• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

AutoTRAX DEX Electronics CAD Now Identified as Trojan Threat

I have been using an electronics CAD package on & off for some time, but laast time I tried to load it, Norton blocked it as soon as it ran & tried to install updates claiming detection of 'Trojan.Gen.8', which seems to be some sort of 'generic' label given to unknown trojan behaviour detected by the heuristic algorithms. I am loathe to just set it as 'trusted' [in case AutoTRAX server has been compromised], but am suspicious that this is not, in fact, a virus. I couldn't load the sample file into the threat assessment site [web-site crashed on me]. The downloadable free latest version is available from ...

https://dexpcb.com/

I would expect the file to contact it's web host on boot to look for updates, and potentially check the licence level.

Regards, Jeff...

Replies

Kudos1 Stats

Re: AutoTRAX DEX Electronics CAD Now Identified as Trojan Threat

How to report false positives


FWIW
File name: Dex-9.68.exe
Detection ratio: 1 / 57
Analysis date: 2017-02-23
YMMV


Edit: FWIW

CONFIRMATION
Your submission has been sent Thu Feb 23 10:52:05 PST 2017.
Sincerely,
Symantec Security Response

Kudos0

Re: AutoTRAX DEX Electronics CAD Now Identified as Trojan Threat

Thanks for the link [the site looks different from the 'threat assessment' page I found from your tools, which failed for some reason to upload the file & raise the issue]. Thanks also for submitting the file for me - I'll watch here for assessment

Kudos0

Re: AutoTRAX DEX Electronics CAD Now Identified as Trojan Threat

In relation to submission 19902.
Having reviewed the information provided we are unable to reproduce or confirm the issue described.
Please ensure that you are using Symantec's latest virus definitions for detection. These can be found using live update or alternatively via the URL below.
http://securityresponse.symantec.com/avcenter/defs.download.html
If the issue persists with the latest definitions, please respond to this email providing the additional information below in order for us to analyze the problem further:

- Details of the message or a screenshot of the message received
- Exact step by step instructions on how to recreate issue
- Details of the Symantec product and version being used
- Detection log(s) from the product

If other versions of the file(s) in question have previously triggered false positive detections please mention this in your response and include all available file versions.
Sincerely,
Symantec Security Response

Kudos0

Re: AutoTRAX DEX Electronics CAD Now Identified as Trojan Threat

To re-create, I:-
1. Uninstalled the current installed version [won't run anyway]
2. Downloaded a new copy of the installer from https://dexpcb.com/Download/Download [currently 9.68]
3. Ran Norton IS 'File Insight' - gave it a 'Good' rating as below

Filename: Dex-9.68.exe
Full Path: C:\Users\Jeff\Downloads\AutoTrax Dex\Dex-9.68.exe
____________________________
Developers
DEX 2020 Ltd.
Version
0.0.0.0

Identified
25/02/2017 at 10:06:17

Last Used
19/02/2017 at 18:17:18

Startup Item
No
____________________________
Very Few Users
Fewer than 5 users in the Norton Community have used this file.

New
This file was released 11 days ago.

Good
Norton has given this file a favorable rating.
____________________________
http://www.dexpcb.com/DexDownloads/Dex-9.68.exe
Downloaded File Dex-9.68.exe from dexpcb.com
dex-9.68.exe
____________________________
Performance
____________________________
Avg. Resource Usage: Low
Avg. CPU Usage: Low
Avg. Memory Usage: Low
____________________________
File Thumbprint - SHA:
e1c87714f55aaa9f7124989238d36feb89a323da0aec611df58c932b1d0ecc58
File Thumbprint - MD5:
4374b3e883d6a033fdf39f7d6e442c58

4. Norton IS on-demand scan on the executable says OK
5. Ran the installer, and NIS pop-up highlighted that it had detected & blocked a Trojan ...

Filename: dex.exe
Threat name: Trojan.Gen.8Full Path: c:\program files\autotrax software\dex\dex.exe

____________________________

On computers as of
25/02/2017 at 10:12:56

Last Used
25/02/2017 at 10:12:56

Startup Item
No

Launched
No

Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.

