Jump to content

McAfee/AutoIT issue


jbg1978
 Share

Recommended Posts

"With the most recent update (dat 5771) to our McAfee AV program, McAfee is deleting AutoIT exe and labeling them as a W32/Autorun.worm.zzy trojan. These files are indeed not malicious and I am looking for a fix or workaround to this issue. We've already tried to not use UPX when compiling the programs, but that didn't work. Any help would be appreciated."

I posted this issue previously today and the topic was "locked" before I received sufficient help. Obviously dealing with McAfee is not going to be fun and I don't even think I have to means to contact them considering that we are a corporation and even locating the person here that would need to contact them would be a process within itself. So, I'll get to the point...What about AutoIT exe's makes McAfee think it's a virus? It appears to only do it with our exe's that access web pages. Any thoughts about how the code could be written differently, or compiled differently to avoid looking like a worm to McAfee? Somebody here has to be enough of an expert to understand why this is happening.

Thanks,

Jason

Link to comment
Share on other sites

I assume the reason they locked your thread was because this topic has been covered many, Many times before. The link left on the last post of your first thread explains it all.

Just a recommendation; if a thread gets locked, don't start a new thread for the same reason and Do Not PM folks asking why.

edit: jebus was kind enough to repost the link here for you.

Edited by spudw2k
Link to comment
Share on other sites

Your previous topic was locked because this is not an AutoIt problem, and as has been pointedly explained to you, it's already covered in the FAQ/Sticky posts.

Getting a topic locked is a warning from the Moderators. Reopening the same topic again is asking for a ban...

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites

I read the sticky, but don't find anything in it to be a sufficient explanation. I wasn't really looking for a fix from AutoIT, so I didn't think it mattered whether or not it was an AutoIT issue. I'm simply looking for advice on how to workaround this without having to deal with McAfee directly. Somebody may know. Why doesn't this happen with other exe's (i.e. compiled VB code). Why only with AutoIT exe's? There has to be something about it that makes them look like viruses.

Link to comment
Share on other sites

Already saw that; However, I'm sure it's not the only coding languages that viruses are written in, yet McAfee doesn't see other languages as viruses, which blows that entire theory out of the water. There's got to be something more to it than that.

Link to comment
Share on other sites

When an autoit script is "compiled", It is simply binding an encoded version of the script to the interpreter. Some AV companies carelessly flag the interpreter part which in turn makes all exes flagged.

HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.
Link to comment
Share on other sites

Already saw that; However, I'm sure it's not the only coding languages that viruses are written in, yet McAfee doesn't see other languages as viruses, which blows that entire theory out of the water. There's got to be something more to it than that.

It does tag other languages as virii.

...

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...