Author Topic: The Enigma Protector (Read 18588 times)

Enigma · « **on:** August 24, 2006, 06:51:12 AM »

Hello developers! Can you answer me on the following question
- why Avast identifies that the all executables, protected with Enigma Protector as damage with virus? There are no any kind of viruses! How you can resolve this problem? The Enigma Protector site: www.enigma.izmuroma.ru

polonus · « **Reply #1 on:** August 24, 2006, 08:03:18 AM »

Halio Enigma,

Did you upload this files to jotti ( http://virusscan.jotti.org/de/ ), and what are the findings there. It could be a FP because of the scanner flagging the encrypted files as flalse positives, the same proiblem as with the Sophos Anti-Rootkit tool.
Dit you scan them with DrWeb CureIt, and what were the findings there. But first try jotti. Naboj,

polonus

Enigma · « **Reply #2 on:** August 24, 2006, 08:13:11 AM »

I've scaned it with many antiviruses, and they nothing found in protected, only Avast and Antivir failed... DrWeb CureIt - nothing... I'll check it with jotti later! But, I don't understand why other exe packers/crypters not recognized as virus, only Enigma Protector? There are variants to resolve this problem with developers?

polonus · « **Reply #3 on:** August 24, 2006, 08:27:36 AM »

Hi Enigma,

Send the false positives to Avast so they may give them the green bill, and prevent annoyances for us all, because false positives does not help anybody.
If they are FP's you can put them in the exclusion list for the momemt.
Also report to the makers of this Enigma Protector.
Install the DrWeb pre-hyperlink scanner in your browser, so you can scan all the links before you click on their servers (a small install for either FF or IE: http://info.drweb.com/show/2653 )

polonus

Enigma · « **Reply #4 on:** August 24, 2006, 08:48:59 AM »

I talked with Enigma developers and they ask that already mailed with Avast support team about this problem, but have not got answer.

Gender, can you tell me how can I send false positives file(s) to Avast?

polonus · « **Reply #5 on:** August 24, 2006, 09:10:59 AM »

Hi Enigma,

f you have any suspicious files that are not detected by the latest version of our antivirus programs, you can send them to virus@avast.com. The ideal way to send such files is to compress them as a ZIP with the password 'virus' (so that the attachment is not deleted by some other antivirus software on the way).

polonus

Enigma · « **Reply #6 on:** August 24, 2006, 09:47:20 AM »

Thanks! I'll do it!

RejZoR · « **Reply #7 on:** August 24, 2006, 01:51:30 PM »

So far i've seen Enigma be used only for malware and nothing else.
Besides avast! didn't clearly identified it as malware, it just showed (i assume) error message because of failed decompression due to god knows what reason.

Enigma · « **Reply #8 on:** August 24, 2006, 02:22:18 PM »

Avast detects ALL execs protected with Enigma as damaged with virus, this is not single evidence! May be Avast used the following methods
- if I can't unpack it, then there is virus...
Heh, by means 3 years ago, this method used Kaspersky antivirus... But I can't understand, if Avast can't decompress it when developers can't ask to Enigma makers about it, describe this problem and get loader signature? Kaspersky has in due course done so! From this decisions win all, and developers of antivirus and users of protected software!

RejZoR · « **Reply #9 on:** August 24, 2006, 02:36:12 PM »

There is no such thing as "damage with virus" name and no such detection either. Unless you give us screenshot where it says this i just won't belive it. It's not a standard detection name no matter how you turn it.

essexboy · « **Reply #10 on:** August 27, 2006, 03:45:30 PM »

Trend Micro has a small note about enigma protector compression see here under technical details http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FRANDEX%2EAM&VSect=T

Enigma · « **Reply #11 on:** August 28, 2006, 11:12:30 AM »

So small information... I told with Avast DV about Enigma, no reactions... Will wait...

RejZoR · « **Reply #12 on:** August 28, 2006, 12:14:45 PM »

Well give us the screenshot of this "detection".

Enigma · « **Reply #13 on:** August 28, 2006, 12:45:13 PM »

I test it on virusscan.jotti.org...
tested file: simple VC++ application likes "Hello world",
protected with Enigma 1.12.

Results:

AntiVir Worm/SdBot.108544 gefunden
ArcaVir Keine Viren gefunden
Avast Win32:Mytob-QG gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
Dr.Web Keine Viren gefunden
F-Prot Antivirus Keine Viren gefunden
Fortinet HackerTool/MSNPassword gefunden
Kaspersky Anti-Virus Keine Viren gefunden
NOD32 Keine Viren gefunden
Norman Virus Control Keine Viren gefunden
UNA Keine Viren gefunden
VirusBuster Keine Viren gefunden
VBA32 Keine Viren gefunden

If you want, I can email this file...

RejZoR · « **Reply #14 on:** August 28, 2006, 03:28:45 PM »

I don't see why it should be related to Enigma specifically. It's just a false positive like any other (coud be UPack and wouldn't make much difference except i know avast! can unpack UPack...)...

Author Topic: The Enigma Protector (Read 18588 times)

Enigma

The Enigma Protector

polonus

Re: The Enigma Protector

Enigma

Re: The Enigma Protector

polonus

Re: The Enigma Protector

Enigma

Re: The Enigma Protector

polonus

Re: The Enigma Protector

Enigma

Re: The Enigma Protector

RejZoR

Re: The Enigma Protector

Enigma

Re: The Enigma Protector

RejZoR

Re: The Enigma Protector

essexboy

Re: The Enigma Protector

Enigma

Re: The Enigma Protector

RejZoR

Re: The Enigma Protector

Enigma

Re: The Enigma Protector

RejZoR

Re: The Enigma Protector