×
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
firbury
Former Member
Message 1 of 10
‎05-20-2011 12:50 AM

Encrypted file vs. trojan

I am trialling encryption software called Advanced Encryption Package Professional v. 5.51 ('AEPPRO') which creates self-extracting files.  These files have a double extension which Mcafee detects as a trojan and Mcafee then quarantines my files.  I have tried Mcafee support (five times) and sent to their labs for testing which confirms that my files are trojans and...well that's it, I don't seem to be able to tell anyone that it's not a trojan, it's a file that I created and want.  Question: is it a trojan? I don't think so as the software AEPPRO is widely available and I downloaded my trial from cnet.com.  I have successfully created the encrypted file on a USB stick and transferred it to another computer from which  have been able to open and unlock the file successsfully, but that computer has other virus protection, not Mcafee.  Has anyone else used AEPPRO and successsfully solved this issue because Mcafee don't seem to be able to.

0 Kudos
Reply
9 Replies
Peacekeeper
MVP
MVP
Message 2 of 10
‎05-20-2011 02:19 AM

Re: Encrypted file vs. trojan

Will point someone here as this is deeper than we go.

Usually when they reply you reply to that email adding False detection and name of detection.

In body email add Please review as I think this is a false detection.

I have PM'd an engineer

Message was edited by: Peacekeeper on 20/05/11 7:23:45 PM
0 Kudos
Reply
nownitin
Former Member
Message 3 of 10
‎05-20-2011 02:35 AM

Re: Encrypted file vs. trojan

Hi,

Could you please post the sample ID here which you have submitted to McAfee.

Regards,

Nitin

0 Kudos
Reply
firbury
Former Member
Message 4 of 10
‎05-20-2011 03:35 AM

Re: Encrypted file vs. trojan

McAfee Labs - Beaverton

Current Scan Engine Version:5400.1158

Current DAT Version:6350.0000

Thank you for your submission.

Analysis ID: 6635584

NameFindingsDetectionTypeExtra
briony gadget helpline.pdf.execurrent detectiongeneric malware.ckTrojanno

current detection [ briony gadget helpline.pdf.exe ]

The file submitted is malware that can be detected with curred DAT files. It is recommended that you update your DAT and engine files and scan your computer again.

Regards,

McAfee Labs

0 Kudos
Reply
Hayton
Reliable Contributor
Reliable Contributor
Message 5 of 10
‎05-20-2011 04:09 AM

Re: Encrypted file vs. trojan

Malware writers use the double-extension trick to get users to click on a malicious download. If the hide-extensions flag is set - or if an initial exploit sets it - all the user sees is an innocent pdf or doc file. When the file is opened the executable runs and executes the malware. What your encryption software is producing bears all the hallmarks of malware, so if other vendors are giving the files the all-clear perhaps the McAfee testing needs to be tweaked to analyse the file contents more thoroughly.

As a test, I suggest you upload a couple of files to VirusTotal and see how many AV vendors flag them as suspect.

0 Kudos
Reply
firbury
Former Member
Message 6 of 10
‎05-20-2011 11:27 AM

Re: Encrypted file vs. trojan

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

Briony Gadget Helpline.pdf.exe

Submission date:

2011-05-20 18:17:01 (UTC)

Current status:


Result:
0/ 42 (0.0%)

