marko001 Posted September 8, 2011 Share Posted September 8, 2011 Hmm, how to avoid it? I obfuscate and compile and Avast recognize it as that Worm. It works if I disable Avast for a while but when/if restarted it recognize again that worm in the compiled executable aswell. Any way to solve this? M. Link to comment Share on other sites More sharing options...
Developers Jos Posted September 8, 2011 Developers Share Posted September 8, 2011 (edited) Any way to solve this?Sure, don;t use Obfuscator or Avast.. . or maybe skip UPX? Edited September 8, 2011 by Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
marko001 Posted September 8, 2011 Author Share Posted September 8, 2011 any other hint as protector instead of Obfuscator? Link to comment Share on other sites More sharing options...
Developers Jos Posted September 8, 2011 Developers Share Posted September 8, 2011 (edited) The disable UPX suggestion didn't work? By the way: Obfuscator doesn't protect your code at all, just makes it harder to read. Jos Edited September 8, 2011 by Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Zedna Posted September 8, 2011 Share Posted September 8, 2011 Another fix is to add directory with Autoit's script as exception to your antivirus so it will not scan these directories. I use it this way too. Resources UDF ResourcesEx UDF AutoIt Forum Search Link to comment Share on other sites More sharing options...
marko001 Posted September 9, 2011 Author Share Posted September 9, 2011 Skipping UPX doesn't solve it. Avast will skip folders just for manual scansion. I disabled Avast and obfuscation worked but once Avast is again active it doesn't allow .exe to run and trashes it. Looking now for other form of protection instead of Obfuscation, do you hava any hint? M. Link to comment Share on other sites More sharing options...
Tripredacus Posted September 9, 2011 Share Posted September 9, 2011 So if you compile without using Obfusicator, Avast doesn't see it as a virus? Twitter | MSFN | VGCollect Link to comment Share on other sites More sharing options...
happytc Posted September 9, 2011 Share Posted September 9, 2011 About virus, using AUTOIT, we face a dilemma sadly and helplessly.here the file of aaa.exe only has a blank line(add a Enter), then compiling without UPX.The result is :File name:aaa.exeSubmission date:2011-08-30 14:24:03 (UTC)Current status:finishedResult:7 /44 (15.9%)http://www.virustotal.com/file-scan/repo...48ae40f4009d166cc1d9600dc5caf- Link to comment Share on other sites More sharing options...
GEOSoft Posted September 9, 2011 Share Posted September 9, 2011 First of all; right at the top if the index page for this forum we have With Avast all you have to do is report it as a false positive and the problem will be solved within hours, often within minutes. They are particularily good about that. It also helps to let them know you are willing to send them the un-obfuscated script so they can check that. For sure they are used to looking at AutoIt scripts. As a side note; I was looking at the virus updates for the last 30 days and there are 40 that have AutoIt in the virus name. That was yesterday and only for the last 30 days. George Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.*** The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number. Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else. "Old age and treachery will always overcome youth and skill!" Link to comment Share on other sites More sharing options...
BrewManNH Posted September 9, 2011 Share Posted September 9, 2011 I tend to not trust the VirusTotal website for accurate information. For example, I looked at the link that HappyTC posted for his test, and I have had Comodo AV on a system and it never flagged any of my scripts, compiled with or without UPX and with and with Obfuscating them, as a virus. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
WinkleDoodle Posted September 9, 2011 Share Posted September 9, 2011 Besides usual case of UPX, I believe the second reason for the virus flag is because of "FileInstall" function. Link to comment Share on other sites More sharing options...
Developers Jos Posted September 9, 2011 Developers Share Posted September 9, 2011 Looking now for other form of protection instead of Obfuscation, do you hava any hint?You did see my second line in my post ..right?What is it you want to protect? Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now