8 replies to this topic

[Zohar]

Hi


After writing many scripts for my own personal use,
I am considering to write a program, that for the first time, is meant not just for my computer, but for the masses.

I will compile this program to EXE of course.


And this makes me wonder regarding the "Are my AutoIt EXEs really infected?" topic.

I am using ESET NOD32 Antivirus, and it does not recognize AutoIt EXEs as a Virus.

The above mentioned topic, is from 2006.

Are there any news regarding it?
Do we have some status regarding What Antiviruses recognize AutoIt EXEs as a Virus(today..)?

If not, can people here, who have different Antiviruses can post and tell what their Antivirus is aying regatrding AutoIt EXEs?


This will really help me.


Thank you very much
Zohar

Edited by Zohar, 02 July 2012 - 04:19 PM.

[BrewManNH]

Search the forum, there's 100's of topics regarding this, no need to start another.

[Zohar]

Hi

you're right.

There're quite enough.

I will read many now,
if more questions arise, I'll comeback here.

Thank you very much
Zohar

[Zohar]

Wow.

The situation is not bad at all.
I Covnerted an AutiIt script to an EXE,
and uploaded it to VirusTotal, and out of 42 Anriviruses, only 1 thinks an AutoIt EXE is a Virus:








Edit:

I also tried to Compile to EXE without the UPX Compression (using /nopack),
and the results are abit different:

Still 1 Antivirus thinks an AutoIt EXE is a Virus,
but this time it's another Antivirus - "The Hacker Antivirus":

Edited by Zohar, 30 June 2012 - 04:56 PM.

[CaptainClucks]

I've made a few programs, one of which has been downloaded more than 2,500 times, recently I decided to scan it on virus total, it was flagged 36 out of 40+ AVs which really pissed me off.

Edit: especially since the files does no more than just edit a few files.

Edited by ApudAngelorum, 30 June 2012 - 06:11 PM.

[Zohar]

36 out of 40???
Completely insane

What function might have caused the alarms to go off?
Did you try to comment some blocks of code, in order to find via elimination, which function is the problematic one?

[CaptainClucks]

I really wouldn't be sure, I doubt it's any specific functions in it that caused that either.

When I had released the program, I submitted it to various AVs with source code so they wouldn't flag it, they said alright and I noticed the next day that 3 of those AVs stopped flagging it.

2 weeks later they and many others started flagging it so I just gave up.

[Zohar]

Can you please tell me,
When did all this happen?
And with what version of AutoIt?

[abberration]

If you are serious about making your program pass antivirus checks, you can always submit your program to antivirus companies and let them check it out. Here is an article on the subject.

http://www.softwareprotection.info/2011/08/antivirus-false-detection-how-to-solve/