VT Community


not reviewed
Safety score: -

Print results

AntivirusVersionLast UpdateResult
AhnLab-V32011.05.21.002011.05.20-
AntiVir7.11.8.852011.05.20-
Antiy-AVL2.0.3.72011.05.20-
Avast4.8.1351.02011.05.20-
Avast55.0.677.02011.05.20-
AVG10.0.0.11902011.05.20-
BitDefender7.22011.05.20-
CAT-QuickHeal11.002011.05.20-
ClamAV0.97.0.02011.05.20-
Commtouch5.3.2.62011.05.20-
Comodo87722011.05.20-
Emsisoft5.1.0.52011.05.20-
eSafe7.0.17.02011.05.19-
eTrust-Vet36.1.83382011.05.20-
F-Prot4.6.2.1172011.05.20-
F-Secure9.0.16440.02011.05.20-
Fortinet4.2.257.02011.05.20-
GData222011.05.20-
IkarusT3.1.1.104.02011.05.20-
Jiangmin13.0.9002011.05.20-
K7AntiVirus9.103.46932011.05.20-
Kaspersky9.0.0.8372011.05.20-
McAfee5.400.0.11582011.05.20-
McAfee-GW-Edition2010.1D2011.05.20-
Microsoft1.69032011.05.20-
NOD3261392011.05.20-
Norman6.07.072011.05.20-
nProtect2011-05-20.012011.05.20-
Panda10.0.3.52011.05.20-
PCTools7.0.3.52011.05.19-
Prevx3.02011.05.20-
Rising23.58.04.032011.05.20-
Sophos4.65.02011.05.20-
SUPERAntiSpyware4.40.0.10062011.05.20-
Symantec20111.1.0.1862011.05.20-
TheHacker6.7.0.1.2022011.05.20-
TrendMicro9.200.0.10122011.05.20-
TrendMicro-HouseCall9.200.0.10122011.05.20-
VBA323.12.16.02011.05.19-
VIPRE93372011.05.20-
ViRobot2011.5.20.44702011.05.20-
VirusBuster13.6.365.02011.05.20-
Additional information

MD5   : 36648a023061bbc026af78add696379d
SHA1  : a5fc24ad2106cd2a4e186fa8efe6e3d0cc38b703
SHA256: a2999da32ff2c5fb721c43f1aa102ba45c19596f7fb23866c2ee54e1856af46e
File size : 204003 bytes
Last seen : 2011-05-20 18:17:01
sigcheck:
publisher....: InterCrypto Ltd
copyright....: Copyright (C) 2010
product......: Self-Extracting (Encrypted) Module built by AEP PRO www.aeppro.com
description..: sfxmodul
original name: Self-Extracting (Encrypted) Module built by AEP PRO www.aeppro.com
internal name: Self-Extracting (Encrypted) Module built by AEP PRO www.aeppro.com
file version.: 5, 50, 13901, 6563
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x5BBE0
timedatestamp....: 0x4DBD6AE3 (Sun May 01 14:14:59 2011)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
UPX0, 0x1000, 0x3B000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
UPX1, 0x3C000, 0x20000, 0x1FE00, 7.93, 4a419889b9e6b117a1d673959a7f49b6
.rsrc, 0x5C000, 0x1000, 0xE00, 4.42, c0df1881ac084ab5150391e3f08fd0bf

[[ 10 import(s) ]]
KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
ADVAPI32.dll: FreeSid
COMCTL32.dll: PropertySheetA
COMDLG32.dll: GetOpenFileNameA
GDI32.dll: DeleteDC
ole32.dll: CoTaskMemFree
OLEAUT32.dll: -
SHELL32.dll: ShellExecuteA
SHLWAPI.dll: PathCombineA
USER32.dll: GetDC
Symantec reputation:Suspicious.Insight

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!
0 Kudos
Reply
Peacekeeper
MVP
MVP
Message 7 of 10
‎05-20-2011 02:22 PM

Re: Encrypted file vs. trojan

Maybe nownitin has fixed it retry detection on your pC.

0 Kudos
Reply
firbury
Former Member
Message 8 of 10
‎05-21-2011 12:40 AM

Re: Encrypted file vs. trojan


Mcafee does not detect the creation of the encrypted file.  It is the real-time scanning that quarantines my file when I try to attach it to an email.

I must admit I don't know what the VirusTotal results (above) are telling me - there is no explanation nor summary.

The end result is that Mcafee has again deleted my file. GRRRR.

0 Kudos
Reply
Peacekeeper
MVP
MVP
Message 9 of 10
‎05-21-2011 02:30 AM

Re: Encrypted file vs. trojan

Best to await nownitin's comment.

Real time scanner uses same dats so unsure why will see what he says

0 Kudos
Reply
nownitin
Former Member
Message 10 of 10
‎05-24-2011 07:38 AM

Re: Encrypted file vs. trojan

Hi firbury,

when real time scanning happens, does it show Artemis!0AAF63234E86 detection?, if that is the case Artemis detection should be resolved in another 30-45 minutes.

Detection Generic Malware.ck is also fixed and should be in in real time DATs2 in 2-3 days.

since malware writers use the double-extension trick to get users to click on a malicious download and if you still want to use these files, you can either change the file name limited to one extension only or add the file name based exclusion from the product.

