Sign in to follow this  
Followers 0
Zohar

[Solved] Is there any New Info regarding the "Are my AutoIt EXEs really infected?" Topic?

9 posts in this topic

#1 ·  Posted (edited)

Hi

After writing many scripts for my own personal use,

I am considering to write a program, that for the first time, is meant not just for my computer, but for the masses.

I will compile this program to EXE of course.

And this makes me wonder regarding the "Are my AutoIt EXEs really infected?" topic.

I am using ESET NOD32 Antivirus, and it does not recognize AutoIt EXEs as a Virus.

The above mentioned topic, is from 2006.

Are there any news regarding it?

Do we have some status regarding What Antiviruses recognize AutoIt EXEs as a Virus(today..)?

If not, can people here, who have different Antiviruses can post and tell what their Antivirus is aying regatrding AutoIt EXEs?

This will really help me.

Thank you very much

Zohar

Edited by Zohar

Share this post


Link to post
Share on other sites



Search the forum, there's 100's of topics regarding this, no need to start another.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Hi

you're right.

There're quite enough.

I will read many now,

if more questions arise, I'll comeback here.

Thank you very much

Zohar

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Wow.

The situation is not bad at all.

I Covnerted an AutiIt script to an EXE,

and uploaded it to VirusTotal, and out of 42 Anriviruses, only 1 thinks an AutoIt EXE is a Virus:

Posted Image

Edit:

I also tried to Compile to EXE without the UPX Compression (using /nopack),

and the results are abit different:

Still 1 Antivirus thinks an AutoIt EXE is a Virus,

but this time it's another Antivirus - "The Hacker Antivirus":

Posted Image

Edited by Zohar

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

I've made a few programs, one of which has been downloaded more than 2,500 times, recently I decided to scan it on virus total, it was flagged 36 out of 40+ AVs which really pissed me off.

Edit: especially since the files does no more than just edit a few files.

Edited by ApudAngelorum

Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites

36 out of 40???

Completely insane :)

What function might have caused the alarms to go off?

Did you try to comment some blocks of code, in order to find via elimination, which function is the problematic one?

Share this post


Link to post
Share on other sites

I really wouldn't be sure, I doubt it's any specific functions in it that caused that either.

When I had released the program, I submitted it to various AVs with source code so they wouldn't flag it, they said alright and I noticed the next day that 3 of those AVs stopped flagging it.

2 weeks later they and many others started flagging it so I just gave up.


Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites

Can you please tell me,

When did all this happen?

And with what version of AutoIt?

Share this post


Link to post
Share on other sites

If you are serious about making your program pass antivirus checks, you can always submit your program to antivirus companies and let them check it out. Here is an article on the subject.

http://www.softwareprotection.info/2011/08/antivirus-false-detection-how-to-solve/


RAID Calculator | Software Installer

The truth has been suppressed since the dawn of time.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0