Jump to content

Compiling A Virus ?


Recommended Posts

Hi Guys and Gals.

I'm new here but I have been using AutoIT for a while. I'm now using V3.3.6.1 but I have had the same problems with earlier versions.

When I write scripts and test them I have no problems.

The problem I get is that when I compile some scripts, my AVG detects them as being infected with an unknown virus.

It's irritating for obvious reasons but I can't figure out why only some compiled scripts get detected as infected.

Any ideas on why and suggestions on how to stop the problem(s) ?.

Link to comment
Share on other sites

  • Moderators

Technomancer,

Not the best choice of thread title - it sounds like you want to create a virus yourself! ;)

I use AVG and my AutoIt compiled exe files do not alarm, so I wonder if you have another problem. :unsure:

As to why the files set off the alert - try the Are my AutoIt exes really infected thread just above yours - that is why it is a sticky. :>

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites

Use a serious AV.

Also read

Bad AV programs treat the compression used in compiled AutoIt programs as potential viral code.

Others detect they are AutoIt and flag them as potential virus. As if one could flag a random program as virus on the only ground that it has been compiled with this or that compiler.

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites

If Melba23 uses AVG without encountering problems, I suspect that Technomancer's AVG may be out of date.

I get exactly the same problems with mine and its bang up to date

Ive tried adding the autoit folder and many of the exe.s to avg exceptions

quickest way round it i just turn off Resident Shield when i need to compile and back on after ive finished

Ive always had the problems with avg since i started coding with autoit

and it was the same at work when i had autoit installed there

The last time i mentioned it i tried the reporting to avg suggestions but had no replys from them at all

Chim

Link to comment
Share on other sites

The last time i mentioned it i tried the reporting to avg suggestions but had no replys from them at all

To me that indicates that you are using the free version and AVG is notorious for their absolute refusal to support free users at all.

They have lost a lot of users who could potentialy upgrade since they brought in that policy about 8 years ago.

George

Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.

Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.***

The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number.

Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else.

"Old age and treachery will always overcome youth and skill!"

Link to comment
Share on other sites

Yes i do use the free version and

No i didnt want support, i just wanted them to acknowledge my mail so i knew something might be done

Optimistic i know...

Link to comment
Share on other sites

Too optomistic. They will re-consider any false positives that you send but they will not reply to let you know what they are doing about it.

Edited by GEOSoft

George

Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.

Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.***

The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number.

Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else.

"Old age and treachery will always overcome youth and skill!"

Link to comment
Share on other sites

well as long as they did something with the report i sent them then it wasn't a total loss :unsure:

I may just have to jump to another free one, shame cos avg does what i want and doesn't get in the way too much, except when i compile lol

Link to comment
Share on other sites

I switched to Avast a long time when the AVG site was under a ddos attack and they set up a new site for registered users to get updates but wouldn't extend that same courtesy to the free users because the policy was to not reply to emails from them.

That to me was a complete total crap. You're not going to afford complete protection to free users that had nothing to do with the ddos attack? Stupid; and I told them so at the time.

After a lot of ranting and raving in emails sent to the head office I did get a reply from a woman in the US but it just stated the company policy and the fact they had no intention of relaxing that policy for any reason. After I called her a B***h I didn't hear from her again.

George

Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.

Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.***

The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number.

Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else.

"Old age and treachery will always overcome youth and skill!"

Link to comment
Share on other sites

I have the same issue with AVG which is sad because I've used it for so long.Some of my programs are fine, but others are consistanly flagged and quarantined.

At first I thought it may be the file install as all the ones flagged were recontructed installers for old games (32 bit games with 16 bit installers) However, I'm now leaning either toward the UPX compression or reg-writes.

010101000110100001101001011100110010000001101001011100110010000

001101101011110010010000001110011011010010110011100100001

My Android cat and mouse game
https://play.google.com/store/apps/details?id=com.KaosVisions.WhiskersNSqueek

We're gonna need another Timmy!

Link to comment
Share on other sites

Use a serious AV.

Guess that rules out most, if not all, free AV's one's. No?

Anyway, as where talking AV ...

AVG: never had one false alarm. (using it for some time now ... so I can also forgot about them :unsure: )

Avast: got 2 false alarms on some old complied compiled executable's. (not re-tested yet with relevant/available au3 update's) (started using Avast only recently. Reported ... not changed yet though.)

Posted Image

Edited by singularity

"Straight_and_Crooked_Thinking" : A "classic guide to ferreting out untruths, half-truths, and other distortions of facts in political and social discussions."
"The Secrets of Quantum Physics" : New and excellent 2 part documentary on Quantum Physics by Jim Al-Khalili. (Dec 2014)

"Believing what you know ain't so" ...

Knock Knock ...
 

Link to comment
Share on other sites

Yes I rule out free AVs.

My rationale for this is simple and twofold: study this and compare vendors' history.

The most effective, stable over time, hyperfast product is ESET which I've been using and recommending for long long time.

But this is getting slightly off topic now and an area for trolling.

Edited by jchd

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites

Yes I rule out free AVs.

My rationale for this is simple and twofold: study this and compare vendors' history.

The most effective, stable over time, hyperfast product is ESET which I've been using and recommending for long long time.

But this is getting slightly off topic now and an area for trolling.

A little off topic maybe, don't get the trolling part though.

- Thanks for links, did not know about http://www.virusbtn.com

- Relative problem: Some (if not most free) AV's, like AVG and Avast are not just/only free. But also have a payed version, but I don't think they feed there free and paid versions different detection definitions. (ok, some probably do, but probably only as a "paid version gets newer/latest updated" versus "free version gets somewhat later/older versions" updating scheme.) ... So that should be: Paid only AV's are better than AV's that also provide a free(none temporary) version.

- Other relative problem: Which AV someone uses locally, has no effect on the potentially false positives his own build(AutoIt) executable's might trigger when there released to others.

And to address a part of OP's question.

- Look for some way/option to make your AV ignore specific locations from its real-time scanning process. (preventing your AV from getting triggered the moment you have build a new executable. ... Most annoying local problem I can think of.)

... oops, see Zedna just killed my on-topic message part ... Well almost ...

Edited by singularity

"Straight_and_Crooked_Thinking" : A "classic guide to ferreting out untruths, half-truths, and other distortions of facts in political and social discussions."
"The Secrets of Quantum Physics" : New and excellent 2 part documentary on Quantum Physics by Jim Al-Khalili. (Dec 2014)

"Believing what you know ain't so" ...

Knock Knock ...
 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...