Problem with Axcrypt

Discussion in 'Prevx Releases' started by JConLine, Aug 18, 2011.

Thread Status:
Not open for further replies.
  1. JConLine

    JConLine Registered Member

    Joined:
    Apr 16, 2009
    Posts:
    107
    I downloaded and installed the latest version of Axcrypt 1.7.264 and then when I tested it Prevx gave a Malware alert that axdecrypt.exe was malware. I followed the instructions and allowed Prevx to fix the problem. I tested Axcrypt and it seemed to be working normally.

    This morning on my Linux machine, no Axcrypt, I checked my email and I had received an email from myPrevx saying that a virus had, in the last few minutes, been detected on my machine and I should immediately contact them for a scan. Well I was running Linux, no Axcrypt and no Prevx, and had not run Windows since yesterday. The whole thing seemed suspicious to me so I deleted the email.

    I then closed LInux and booted into Windows and ran a Prevx, Malwarebytes, and Eset scan which were all negative.

    Do you know of a problem with Axcrypt being infected and does this email from myPrevx sound legitimate to you?

    Thanks,

    Jim

    Thanks
     
    Last edited: Aug 18, 2011
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello,
    The message from MyPrevx is likely legitimate (a notification about the infection), but you may want to write into our customer support inbox anyway so that they can check what messages will have been sent to you.

    Let me know your results!
     
  3. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Hi Jim

    Am currently running the same version of AxCrypt as you with WRSA installed...and they both play nicely together. But if I remember correctly (it is a while back now) when I first installed AxCrypt, the next time that WRSA ran its scheduled scan it reported axcrypt.exe as malicious (do not remember what it identified it as) and if I had pressed next with the tick box checked I believe that it would have been quarantined.

    Instead what I did was to uncheck the box before pressing Next and I was then offered the chance to have WRSA either Allow, Block or Monitor the .exe. Since then I have not had any issue with WRSA & Axcrypt on my PC.

    So my recommendation is, for what it is worth, is to reinstall Axcrypt and then immediately run a scan (making sure that WRSA is not set to remove the threat automatically). Hopefully you will see what I saw and be able to follow the approach I took...leading to you having Axcrypt installed & usable.

    I should point out that I had installed Axcrypt on other PCs, with no ill effect and so was fairly certain that the .exe was safe.

    Hope that is of use?

    Regards


    Baldrick
     
    Last edited: Aug 19, 2011
  4. xecrets

    xecrets Registered Member

    Joined:
    Aug 19, 2011
    Posts:
    4
    Location:
    Stockholm, Sweden
    Hello,

    I am the author of AxCrypt.

    There is no infection in a distibution from me which is digitally signed with my authenticode certificate in the name 'Axantum Software AB'.

    It is a continuing story trying to defend oneself as an independent developer against the so-called anti-virus companies unfounded allegations.

    It is beyond belief that a serious anti-virus vendor still in 2011 will flag a properly digitally signed executable as malicious.

    If I had the financial resources I would take strong legal action, since this causes sometimes hard or impossible to repair harm to my good standing, and that of my programs.

    Please check that you have the properly digitally signed versions of both the installer and the executable components if you are in doubt. As an additional safety check, the MD5 checksums of the official distributions are available here: http://www.axantum.com/AxCrypt/md5/md5.html .

    Please help the community by reporting your findings as a false positive to your anti-virus vendor. Although the vendors empathically deny this, they do share signatures (or borrow from each other). This is clearly evidenced by the fact that these false-positive situations usually come in swarms where I get a few reports first from one vendor, and then most of the other vendors follow suit. That can't be a coincidence...

    Best regards,

    Svante Seleborg
    Axantum Software AB
     
  5. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Hi Svante

    Firstly, may I say that I am an admirer of your software and have used AxCrypt for a number of years.

    Secondly, I would say that when such a situation occurs I, for one, do report such FPs to the security software provider involved. And in this I case I did so to...such that I can say that if I scan the Axantum folder on my PC WRSA detects no threats...suggesting that any FP re. AxCrypt has been resolved.

    Thirdly, the experience I describe in relation to AxCrypt occurred in the very, very early days on WRSA, and so could most probably be put down to early beta software 'glitches'. As previously advised I have not come across them since.

    From my experience the few FPs I have come across in WRSA (and its predecessor Prevx3) have always been dealt with quickly by Webroot (and previoulsy Prevx), but that does not in any way minimise the very valid points, IMHO, that you have made.

    Regards



    Baldrick
     
    Last edited: Aug 19, 2011
  6. JConLine

    JConLine Registered Member

    Joined:
    Apr 16, 2009
    Posts:
    107
    Hello Svante,

    Thanks for responding to my questions. I downloaded Axcrypt from your site and it had a valid digital signature. I have used Axcrypt for years and have never had the slightest problem with it. This is why I was skeptical from the beginning but to be on the safe side I thought I would contact Prevx about their warning message.

    Prevx responded to my email this morning and they asked me to send a log file to assist them in identifying the problem.

    I agree with both you and Baldrick that it is a FP and I will post their analysis of the log file.

    Jim
     
    Last edited: Aug 19, 2011
  7. JConLine

    JConLine Registered Member

    Joined:
    Apr 16, 2009
    Posts:
    107
    Well, I finally have some resolution to this issue.

    I contacted Prevx support and they first suggested my heuristics were to high so I lower them to default values and re-scanned. With the default heuristics Axdecrypt.exe continued to show as malware so I sent another logfile to Prevx and they answered by saying Prevx should not be flagging Axcrypt and to unintall/re-install Prevx.

    So I did what they suggested and now a Prevx scan does not show Axcrypt as malware.

    So the problem was not with Axcrypt but was an issue with Prevx which was fixed by un-installing and then re-installing Prevx.

    Jim
     
  8. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Great to hear Jim! ;)

    TH
     
  9. x942

    x942 Guest

    Sorry to bump. I am having the same issue. (It is detected as adware). I simple reported as a false positive (which stops it from being detected). Is this fine? Should I reinstall?
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    That should be fine - if you still receive it, you can send a scan log to report@prevxresearch.com and we'll take a look.

    Thanks!
     
Thread Status:
Not open for further replies.