Ross MacGregor

Is AxCrypt Malware/Spyware (Online Armor warnings)?

Recommended Posts

I just installed this popular file encryption software, the installer is signed and automatically trusted by OA. But when I ran it, I got these troubling warnings from Online armor. AxCrypt is trying to access multple processes running on my system. It looks very suspicious but maybe this is a side effect of some harmless activity? I've uninstallled it to be safe, but this is a very popular application, I'd like someone to double check to see if I'm being overly paranoid.

 

Here are a sample of events from the OA history log:

 

HISTORY

------------

Created: 7/18/2013 1:02:51 AM
Summary: Program Guard: AxCrypt.exe -> cmd.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Windows\system32\cmd.exe(2688)
Event type: Program Guard(9)
Event action: Blocked(3)

Created: 7/18/2013 1:02:45 AM
Summary: Program Guard: kernel event
Description: OADriver: OB_OPERATION_HANDLE_CREATE, 3784 -> 2340, Mask: 1FFFFF - 1FF414
Event type: Kernel event(26)
Event action: None(1)
Processes:
PID: 2340 Name: conhost.exe
PID: 3784 Name: AxCrypt.exe

Created: 7/18/2013 1:02:45 AM
Summary: Program Guard: AxCrypt.exe -> googledrivesync.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Program Files (x86)\Google\Drive\googledrivesync.exe(3276)
Event type: Program Guard(9)
Event action: Blocked(3)

Created: 7/18/2013 1:02:43 AM
Summary: Program Guard: AxCrypt.exe -> googledrivesync.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Program Files (x86)\Google\Drive\googledrivesync.exe(1476)
Event type: Program Guard(9)
Event action: Blocked(3)

Created: 7/18/2013 1:02:43 AM
Summary: Program Guard: kernel event
Description: OADriver: OB_OPERATION_HANDLE_CREATE, 3784 -> 2688, Mask: 1FFFFF - 1FF414
Event type: Kernel event(26)
Event action: None(1)
Processes:
PID: 2688 Name: cmd.exe
PID: 3784 Name: AxCrypt.exe

Created: 7/18/2013 1:02:42 AM
Summary: Program Guard: AxCrypt.exe -> opera.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Program Files (x86)\Opera\opera.exe(4372)
Event type: Program Guard(9)
Event action: Blocked(3)

Created: 7/18/2013 1:02:42 AM
Summary: Program Guard: kernel event
Description: OADriver: OB_OPERATION_HANDLE_CREATE, 3784 -> 3276, Mask: 1FFFFF - 1FF414
Event type: Kernel event(26)
Event action: None(1)
Processes:
PID: 3276 Name: googledrivesync.exe
PID: 3784 Name: AxCrypt.exe

Created: 7/18/2013 1:02:41 AM
Summary: Program Guard: kernel event
Description: OADriver: OB_OPERATION_HANDLE_CREATE, 3784 -> 1476, Mask: 1FFFFF - 1FF414
Event type: Kernel event(26)
Event action: None(1)
Processes:
PID: 1476 Name: googledrivesync.exe
PID: 3784 Name: AxCrypt.exe

Created: 7/18/2013 1:02:41 AM
Summary: Program Guard: AxCrypt.exe -> LCDClock.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe(4200)
Event type: Program Guard(9)
Event action: Blocked(3)

Created: 7/18/2013 1:02:38 AM
Summary: Program Guard: AxCrypt.exe -> LCDCountdown.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe(4544)
Event type: Program Guard(9)
Event action: Blocked(3)

Created: 7/18/2013 1:02:38 AM
Summary: Program Guard: kernel event
Description: OADriver: OB_OPERATION_HANDLE_CREATE, 3784 -> 4372, Mask: 1FFFFF - 1FF414
Event type: Kernel event(26)
Event action: None(1)
Processes:
PID: 3784 Name: AxCrypt.exe
PID: 4372 Name: opera.exe

