Hello developers! Can you answer me on the following question
why Avast identifies that the all executables, protected with Enigma Protector as damage with virus? There are no any kind of viruses! How you can resolve this problem? The Enigma Protector site: www.enigma.izmuroma.ru
Did you upload this files to jotti ( http://virusscan.jotti.org/de/ ), and what are the findings there. It could be a FP because of the scanner flagging the encrypted files as flalse positives, the same proiblem as with the Sophos Anti-Rootkit tool.
Dit you scan them with DrWeb CureIt, and what were the findings there. But first try jotti. Naboj,
I’ve scaned it with many antiviruses, and they nothing found in protected, only Avast and Antivir failed… DrWeb CureIt - nothing… I’ll check it with jotti later! But, I don’t understand why other exe packers/crypters not recognized as virus, only Enigma Protector? There are variants to resolve this problem with developers?
Send the false positives to Avast so they may give them the green bill, and prevent annoyances for us all, because false positives does not help anybody.
If they are FP’s you can put them in the exclusion list for the momemt.
Also report to the makers of this Enigma Protector.
Install the DrWeb pre-hyperlink scanner in your browser, so you can scan all the links before you click on their servers (a small install for either FF or IE: http://info.drweb.com/show/2653 )
f you have any suspicious files that are not detected by the latest version of our antivirus programs, you can send them to virus@avast.com. The ideal way to send such files is to compress them as a ZIP with the password ‘virus’ (so that the attachment is not deleted by some other antivirus software on the way).
So far i’ve seen Enigma be used only for malware and nothing else.
Besides avast! didn’t clearly identified it as malware, it just showed (i assume) error message because of failed decompression due to god knows what reason.
Avast detects ALL execs protected with Enigma as damaged with virus, this is not single evidence! May be Avast used the following methods
if I can’t unpack it, then there is virus…
Heh, by means 3 years ago, this method used Kaspersky antivirus… But I can’t understand, if Avast can’t decompress it when developers can’t ask to Enigma makers about it, describe this problem and get loader signature? Kaspersky has in due course done so! From this decisions win all, and developers of antivirus and users of protected software!
There is no such thing as “damage with virus” name and no such detection either. Unless you give us screenshot where it says this i just won’t belive it. It’s not a standard detection name no matter how you turn it.
I test it on virusscan.jotti.org…
tested file: simple VC++ application likes “Hello world”,
protected with Enigma 1.12.
Results:
AntiVir Worm/SdBot.108544 gefunden
ArcaVir Keine Viren gefunden
Avast Win32:Mytob-QG gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
Dr.Web Keine Viren gefunden
F-Prot Antivirus Keine Viren gefunden
Fortinet HackerTool/MSNPassword gefunden
Kaspersky Anti-Virus Keine Viren gefunden
NOD32 Keine Viren gefunden
Norman Virus Control Keine Viren gefunden
UNA Keine Viren gefunden
VirusBuster Keine Viren gefunden
VBA32 Keine Viren gefunden
I don’t see why it should be related to Enigma specifically. It’s just a false positive like any other (coud be UPack and wouldn’t make much difference except i know avast! can unpack UPack…)…
If it is even so, do you understand reaction of users who ran protected file? They nothing know about types of viruses and nothing know that this is just false positives. The user immediately closes file and begins to think that this software is a virus.