Jump to content
Sign in to follow this  
cembry90

AutoIt Installer Detected As Virus?

Recommended Posts

cembry90

It's obviously not, but what gives? I've never gotten this before.

I was going to make some video tutorials for some people, to show them how to use AutoIt, but it seems I can't even get past the installer download without having to circumvent my antivirus (newest version of Avast Free).

I made a post on their community forum, so hopefully this will be fixed soon. I suppose we shall see!! :mellow:

Here is the image of the scan I performed:

 ~ Click me for a larger version! ~

Posted Image

Thanks guys!

Chris


AutoIt Stuff:

 

UDFs: {Grow}

Share this post


Link to post
Share on other sites
jchd

Please!

You're a long-term user and you never noticed the second sticky post on the list? Come on, go read it.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites
cembry90

Please!

You're a long-term user and you never noticed the second sticky post on the list? Come on, go read it.

Hey, no reason to be a snob about things.

Are you referring to this topic? If so, maybe you should read it. Or maybe just the title will suffice: "Are my AutoIt EXEs really infected?" ( Emphasis on the words "my AutoIt EXEs", since the AutoIt installer isn't mine, nor is it made in AutoIt. ) Given this information, you should deduct that this is another issue entirely.

Also, I have read that sticky, as I have the other sticky and the announcement alike. This problem just started happening within the past 2 weeks, which is why I posted this here. Anyways, thanks for your concern about me being uneducated on the forum!

Chris

Edited by cembry90

AutoIt Stuff:

 

UDFs: {Grow}

Share this post


Link to post
Share on other sites
jchd

Sorry but reccurent posts here about AutoIt-related binaries being detected as false-positive by ill-behaved AV products don't belong to the _help_ forum.

What do you expect us to do to help you and, as you state, what should be done and by whom? Complain to your AV vendor, not here.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites
cembry90

Sorry but reccurent posts here about AutoIt-related binaries being detected as false-positive by ill-behaved AV products don't belong to the _help_ forum.

What do you expect us to do to help you and, as you state, what should be done and by whom? Complain to your AV vendor, not here.

Ill-behaved? I can't express to you how useful Avast is. I've never gotten a virus or anything else since I have used it, and I will continue to use it.

As for this being the help forum and me needing help, I made this post to let people know that I have posted on Avast's website about this, and that they are dealing with this issue.

Again thanks for your concern and excellent support.

Chris

I'd better just shut up. Mod, please delete this. I feel this doesn't belong here anymore, seeing that it is no longer on topic..

Avast is aware of the issue, so there is nothing else I can do here.

Chris

Edited by cembry90

AutoIt Stuff:

 

UDFs: {Grow}

Share this post


Link to post
Share on other sites
GEOSoft

Chris, I've also had very good luck notifying Avast directly via Emails. I'm not sure just how responsive they are to their forums. There used to be a "Report" this file button in Avast but I don't see it there now. When they had it, I could report a file and within a couple of hours there was another update that solved the issue. If they happen to ask you, the AutoIt installer is done using NSIS.


George

Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.

Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.***

The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number.

Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else.

"Old age and treachery will always overcome youth and skill!"

Share this post


Link to post
Share on other sites
jchd

Yes, flagging a _language_ (scripting or not) as "malware" by itself is completely ill-behaved! That it be Delphi, AutoIt, PHP, Real Basic, C-Lisp or whatever, systematic flag of any trace of it is the demonstration that some AV companies are doing a bad job. Your example of detection of AutoIt _installer_ as a malware is completely dumb. Do they flag Visual Studio identically, CodeBlocks, Eclipse, gcc? I bet they don't!

But there is nothing that can be done here against that in terms of "support".

Finally and despite what you seem to believe, AutoIt really matters for me and the reccurent flagging of any part of it without any ground irritates me much more than you think.

As a sidenote, discussing association of AutoIt and malware repeatedly increases the score in search engines, which AV vendors sometimes use as justification of their poor choices.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites
JohnOne

I seen a few myself of late regarding scripts and the autoit exe, and I also got an alert accusing scite.exe this morning which Id never seen.

