1 Reply Latest reply on Mar 3, 2015 7:28 PM by ansarias

    .xar files seen as X97F/Yagnuul.gen

    harrisa

      Hi Guys,

       

      I'm not sure if others encountered this, but does anyone encountered an alert where .xar files are tagged as X97F/Yagnuul.gen by McAfee?

       

      Here's what I have on McAfee EPO:

       

      Threat Target File Path: C:\Documents and Settings\<username>\Application Data\Microsoft\Excel\~ar53A2.xar\Workbook

      Event Category: Malware detected

      Event ID: 1025

      Threat Severity: Alert

      Threat Name: X97F/Yagnuul.gen

      Threat Type: Virus

      Action Taken: Cleaned

      Threat Handled: true

      Analyzer Detection Method: OAS

       

      So, I believe tat .xar files are Microsoft Excel files which are generated when Excel do an AutoSave or AutoRecover.

       

      So far, I read this link and this link but does not answer why it tagged .xar files as such.

       

      Thank you for your time

       

      Regards,