____________________________

dex.exe Threat name: Trojan.Gen.8
Locate

Few Users
Fewer than 50 users in the Norton Community have used this file.

New
This file was released 11 days ago.

High
This file risk is high.

____________________________

Source: External Media

____________________________

File Actions

File: c:\program files\autotrax software\dex\ dex.exe Blocked
____________________________

File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available

6. On the installer completing and attempting to launch, it reported "Cannot start C:\Program Files\AutoTRAX Software\DEXDEX.exe"

Having failed, again, to install the latest version, I uninstalled DEX again, and installed an old version I had downloaded mid-2016. This installed OK, and - on launching - offered to download & install the latest version [9.68] for me.

I allowed DEX to download & launch [the way I typically update], and - after it had successfully updated all the files - NIS again reported that it had blocked the Trojan, and had deleted/quarantined the main executable 'DEX.EXE' again, preventing the application from running.


Norton Internet Security reports as latest version [22.9.0.71?]

File Attachment: 
Kudos0

Re: AutoTRAX DEX Electronics CAD Now Identified as Trojan Threat


Maybe, restore & exclude file from Quarantine https://support.norton.com/sp/en/us/home/current/solutions/v6200368 & Exclude file from Auto-Protect
https://support.norton.com/sp/en/us/home/current/solutions/kb20100222230832

&/or
post this thread in your report to Symantec > How to report false positives


Security soft vendors do not install every software and watch every single thing that the software does.


and btw ~ https://community.norton.com/en/forums/trojangen8-false

Um, do you have Norton protection settings at default?

Kudos0

Re: AutoTRAX DEX Electronics CAD Now Identified as Trojan Threat

I have submitted the installer to the 'false positives' report site as suggested. Thanks for the link to the other Trojan.Gen.8 issues raised recently - may be a symtom of the same. I notified AutoTRAX as well of the issue [looks like they may be checking out their web-site at present in case - though I still suspect this is a false-detection: just like to be reasonably sure before I identify the file as 'trusted' & exclude it from checks]

Kudos0

Re: AutoTRAX DEX Electronics CAD Now Identified as Trojan Threat

Unfortunately it appears that the threat assessment only checked out the installer - not the files it put onto the PC during the install process - and 'whitelisted' the specific version & generation of the installer I had supplied [already an old version]. Not very helpful, as NIS was always quite happy with the installer itself.

With no 'reply/feedback' option for the threat assessment, I went for an online help session, which - although the guy was very helpful - only resulted in setting the installer to be ignored by NIS [I can do this, and now need to do this for the program itself - as it checks & self-updates regularly once installed], so I still have no idea why the file was being quarantined, and no assessment which would at least reassure me that the vendor's download servers haven't been compromised.

Kudos0

Re: AutoTRAX DEX Electronics CAD Now Identified as Trojan Threat

In relation to submission 20133.
Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

    File name: Dex-9.68.exe
    MD5: 4374b3e883d6a033fdf39f7d6e442c58
    SHA256: e1c87714f55aaa9f7124989238d36feb89a323da0aec611df58c932b1d0ecc58
    Note: Whitelisting may take up to 24 hours to take effect via Live Update

If detection persists, please contact support:
* Norton: https://support.norton.com/sp/en/us/home/current/info

Kudos0

Re: AutoTRAX DEX Electronics CAD Now Identified as Trojan Threat

In relation to submission 20133.
Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

    File name: Dex-9.68.exe
    MD5: 4374b3e883d6a033fdf39f7d6e442c58
    SHA256: e1c87714f55aaa9f7124989238d36feb89a323da0aec611df58c932b1d0ecc58
    Note: Whitelisting may take up to 24 hours to take effect via Live Update
    File name: DEX.exe
    MD5: 64351ac7675467fc1ee039e6cf4ad0f6
    SHA256: 88892222b32c5260d86afba729b56c0ce042da98f1df2bb1ee68b920ecf11242
Note: Whitelisting may take up to 24 hours to take effect via Live Update
If detection persists, please contact support:
* Norton: https://support.norton.com/sp/en/us/home/current/info

@JeffB42

This thread is closed from further comment. Please visit the forum to start a new thread.