Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jul 5th, 2008, 7:02pm
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Scanner (Moderators: Helena, Gavin_Coe, Magnus)
   AxCrypt 1.6.4.1 		« Previous topic | Next topic »
Pages: 1    Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: AxCrypt 1.6.4.1  (Read 172 times)
enriewill
Newbie
*





   


Posts: 3
AxCrypt 1.6.4.1
« on: Apr 13th, 2008, 12:00pm »
Hello everybody.
 
I was quite surprise when I did find a trojan in AxCrypt 1.6.4.1  
 
 
C:\Program Files\Axon Data\AxCrypt\1.6b3.3\Notify.exe (TrojanDownloader.Zlob.1374)
 
 
C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe (TrojanDownloader.Zlob.1374)
 
 
I use TrojanHunter 5.0  962
 
 
 
I did send an e-mail at Axantum:
 
 
Here is what I get when I do a scan of AxCrypt 1.6.4.1 with trojanhunter.
 
 
What do you guys say to thisHuh
 
 
Thanks!!
 
Hello,
 
 
 
There is no Trojan, no malware nothing at all except what should be there in AxCrypt.
 
 
 
You’re welcome to download the source, recompile and confirm the findings. We disclose all the source code, there is nothing hidden.
 
 
 
You have what is called a false positive.
 
 
 
Best regards,
 
 
 
 
Axantum Software AB
« Last Edit: Apr 13th, 2008, 3:48pm by siliconman01 » IP Logged
Jrb
Full Member
***



I love YaBB 1G - SP1!

   


Posts: 207
Re: AxCrypt 1.6.4.1
« Reply #1 on: Apr 13th, 2008, 12:28pm »
Already reported by Pete here:
http://www.misec.net/forum/board/TrojanHunter/1208023949
 
 
As for this:
Quote:

 

 
I don't like that comment.
 
BTW: every scanner can have a false positive; we all know that.
« Last Edit: Apr 13th, 2008, 3:48pm by siliconman01 » IP Logged
enriewill
Newbie
*





   


Posts: 3
Re: AxCrypt 1.6.4.1
« Reply #2 on: Apr 13th, 2008, 1:12pm »
Me too I don't like that.  It is not very professional...
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5468
Re: AxCrypt 1.6.4.1
« Reply #3 on: Apr 13th, 2008, 1:46pm »
Now that Pete has sent in the two files, I am confident Gavin will fix the 2 FPs shortly.  I e-mailed him again on this. I suspect that you will see a fix on the next ruleset update.  
 
Holler back if this is not fixed in the next couple of days.   Wink
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
enriewill
Newbie
*





   


Posts: 3
Re: AxCrypt 1.6.4.1
« Reply #4 on: Apr 13th, 2008, 1:51pm »
ok !!  Thank you very much!!  Smiley
IP Logged
spy1
Full Member
***



I love YaBB 1 Gold!

   
Email

Gender: male
 Posts: 227
Re: AxCrypt 1.6.4.1
« Reply #5 on: Apr 13th, 2008, 1:52pm »
Will do. Thanks again. Pete
IP Logged
svante
Newbie
*





   


Posts: 1
Re: AxCrypt 1.6.4.1
« Reply #6 on: Apr 13th, 2008, 2:59pm »
Hello,
 
I am the author of AxCrypt, and also the writer of the comment about TrojanHunter, deemed unprofessional in this thread.
 
I would like to point a few things, before being judged.
 
The comment was made in a personal and private e-mail addressed to "lolpo kiujk" (here using the name 'enriewill'), which sent me a e-mail with a false positive report from TrojanHunter stating that the AxCrypt installer contained a trojan. I found the e-mail a bit agressive in tone, and choose to respond to the specific question in an ironic manner.
 
The comment was not directed towards the makers of TrojanHunter in general, but was a personal response made in frustration with both the fact of the false positive, as well as the tone of voice in the e-mail from "lolpo kiujk" (obviously not a real name, but rather a random hammering on the keyboard).
 
Now for some background to explain a bit of the frustration.
 
AxCrypt is free and open source. Every last bit of source code is available for download, perusal and recompilation by anyone with the appropriate tools. It also uses other open source components, among them NSIS, a program to make installers for Windows.
 
NSIS comes with many plug-ins. One of them is called 'nsisdl', and is a simple component that can perform a HTTP GET and retrieve the result. This is used by the AxCrypt installer to send the registration information (if allowed by the user - nothing whatsoever is sent without the users consent) to our server, so we have somewhere to send notifications of upgrades.
 
Several years ago, Norton Anti-Virus picked up on this plug-in component and flagged AxCrypt and numerous other softwares as malware - all being false positive - just for having the capability of issuing a HTTP GET (that's what any browser does anytime you enter something in the address bar and hit return). Thereafter during the coming year, one after another of the anti-virus software makers did the same thing. Each time I had to defend myself from these false claims, and a general feeling of helplessnes came with it. What can I do? A single developer of free software agains Norton et. al.? Not much - fortunately bigger fish than me were troubled by this and slowly it resolved it-self.
 
Since then, perhaps once a year, along comes a new maker of scanning software claiming that AxCrypt contains this or that malware. I get the feeling that these scanning signatures are slowly making the global rounds, popping up in new places time after time again.
 
It is very frustrating having to defend myself against these claims time after time, and even more so when I get angry e-mails from various users around the globe who think that I'm a bad guy trying to take control over their computers or whatever.
 
I have yet to receive so much as an apology from any anti-virus maker for the trouble caused. Not once have I heard anything, at best the false positive has been removed more or less promptly.
 
So, when this popped up again today, in the form of an e-mail (this was not the first actually about TrojanHunter, there was another one the same day) that was formulated rather agressive as I found it, I vented my frustration a bit.  
 
I was not expecting the sender of the e-mail to publish this private e-mail in a public forum without asking my permission, which would have been denied.
 
If there's a 'report abuse' function of this board I will ask to have the post removed - if not, and a moderator reads this, please remove the quotation earlier in this thread by 'enriewill' of the personal e-mail sent by me to him. It was never intended for publication.
 
I would not use a derogatory remark in a public forum, although I still am of the opinion that makers of anti-virus software takes these issues far too lightly. A single false positive can cost years of reputation-building, and there is absolutely no defense against frivolous signature pattern matching like this.
 
I have even gone to the length of purchasing a certificate enabling me to digitally sign the installer with Authenticode. One would think that an anti-virus scanner would think twice before reporting an officially signed and verifiable executable as malware... After all, it's not like I'm anonymous if there's a digital signature on the executable.
 
Best regards,
 
Svante (my real name by the way).
« Last Edit: Apr 13th, 2008, 3:22pm by svante » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5468
Re: AxCrypt 1.6.4.1
« Reply #7 on: Apr 13th, 2008, 3:51pm »
I have edited out the part that is inappropriate.  
 
This thread is now locked and the subject is hopefully satisfactorily closed.  
 
I have also e-mailed Magnus with the relevant information.  If he wishes to reverse my actions, he's the boss.   Wink
« Last Edit: Apr 13th, 2008, 3:56pm by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1    Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register