jbg1978 Posted October 15, 2009 Share Posted October 15, 2009 "With the most recent update (dat 5771) to our McAfee AV program, McAfee is deleting AutoIT exe and labeling them as a W32/Autorun.worm.zzy trojan. These files are indeed not malicious and I am looking for a fix or workaround to this issue. We've already tried to not use UPX when compiling the programs, but that didn't work. Any help would be appreciated." I posted this issue previously today and the topic was "locked" before I received sufficient help. Obviously dealing with McAfee is not going to be fun and I don't even think I have to means to contact them considering that we are a corporation and even locating the person here that would need to contact them would be a process within itself. So, I'll get to the point...What about AutoIT exe's makes McAfee think it's a virus? It appears to only do it with our exe's that access web pages. Any thoughts about how the code could be written differently, or compiled differently to avoid looking like a worm to McAfee? Somebody here has to be enough of an expert to understand why this is happening. Thanks, Jason Link to comment Share on other sites More sharing options...
jebus495 Posted October 15, 2009 Share Posted October 15, 2009 http://www.autoitscript.com/forum/index.php?showtopic=34658 Read the stickies. Link to comment Share on other sites More sharing options...
spudw2k Posted October 15, 2009 Share Posted October 15, 2009 (edited) I assume the reason they locked your thread was because this topic has been covered many, Many times before. The link left on the last post of your first thread explains it all. Just a recommendation; if a thread gets locked, don't start a new thread for the same reason and Do Not PM folks asking why. edit: jebus was kind enough to repost the link here for you. Edited October 15, 2009 by spudw2k Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
PsaltyDS Posted October 15, 2009 Share Posted October 15, 2009 Your previous topic was locked because this is not an AutoIt problem, and as has been pointedly explained to you, it's already covered in the FAQ/Sticky posts. Getting a topic locked is a warning from the Moderators. Reopening the same topic again is asking for a ban... Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
jbg1978 Posted October 15, 2009 Author Share Posted October 15, 2009 I read the sticky, but don't find anything in it to be a sufficient explanation. I wasn't really looking for a fix from AutoIT, so I didn't think it mattered whether or not it was an AutoIT issue. I'm simply looking for advice on how to workaround this without having to deal with McAfee directly. Somebody may know. Why doesn't this happen with other exe's (i.e. compiled VB code). Why only with AutoIT exe's? There has to be something about it that makes them look like viruses. Link to comment Share on other sites More sharing options...
SkinnyWhiteGuy Posted October 15, 2009 Share Posted October 15, 2009 Other people writing viruses with AutoIt make AutoIt exe's look like viruses, given that all AutoIt exe's contain partly the same code. Course, if you had read other threads on this issue, that would have already been explained... Link to comment Share on other sites More sharing options...
jbg1978 Posted October 15, 2009 Author Share Posted October 15, 2009 Already saw that; However, I'm sure it's not the only coding languages that viruses are written in, yet McAfee doesn't see other languages as viruses, which blows that entire theory out of the water. There's got to be something more to it than that. Link to comment Share on other sites More sharing options...
FuryCell Posted October 15, 2009 Share Posted October 15, 2009 When an autoit script is "compiled", It is simply binding an encoded version of the script to the interpreter. Some AV companies carelessly flag the interpreter part which in turn makes all exes flagged. HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code. Link to comment Share on other sites More sharing options...
jebus495 Posted October 15, 2009 Share Posted October 15, 2009 Already saw that; However, I'm sure it's not the only coding languages that viruses are written in, yet McAfee doesn't see other languages as viruses, which blows that entire theory out of the water. There's got to be something more to it than that.It does tag other languages as virii.... Link to comment Share on other sites More sharing options...
Recommended Posts