Comodo dosent auto quarantine them though thankfully, one click option to ignore and report false to them.


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites
wolf9228

This message is not accurate response from antivirus is sent when

you create a new file and write It ... When you run the Program's executable

file directly because this process code used by hackers to plant spyware

We can say the operation code raises doubts and suspicions ... Therefore,

antivirus monitored operation code

Solution

Do not create the file directly when you run the executable file ... And

create the file When the operation code requires it

In this example antivirus will send the same message

#include <SQLite.dll.au3>
$BinaryData = __SQLite_Inline_SQLite3Dll()
$HF = FileOpen(@ScriptDir & "\sqlite3.dll",2)
FileWrite($HF,Binary($HF))

In this example will not send the message

#include <SQLite.dll.au3>
#include <GUIConstantsEx.au3>
GUICreate("My GUI")
$Button_1 = GUICtrlCreateButton("FileWrite", 10, 30, 100)
GUISetState()
    While 1
        $msg = GUIGetMsg()
        Select
            Case $msg = $GUI_EVENT_CLOSE
                ExitLoop
            Case $msg = $Button_1
                $BinaryData = __SQLite_Inline_SQLite3Dll()
                $HF = FileOpen(@ScriptDir & "\sqlite3.dll",2)
                FileWrite($HF,Binary($HF))
        EndSelect
    WEnd

صرح السماء كان هنا

 

Share this post


Link to post
Share on other sites
pligor

Sorry but reccurent posts here about AutoIt-related binaries being detected as false-positive by ill-behaved AV products don't belong to the _help_ forum.

What do you expect us to do to help you and, as you state, what should be done and by whom? Complain to your AV vendor, not here.

I have to ask for one more time. Is there ANYTHING we could do to trick antivirus programs that the autoit .exe files are something else which they will not target as virus?

It's a shame to have such a good programming language with one the best documentations and not be able to share your files with others.

Because I would like to distribute some of my autoit project to the public. I already have read the argument that I could inform the AV vendors but this could work only on final releases with no further development.

My purpose is to distribute, get feedback, improve, recompile and distribute once more and so on. No way to implicate in this process all the AV vendors!

If there is anything that would do the trick I am open to hear it.

I am using F-Secure 2011 and whatever I have tried so far, disabling UPX, using another packer like PEcompact, nothing has succeed. This includes other antiviruses like panda cloud, avg etc.

The reason I ask this solution, is pretty simple. I would like to create real life big useful applications using autoit and currently I am discouraged of doing so.

Thank you

Share this post


Link to post
Share on other sites
JohnOne

Trying to fool an antivirus program, or anything for that matter, that your app is something other than what it is, is a massive flag waver in itself, not to mention an invitation for anyone with malicious intent to use such a method on their own dirty software.

Its a silly idea, in a long dead thread.


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites
pligor

Trying to fool an antivirus program, or anything for that matter, that your app is something other than what it is, is a massive flag waver in itself, not to mention an invitation for anyone with malicious intent to use such a method on their own dirty software.

Its a silly idea, in a long dead thread.

I will try to make it even simpler.

If you have a "hello world" program written and compiled in visual basic language everything is ok.

But if you have a "hello world" program, that does exactly the same thing, written and compiled in autoit script is considered a virus.

This is the truth. The antivirus programs do not take the time to see if my software has a malicious behaviour or not.

They simply check to see if it is written in autoit and label all autoit executables as viruses.

So... I would like to remove/change, if possible, this certain portion of the executable that flags the program as autoit. Some patch or something..

There must be a solution. Please share

Thank you!

Share this post


Link to post
Share on other sites
pligor

Its seldom that the autoit interpreter gets flagged as virus, and It dosent last long when you use the proper channels of communication to have it unflagged.

meaning?.. What do you mean exactly? I didn't get what you were trying to tell me. I am sorry. Could you elaborate please?

Thank you :graduated:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×