Regards,

Nitin Kumar

McAfee SME

0 Kudos
Reply
How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community

* Important Terms and Offer Details:

  Subscription, Free Trial, Pricing and Automatic Renewal Terms:

  • The amount you are charged upon purchase is the price of the first term of your subscription. The length of your first term depends on your purchase selection (e.g. 1 month or 1 year).  Once your first term is expired, your subscription will be automatically renewed on an annual basis (with the exception of monthly subscriptions, which will renew monthly) and you will be charged the renewal subscription price in effect at the time of your renewal, until you cancel (Vermont residents must opt-in to auto-renewal.)
  • Unless otherwise stated, if a savings amount is shown, it describes the difference between the introductory first term price (available only to customers without an existing McAfee subscription) and the renewal subscription price (e.g., first term price vs. each year thereafter).
  • Pricing is subject to change. If the renewal price changes, we will notify you in advance so you always know what’s going on.
  • You can cancel your subscription or change your auto-renewal settings any time after purchase from your My Account page. To learn more, click here.
  • You may request a refund by contacting Customer Support within 30 days of initial purchase or within 60 days of automatic renewal (for 1 year terms or longer).
  • Your subscription is subject to our License Agreement and Privacy Notice. Subscriptions covering "all" devices are limited to supported devices that you own. Product features may be added, changed or removed during the subscription term.  Not all features may be available on all devices.  See System Requirements for additional information.
  • Free Trial Terms: At the end of your trial period you will be charged $39.99 for the first term. After the first term, you will be automatically renewed at the renewal price (currently $124.99/yr). We will charge you 7-days before renewal. You can cancel at any time before you are charged. ​

 **Free Benefits With Auto-Renewal:

  • For many qualifying product subscriptions McAfee offers additional benefits for free when you are enrolled in auto-renewal. You can check your eligibility for these benefits in your My Account page. Not all benefits are offered in all locations or for all product subscriptions.  System Requirements apply.   Turning off auto-renewal terminates your eligibility for these additional benefits. 
  • Virus Protection Pledge (VPP): If we cannot remove a virus from your supported device we’ll refund you the amount you paid for your current term subscription.  The refund does not apply to any damage or loss caused by a virus.  You are responsible for backing up your data to prevent data loss. See terms here: mcafee.com/pledge.
  • Safe Connect VPN:  You will receive free, unlimited access to our VPN wireless on supported devices. Users not on auto-renewal have access to 500 MB/month of bandwidth.

   Additional Terms Specific to Identity Monitoring Service:

  • Eligibility: McAfee® Identity Monitoring Service Essentials is available within active McAfee Total Protection and McAfee LiveSafe subscriptions with identity monitoring for up to 10 unique emails. Phone number monitoring is enabled upon activation of Automatic Renewal. Not all identity monitoring elements are available in all countries. See Product Terms of Service for more information. 
  • Your subscription is subject to our License Agreement and Privacy Notice. Product features may be added, changed or removed during the subscription term. Some features may require registration and a valid ID number to activate. See System Requirements for additional information.
  • While McAfee Identity Monitoring Service provides you tools and resources to protect yourself from identity theft, no identity can be completely secure.
  • US Only:
    Fair Credit Reporting Act: You have numerous rights under the FCRA, including the right to dispute inaccurate information in your credit report(s). Consumer reporting agencies are required to investigate and respond to your dispute, but are not obligated to change or remove accurate information that is reported in compliance with applicable law. While this plan can provide you assistance in filing a dispute, the FCRA allows you to file a dispute for free with a consumer reporting agency without the assistance of a third party.
  • Identity theft coverage is not available in New York due to regulatory requirements.


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Products

McAfee® Total Protection
McAfee® Gamer Security
McAfee® Identity Monitoring Service
McAfee® Security Scan Plus
McAfee® WebAdvisor
McAfee® Techmaster Concierge
McAfee® Virus Removal Service

Resources

Antivirus
Free Downloads
Parental Controls
Malware
Firewall
 Blogs
Activate Retail Card
Threat Center
McAfee Enterprise

Support

Consumer Support
FAQs
Renewals
Support Community

About

About McAfee
Careers
Contact Us
Newsroom
Investors
Legal Terms
Your Privacy Choices
System Requirements
Sitemap

Copyright © 2022 McAfee, LLC
Copyright © 2022 McAfee, LLC