Jump to content

Axcrypt potentially unwanted?

Recommended Posts

Malwarebytes has just started flagging AxCrypt-1.7.2867.0-Setup.exe as Potentially Unwanted.


The indicated file is the installation file for the file encrypting program Axcrypt.


I've read about the recently adopted policy regarding Potentially Unwanted Programs and I can deal with this somehow, but I find it difficult to understand why this program would be considered Potentially Unwanted.  I question whether it's deliberately deemed as such or whether it's unintentionally misclassified.

Link to post
Share on other sites

Hello , and welcome to malwarebytes.org

If you would like to check if you have a false positive, please read the instructions here:


And then post the developer's log and the Virustotal scan link here:


It may also be useful if you could zip and attach the suspect file for the developers to look at.

Link to post
Share on other sites

The problem with Crypters is that they are often used to obfuscate malware. 

For example:


Let's say that we have trojan such as the SubSeven and a given binary file is well detected.  Malicious actors will then use a crypter either on the executable or by recompiling the source code and use the crypter in the process.  Now you still have the same trojan but all the signatures that were used to previously detect the Trojan and now useless and this file is now poorly detected or not detected at all. 


Conversely there may be a situation where a given PUP was detected based upon a string is linked to the crypter at hand.


Therefor in this case I would suggest that you submit the file as a possible False Positive to ferret out the situation and determine of the detection is justified or not.


The worse that can happen is Malwarebytes' Malware Researchers state it a valid detection.  On the other hand it is possible that this is a False Positive.  It is also entirely possible that the Crypter setup utility bundles 'wares thus causing the PUP detection.


I think it would be a good idea to submit the file viewing the following; Please read before reporting a false positive

Link to post
Share on other sites

The vendor or author has chosen to wrap the Cryptor with an application installer used to bundle 'wares that have nothing to do with with the intended application but may install said 'wares because you, the installer, failed to act in such a way as to avoid the 'wares installation.  Often this is done to earn affiliate revenue money based upon how many times the installer wrapper software installed the associated 'wares on people's computers.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.