Jump to content

runtime scans detect all autoit exes

lionfaggot

By lionfaggot,
in AutoIt General Help and Support

 Share

Recommended Posts

lionfaggot Polymath

lionfaggot

Posted
Posted (edited)

i compiled an exe with sleep(100) in it - the exes dont get detected by heuristics but rather ridiculous runtime scans.

at this point its just pissing me off, google online sandbox and scan any autoit exe. says it edits registry at runtime.

all ye autoit coders join me, let us smite this idiocy with prejudice

default permit can lick my ass.

what i dont get is why runtime scans dont just prevent programs from adding themselves to autostart. that'd pretty much end the malware problem.

instead they blacklist entire methods of registry writing, regardless of how harmful it is. it's time that us coders getting fucked over step up to the plate

you guys can say whatever you like about it, i'm fed up with the antivirus industry, theyre all a bunch of thieves, and they hurt legiotamate coders with their hairbrained schemes. so whoever wants to see autoit live on, help me out. if i have some support im sure we can stick it to these fuckers

Edited by lionfaggot
Link to comment
Share on other sites
guinness Universalist

guinness

Posted
Posted

what else can we do?

Have a good reputation as a program designer so users will understand from time to time there will be a False Positive of your application. I would also like to reference the story about "The Wind and the Sun", the moral of this story is poignant to why your proposal won't work!

this is very important to the survival of autoit

You mean users posting code which is not only relevant to todays standards but doesn't break the EULA/Rules/Law/Morals etc... I quite a agree :)

Note: Maybe this should have been discussed in "Chat"?

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Link to comment
Share on other sites
lionfaggot Polymath

lionfaggot

Posted
  • Author
Posted

ill make this very simple, a runtime scan is not based on the hash pattern of an executable before it is run, a runtime scan detects what an exe does at runtime as malaicious or not, apparently all autoit exes edit some registry valuue regardless of whether or not there is even a regwrite call in your exe. this is an important matter and no one seems to care that the entire language of autoit is on the brink of destruction right now. so its whatever, the internet is just like the real world, everyone is so damn apathetic. i guess ill have to find another language to use if no one will help me

Link to comment
Share on other sites
  • Moderators
Melba23 Universalist

Melba23

Posted
  • Moderators
Posted

lionfaggot,

Do you think you are the first to become annoyed by having your compiled scripts flagged by AV software. ;)

Just relax - from experience if you let the companies know they remove the definiton that causes the false detection pretty smartly. Well, at least until the next time. :)

What guinness was trying to point out was that unfortunately the ease of coding in AutoIt means that a lot of "script kiddies" produce unpleasant code with it and cause problems. The AV companies tend to go for the easy option of looking for the AutoIt or upx stub rather than the script section itself. It is a problem we have to live with - and one which many of us have lived with for much longer than you (hint: look at the joining dates :idiot:). Suggesting that "this is very important to the survival of autoit" is hyperbole of the worst sort.

So calm down, oh, and please stop swearing. :idiot:

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites
  • Developers
Jos Universalist

Jos

Posted
  • Developers
Posted

ill make this very simple, a runtime scan is not based on the hash pattern of an executable before it is run, a runtime scan detects what an exe does at runtime as malaicious or not, apparently all autoit exes edit some registry valuue regardless of whether or not there is even a regwrite call in your exe. this is an important matter and no one seems to care that the entire language of autoit is on the brink of destruction right now. so its whatever, the internet is just like the real world, everyone is so damn apathetic. i guess ill have to find another language to use if no one will help me

Are you seriously wondering, after reading your own posts, why nobody is taking you serious?

When you want to address something like this and expect a serious answer, then consider getting of your high horse and start writing a clear definition of your issue in stead of this "lick my ass" bull shit.

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.  :)

Link to comment
Share on other sites
lionfaggot Polymath

lionfaggot

Posted
  • Author
Posted

jos scan any autoit exe on any online sandbox, why wont anyone try that? im not blowing smoke out my ass. all autoit exes are detected by antivirus runtime scans, and no one gives a fuck. google it jos "online sandbox" scan any of your autoit exes in a few of them. all are detected. so insult me as you see fit, but i know what i am talking about. do it Jos, i challenge you to scan any autoit exe on a few online sandboxes. you will see what i mean.

Link to comment
Share on other sites
  • Developers
Jos Universalist

Jos

Posted
  • Developers
Posted (edited)

jos scan any autoit exe on any online sandbox, why wont anyone try that? im not blowing smoke out my ass. all autoit exes are detected by antivirus runtime scans, and no one gives a fuck. google it jos "online sandbox" scan any of your autoit exes in a few of them. all are detected. so insult me as you see fit, but i know what i am talking about. do it Jos, i challenge you to scan any autoit exe on a few online sandboxes. you will see what i mean.

I am done with you since you didn't take the opportunity to post a NORMAL reply and insist on your stupid approach to make your point. Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.  :)

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...