1 Reply Latest reply on Mar 3, 2015 7:28 PM by ansarias

    .xar files seen as X97F/Yagnuul.gen


      Hi Guys,


      I'm not sure if others encountered this, but does anyone encountered an alert where .xar files are tagged as X97F/Yagnuul.gen by McAfee?


      Here's what I have on McAfee EPO:


      Threat Target File Path: C:\Documents and Settings\<username>\Application Data\Microsoft\Excel\~ar53A2.xar\Workbook

      Event Category: Malware detected

      Event ID: 1025

      Threat Severity: Alert

      Threat Name: X97F/Yagnuul.gen

      Threat Type: Virus

      Action Taken: Cleaned

      Threat Handled: true

      Analyzer Detection Method: OAS


      So, I believe tat .xar files are Microsoft Excel files which are generated when Excel do an AutoSave or AutoRecover.


      So far, I read this link and this link but does not answer why it tagged .xar files as such.


      Thank you for your time