January 30, 2017 at 00:32 #5361
I read a topic on here about a tampered AxCrypt file circulating.
I downloaded AxCrypt 2 today and scanned it on VirusTotal like I do with all my downloads and it suggests that the installation file is infected with <TrojanDropper.Daws.gpp>.
I know that this is probably a false positive as only 1 of 55 scanners (Jiangmin) reported it infected but it got me worried.January 30, 2017 at 08:22 #5362
Thanks for the heads up. It does indeed to appear to be a false positive. Googling for ‘TrojanDropper.Daws.gpp’ finds other instances where ‘Jiangmin’ is the only only engine to report that threat for other files.
Fortunately virustotal also shows a SHA256 hash of the submitted sample, so I can confirm that your download was not tampered with – it’s the original from us. We publish current checksums here: https://www.axcrypt.net/cryptographic-hashes-files/ .
I cannot stress how important it is that anyone who finds something suspicious, such as virus engine alerts or incorrect or suspicious digital signatures include:
– A sample of the file in question.
– A correct and full URL of where it was downloaded. (‘The AxCrypt site’ is not precise enough, the full URL as shown in the browser address bar, please!). I.e.: https://www.axcrypt.net/download/ which is the official download page, or even https://account.axcrypt.net/download/axcrypt-2-setup.exe which is the actual download itself.March 28, 2018 at 14:59 #10186
I noticed that VirusTotal detects the following for version 126.96.36.199.0
Is this a false positive?
File name AxCrypt-1.7.3180.0-Setup.exe
File size 3.16 MB
Last analysis 2018-03-26 21:22:59 UTC
ESET-NOD32 a variant of Win32/RiskWare.Meterpreter.C
Downlaoded from: http://www.axantum.com/Download/AxCrypt-1.7.3180.0-Setup.exeMarch 28, 2018 at 22:19 #10188
That’s a false positive, or as I’d like to call it irresponsible defamatory, slanderous, libellous and malicious. Get a refund for your “anti-virus”. The makers of anti-virus software will flag anything, from anyone, for any reason and will never ever take responsibility for their actions.
All of the above is dependent of course on that you have downloaded the correct software from our site, and that it’s digitally signed by us, “AxCrypt AB”, and not just any file named AxCrypt-1.7.3180.0-Setup.exe, but the link does appear almost ok although it can’t actually be used directly as a link. You will be redirected to the new download site. If you go to http://www.axantum.com/AxCrypt/Downloads.html and download it, you’ll get the correct file.