22:59 UTC

    CAT-QuickHeal Trojan.IGENERIC
    ESET-NOD32 a variant of Win32/RiskWare.Meterpreter.C
    Cyren W32/Trojan.RDFI-4164

     

     

    Downlaoded from: http://www.axantum.com/Download/AxCrypt-1.7.3180.0-Setup.exe

    #10188 Reply

    Svante
    Keymaster

    Hello Ray,

    That’s a false positive, or as I’d like to call it irresponsible defamatory, slanderous, libellous and malicious. Get a refund for your “anti-virus”. The makers of anti-virus software will flag anything, from anyone, for any reason and will never ever take responsibility for their actions.

    All of the above is dependent of course on that you have downloaded the correct software from our site, and that it’s digitally signed by us, “AxCrypt AB”, and not just any file named AxCrypt-1.7.3180.0-Setup.exe, but the link does appear almost ok although it can’t actually be used directly as a link. You will be redirected to the new download site. If you go to  http://www.axantum.com/AxCrypt/Downloads.html and download it, you’ll get the correct file.

Viewing 4 posts - 1 through 4 (of 4 total)
Reply To: AxCrypt infected?
Your information: