anonimous Posted December 13, 2009 Share Posted December 13, 2009 (edited) After obfuscating, compiling and running the file, Avira suddenly detects a HTML script virus which I think is a false positive. Could it be a temp file created when the obfuscated script is decrypted? The file is detected in 'C:\Documents and Settings\username\Local Settings\Temp\qihaihs'(random 7 letter filename with no extension) Virus Total scan result: https://www.virustotal.com/analisis/1673155c5512211571ebd0aca880cca19a847dd50c1c7d06def28123be7b3f1e-1260696481 Does it happen to anyone else? I managed to capture one before it was deleted by running a script to kill the process before it can delete the temp file. I monitored the files using Sysinternals's FileMon. Edited December 13, 2009 by anonimous Link to comment Share on other sites More sharing options...
Developers Jos Posted December 13, 2009 Developers Share Posted December 13, 2009 (edited) This is the table file created at Obfuscation time and included in the obfuscated exe. Doubt this file is marked as a virus. Pretty sure you got yourself a false positive. Talk to your AV provider. Jos Edited December 13, 2009 by Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
anonimous Posted December 13, 2009 Author Share Posted December 13, 2009 This is the table file created at Obfuscation time and included in the obfuscated exe. Doubt this file is marked as a virus.Pretty sure you got yourself a false positive.Talk to your AV provider.JosOh I didn't realise it was the exact table that was generated when obfuscating the script. I thought it was temp file generated when running the script. Thanks for the info! Link to comment Share on other sites More sharing options...
trancexx Posted December 13, 2009 Share Posted December 13, 2009 Sometimes you just can't believe your eyes. What an irrational thing to do. Incredible. AVs are out of control. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Xenobiologist Posted December 13, 2009 Share Posted December 13, 2009 Hi, I had recently a similar problem with obfuscator and McAfee. (I reported the false positive) Mega Scripts & functions Organize Includes Let Scite organize the include files Yahtzee The game "Yahtzee" (Kniffel, DiceLion) LoginWrapper Secure scripts by adding a query (authentication) _RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...) Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc. MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times Link to comment Share on other sites More sharing options...
anonimous Posted December 13, 2009 Author Share Posted December 13, 2009 Hi,I had recently a similar problem with obfuscator and McAfee. (I reported the false positive)MegaHas McAfee fixed the problem? Because in the Virus Total result above, McAfee also is detecting the table file as a virus. Link to comment Share on other sites More sharing options...
Xenobiologist Posted December 13, 2009 Share Posted December 13, 2009 Hi, till Friday the don't. I'll check my laptop tomorrow, cause it is the one for business. On my private PC I do not use McAfee. Mega Scripts & functions Organize Includes Let Scite organize the include files Yahtzee The game "Yahtzee" (Kniffel, DiceLion) LoginWrapper Secure scripts by adding a query (authentication) _RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...) Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc. MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times Link to comment Share on other sites More sharing options...
TomCat Posted December 16, 2009 Share Posted December 16, 2009 I reported to avira and they still say that its an damaged maleware file with harmful Codefragments... Link to comment Share on other sites More sharing options...
Developers Jos Posted December 16, 2009 Developers Share Posted December 16, 2009 I reported to avira and they still say that its an damaged maleware file with harmful Codefragments...... and what do you think? SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
TomCat Posted December 21, 2009 Share Posted December 21, 2009 false positive http://virscan.org/report/cb94cf26d999cf41270fef06383f3d80.html http://virusscan.jotti.org/de/scanresult/661a60a2953c5680671ff5ba9a2397cf93819830 but it suxx -.- Link to comment Share on other sites More sharing options...
Developers Jos Posted December 21, 2009 Developers Share Posted December 21, 2009 Its simple: It is a false positive but when you don't trust it then just don't use it.... Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now