Author Topic: The Enigma Protector  (Read 18053 times)

0 Members and 1 Guest are viewing this topic.

Enigma

  • Guest
The Enigma Protector
« on: August 24, 2006, 06:51:12 AM »
Hello developers! Can you answer me on the following question
- why Avast identifies that the all executables, protected with Enigma Protector as damage with virus? There are no any kind of viruses! How you can resolve  this problem? The Enigma Protector site: www.enigma.izmuroma.ru

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: The Enigma Protector
« Reply #1 on: August 24, 2006, 08:03:18 AM »
Halio Enigma,

Did you upload this files to jotti ( http://virusscan.jotti.org/de/ ), and what are the findings there. It could be a FP because of the scanner flagging the encrypted files as flalse positives, the same proiblem as with the Sophos Anti-Rootkit tool.
Dit you scan them with DrWeb CureIt, and what were the findings there. But first try jotti. Naboj,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Enigma

  • Guest
Re: The Enigma Protector
« Reply #2 on: August 24, 2006, 08:13:11 AM »
I've scaned it with many antiviruses, and they nothing found in protected, only Avast and Antivir failed... DrWeb CureIt - nothing... I'll check it with jotti later! But, I don't understand why other exe packers/crypters not recognized as virus, only Enigma Protector? There are variants to resolve this problem with developers?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: The Enigma Protector
« Reply #3 on: August 24, 2006, 08:27:36 AM »
Hi Enigma,

Send the false positives to Avast so they may give them the green bill, and prevent annoyances for us all, because false positives does not help anybody.
If they are FP's you can put them in the exclusion list for the momemt.
Also report to the makers of this Enigma Protector.
Install the DrWeb pre-hyperlink scanner in your browser, so you can scan all the links before you click on their servers (a small install for either FF or IE: http://info.drweb.com/show/2653 )

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Enigma

  • Guest
Re: The Enigma Protector
« Reply #4 on: August 24, 2006, 08:48:59 AM »
I talked with Enigma developers and they ask that already mailed with Avast support team about this problem, but have not got answer.

Gender, can you tell me how can I send false positives file(s) to Avast?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: The Enigma Protector
« Reply #5 on: August 24, 2006, 09:10:59 AM »
Hi Enigma,

f you have any suspicious files that are not detected by the latest version of our antivirus programs, you can send them to virus@avast.com. The ideal way to send such files is to compress them as a ZIP with the password 'virus' (so that the attachment is not deleted by some other antivirus software on the way).

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Enigma

  • Guest
Re: The Enigma Protector
« Reply #6 on: August 24, 2006, 09:47:20 AM »
Thanks! I'll do it!

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: The Enigma Protector
« Reply #7 on: August 24, 2006, 01:51:30 PM »
So far i've seen Enigma be used only for malware and nothing else.
Besides avast! didn't clearly identified it as malware, it just showed (i assume) error message because of failed decompression due to god knows what reason.
Visit my webpage Angry Sheep Blog

Enigma

  • Guest
Re: The Enigma Protector
« Reply #8 on: August 24, 2006, 02:22:18 PM »
Avast detects ALL execs protected with Enigma as damaged with virus, this is not single evidence! May be Avast used the following methods
- if I can't unpack it, then there is virus...
Heh, by means 3 years ago, this method used Kaspersky antivirus... But I can't understand, if Avast can't decompress it when developers can't ask to Enigma makers about it, describe this problem and get loader signature? Kaspersky has in due course done so! From this decisions win all, and developers of antivirus and users of protected software!

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: The Enigma Protector
« Reply #9 on: August 24, 2006, 02:36:12 PM »
There is no such thing as "damage with virus" name and no such detection either. Unless you give us screenshot where it says this i just won't belive it. It's not a standard detection name no matter how you turn it.
Visit my webpage Angry Sheep Blog

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: The Enigma Protector
« Reply #10 on: August 27, 2006, 03:45:30 PM »
Trend Micro has a small note about enigma protector compression see here under technical details http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FRANDEX%2EAM&VSect=T

Enigma

  • Guest
Re: The Enigma Protector
« Reply #11 on: August 28, 2006, 11:12:30 AM »
So small information... I told with Avast DV about Enigma, no reactions... Will wait...

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: The Enigma Protector
« Reply #12 on: August 28, 2006, 12:14:45 PM »
Well give us the screenshot of this "detection".
Visit my webpage Angry Sheep Blog

Enigma

  • Guest
Re: The Enigma Protector
« Reply #13 on: August 28, 2006, 12:45:13 PM »
I test it on virusscan.jotti.org...
tested file: simple VC++ application likes "Hello world",
protected with Enigma 1.12.

Results:

AntiVir  Worm/SdBot.108544 gefunden 
ArcaVir  Keine Viren gefunden
Avast  Win32:Mytob-QG gefunden 
AVG Antivirus  Keine Viren gefunden
BitDefender  Keine Viren gefunden
ClamAV  Keine Viren gefunden
Dr.Web  Keine Viren gefunden
F-Prot Antivirus  Keine Viren gefunden
Fortinet  HackerTool/MSNPassword gefunden 
Kaspersky Anti-Virus  Keine Viren gefunden
NOD32  Keine Viren gefunden
Norman Virus Control  Keine Viren gefunden
UNA  Keine Viren gefunden
VirusBuster  Keine Viren gefunden
VBA32  Keine Viren gefunden

If you want, I can email this file...

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: The Enigma Protector
« Reply #14 on: August 28, 2006, 03:28:45 PM »
I don't see why it should be related to Enigma specifically. It's just a false positive like any other (coud be UPack and wouldn't make much difference except i know avast! can unpack UPack...)...
Visit my webpage Angry Sheep Blog