The Enigma Protector

Hello developers! Can you answer me on the following question

  • why Avast identifies that the all executables, protected with Enigma Protector as damage with virus? There are no any kind of viruses! How you can resolve this problem? The Enigma Protector site: www.enigma.izmuroma.ru

Halio Enigma,

Did you upload this files to jotti ( http://virusscan.jotti.org/de/ ), and what are the findings there. It could be a FP because of the scanner flagging the encrypted files as flalse positives, the same proiblem as with the Sophos Anti-Rootkit tool.
Dit you scan them with DrWeb CureIt, and what were the findings there. But first try jotti. Naboj,

polonus

I’ve scaned it with many antiviruses, and they nothing found in protected, only Avast and Antivir failed… DrWeb CureIt - nothing… I’ll check it with jotti later! But, I don’t understand why other exe packers/crypters not recognized as virus, only Enigma Protector? There are variants to resolve this problem with developers?

Hi Enigma,

Send the false positives to Avast so they may give them the green bill, and prevent annoyances for us all, because false positives does not help anybody.
If they are FP’s you can put them in the exclusion list for the momemt.
Also report to the makers of this Enigma Protector.
Install the DrWeb pre-hyperlink scanner in your browser, so you can scan all the links before you click on their servers (a small install for either FF or IE: http://info.drweb.com/show/2653 )

polonus

I talked with Enigma developers and they ask that already mailed with Avast support team about this problem, but have not got answer.

Gender, can you tell me how can I send false positives file(s) to Avast?

Hi Enigma,

f you have any suspicious files that are not detected by the latest version of our antivirus programs, you can send them to virus@avast.com. The ideal way to send such files is to compress them as a ZIP with the password ‘virus’ (so that the attachment is not deleted by some other antivirus software on the way).

polonus

Thanks! I’ll do it!

So far i’ve seen Enigma be used only for malware and nothing else.
Besides avast! didn’t clearly identified it as malware, it just showed (i assume) error message because of failed decompression due to god knows what reason.

Avast detects ALL execs protected with Enigma as damaged with virus, this is not single evidence! May be Avast used the following methods

  • if I can’t unpack it, then there is virus…
    Heh, by means 3 years ago, this method used Kaspersky antivirus… But I can’t understand, if Avast can’t decompress it when developers can’t ask to Enigma makers about it, describe this problem and get loader signature? Kaspersky has in due course done so! From this decisions win all, and developers of antivirus and users of protected software!

There is no such thing as “damage with virus” name and no such detection either. Unless you give us screenshot where it says this i just won’t belive it. It’s not a standard detection name no matter how you turn it.

Trend Micro has a small note about enigma protector compression see here under technical details http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.AM&VSect=T

So small information… I told with Avast DV about Enigma, no reactions… Will wait…

Well give us the screenshot of this “detection”.

I test it on virusscan.jotti.org
tested file: simple VC++ application likes “Hello world”,
protected with Enigma 1.12.

Results:

AntiVir Worm/SdBot.108544 gefunden
ArcaVir Keine Viren gefunden
Avast Win32:Mytob-QG gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
Dr.Web Keine Viren gefunden
F-Prot Antivirus Keine Viren gefunden
Fortinet HackerTool/MSNPassword gefunden
Kaspersky Anti-Virus Keine Viren gefunden
NOD32 Keine Viren gefunden
Norman Virus Control Keine Viren gefunden
UNA Keine Viren gefunden
VirusBuster Keine Viren gefunden
VBA32 Keine Viren gefunden

If you want, I can email this file…

I don’t see why it should be related to Enigma specifically. It’s just a false positive like any other (coud be UPack and wouldn’t make much difference except i know avast! can unpack UPack…)…

Hello folks, the same fasle positives happen with Enigma Protector again… I’ve scanned protected files on virustotal.com, Avast detects
Avast 4.8.1195.0 2008.07.18 Win32:Delf-CVW

Could you please solve these false positives? Users are unhappy with this. The problem occured then has been released latest version Enigma 1.51

Enigma Protector has new site here:
http://enigmaprotector.com/

Aslo, please contact developres at support@enigmaprotector.com, they will help if you have any questions.

I hope that it will be solved asap. My best regards.

this is rather a coincidence closer to a “classic” false positive, nothing intended against Enigma…

If it is even so, do you understand reaction of users who ran protected file? They nothing know about types of viruses and nothing know that this is just false positives. The user immediately closes file and begins to think that this software is a virus.

Could you please just solve this?

Of course. They will on the first virus database update.

Great! Thanks you for the work!