Sign in to follow this  
Followers 0
Cuervo

Obfuscatored exes being detected as virus

3 posts in this topic

Hello all,

I've started using the obfuscrate functions when compiling but my AV, McAfee Enterprise Edition is logging and deleting the files while using the On Access scanner. Here is the log.

4/7/2010 7:33:27 PM Engine version = 5400.1158

4/7/2010 7:33:27 PM AntiVirus DAT version = 5944.0

4/7/2010 7:33:27 PM Number of detection signatures in EXTRA.DAT = None

4/7/2010 7:33:27 PM Names of detection signatures in EXTRA.DAT = None

4/7/2010 7:34:03 PM Deleted SYSTEM E:\Open Container\iopen.exe\iopen.au3 W32/Autorun.worm.zf.gen (Virus)

While I know this is not a virus is this common? Is there something in AutoIt I can do to eliminate the issue or will I just have to work around it by disabling my AV program while working AU?

Thanks

BTW: I did a search for obfuscrate and virus and only came up with stuff from a kid that seemed to be writing virus with AU and obfuscating them.


-Tim

Share this post


Link to post
Share on other sites



Read the second top sticky post in this forum.

Bet this will be a locked post soon!


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

Well, I saw that but it was only happening when using obfuscrate and I didn't see anything in that post regarding that function.

I will take that a general reply and use it in this case as well.

Thanks.


-Tim

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0