Created: 7/18/2013 1:02:29 AM
Summary: Program Guard: AxCrypt.exe -> CTXFISPI.EXE
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Windows\SysWOW64\CTXFISPI.EXE(4292)
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/18/2013 1:02:27 AM
Summary: Program Guard: AxCrypt.exe -> CorsTra.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Program Files (x86)\Corsair\M60 Mouse\CorsTra.exe(3388)
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/18/2013 1:02:21 AM
Summary: Program Guard: AxCrypt.exe -> dopus.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Program Files\GPSoftware\Directory Opus\dopus.exe(3384)
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/18/2013 1:01:54 AM
Summary: Program Guard: kernel event
Description: OADriver: OB_OPERATION_HANDLE_CREATE, 3784 -> 3388, Mask: 1FFFFF - 1FF414
Event type: Kernel event(26)
Event action: None(1)
Processes:
PID: 3388 Name: CorsTra.exe
PID: 3784 Name: AxCrypt.exe

Created: 7/18/2013 1:00:54 AM
Summary: Program Guard: kernel event
Description: OADriver: OB_OPERATION_HANDLE_CREATE, 3784 -> 3384, Mask: 1FFFFF - 1FF414
Event type: Kernel event(26)
Event action: None(1)
Processes:
PID: 3384 Name: dopus.exe
PID: 3784 Name: AxCrypt.exe

Created: 7/18/2013 12:59:54 AM
Summary: Program Guard: AxCrypt.exe -> jusched.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(3520)
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/18/2013 12:59:44 AM
Summary: Program Guard: AxCrypt.exe -> Ctxfihlp.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Windows\SysWOW64\Ctxfihlp.exe(3636)
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/18/2013 12:59:42 AM
Summary: Program Guard: AxCrypt.exe -> iusb3mon.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(3176)
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/18/2013 12:59:38 AM
Summary: Program Guard: AxCrypt.exe -> dopusrt.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe(3228)
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/18/2013 12:59:27 AM
Summary: Program Guard: kernel event
Description: OADriver: OB_OPERATION_HANDLE_CREATE, 3784 -> 3660, Mask: 1FFFFF - 1FF414
Event type: Kernel event(26)
Event action: None(1)
Processes:
PID: 3660 Name: oaui.exe
PID: 3784 Name: AxCrypt.exe

Created: 7/18/2013 12:59:27 AM
Summary: Program Guard: AxCrypt.exe -> KHALMNPR.EXE
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE(3064)
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/18/2013 12:59:15 AM
Summary: Program Guard: AxCrypt.exe -> SetPoint.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Program Files\Logitech\SetPointP\SetPoint.exe(2428)
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/18/2013 12:59:08 AM
Summary: Program Guard: AxCrypt.exe -> igfxpers.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Windows\System32\igfxpers.exe(2344)
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/18/2013 12:58:07 AM
Summary: Program Guard: AxCrypt.exe -> dwm.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to open C:\Windows\System32\dwm.exe(1812)
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/18/2013 12:57:47 AM
Summary: Program Guard: kernel event
Description: OADriver: OB_OPERATION_HANDLE_CREATE, 4472 -> 3660, Mask: 40 - 100000
Event type: Kernel event(26)
Event action: None(1)
Processes:
PID: 3660 Name: oaui.exe
PID: 4472 Name: explorer.exe

Created: 7/18/2013 12:57:29 AM
Summary: Program Guard: AxCrypt.exe -> dopus.exe
Description: C:\Program Files\Axantum\AxCrypt\AxCrypt.exe(3784) wants to remotely control C:\Program Files\GPSoftware\Directory Opus\dopus.exe(3384)
Event type: Program Guard(9)
Event action: Allowed(2)

Share this post


Link to post
Share on other sites

AxCrypt does not contain malicious code. This is a safe program. The installer must be taken from the official site. However, installing it is advisable not to install the programs offered are included in the installer, such as SpeedupMyPC.

Share this post


Link to post
Share on other sites

AxCrypt does not contain malicious code. This is a safe program. The installer must be taken from the official site. However, installing it is advisable not to install the programs offered are included in the installer, such as SpeedupMyPC.

 

How can you be so sure? Why is it spying on my running processes? I am not going to use an application that is acting like malware for my security needs. 

 

The author of the application admits that many anti-virus programs routinely flag his application as malware, but he pleads innocence. and the big bad anti-virus companies are just out to put down the little guy trying to offer a free security tool.

 

http://blog.axantum.com/2012/07/anti-malware-vendors-here-we-go-again.html 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.