Downloaded AutoIT.exe contains malicious code?

[AutoITwannaB]

I'm interested in using an autoit exe that I downloaded from the internet but knowing the capabilities of the scripting language I cannot trust the program, especially since it is from an unknown source. The author was nice enough to share his/her script, making it open source upon my request, but I do not know the AutoIT scripting language so I do not have the expertise to run through the script for malicious code. I did some basic searching for "ftp" and "http" looking for the obvious but I'm wondering if there is a service for looking at the code to determine it's validity? Maybe some nice AutoIT expert can look at the script for me. :-)

[Richard Robertson]

What is the intended use of the script?

[exodius]

I would wager an awful lot of rupees that your chances of such a person existing would increase tenfold if you'd post this code you're talking about...

**PS - Don't forget to put these tags around it! (Minus the -'s) [-autoit]code here[-/autoit]

Edited February 18, 2010 by exodius

[somdcomputerguy]

If you think this .exe might be 'viral' or some such, why do you think the source code provided by the author is the actual source of that .exe? To be certain that this program is 'safe', I would suggest compiling the source code and using that .exe.

Edited February 19, 2010 by snowmaker

[Kealper]

There is a very big chance that if they were willing to share the source, then it is clean, because if it had a virus in it, only a retard would post virus-laden source for the world to see...but yes, we cannot confirm or deny anything without seeing the source first, so as exodius said, just put the sourcecode in between the autoit bbcode tags.

[AutoITwannaB]

I would wager an awful lot of rupees that your chances of such a person existing would increase tenfold if you'd post this code you're talking about...

**PS - Don't forget to put these tags around it! (Minus the -'s) [-autoit]code here[-/autoit]

Well, I was going to do that but after seeing Richard's post I did some searching in the forums and came across Valik's post... if a g4me features an online multi-player component and you are attempting to automate it, discussion of such b0tz is not allowed here. I have no idea whether or not W3bz3n's EULA explicitly restricts the use of these programs but I do know that virtually no player manually levels characters. In fact, W3bz3n requests that any player seeing someone using a h4ck report it. The fact that everyone uses b0tz and yet no one who uses them gets banned confirms that W3bz3n tolerates b0tz but not h4cks. So, based on this should I expect an answer to my question or not? If a moderator says not, then I'll drop the discussion.

I know the developer spent a lot of time writing the code and I would like to trust the code and pay the author for the use of it, especially since he was nice enough to make it open source so that users can literally see for themselves if the code is clean or not. If it is okay, I will post a link to the webpage where the source code is and hope that someone with the expertise looks at it and lets me know if it is safe or not. Thanks!

[AutoITwannaB]

I'm not concerned about a virus being in the files; I'm concerned about their being script which captures login UN & PW information or that installs a keylogger or... thx

[AutoITwannaB]

FYI, The b0t in question was developed specifically for private g4me servers where there are no EULAs or if they exsist certainly do not exclude the use of this type of program.