Sign in to follow this  
Followers 0
Helge

Worm In Au3_spy.exe

15 posts in this topic

For about an hour ago I was gonna script something in AutoIt,

and when I opened the AutoIt-directory this message popped up

Posted Image

The virus-program is Normal Virus Control 5.70,

and the text on the message isn't to hard to figure out even if you

don't understand Norwegian, but it says something like this :

"NVC found a worm and removed it."

"File : ........\AU3_Spy.exe"

Worm : W32/Mimail_based@mm (W32/UPX)

I know that the there's a bigger chance for that it is Norman

who's fucked up and not AutoIt, but I just wanted to report this...

Over !

Share this post


Link to post
Share on other sites



maybe the worm corrupted the autoit file.

Share this post


Link to post
Share on other sites

I can add that 101 version is clean on my XP/Sp1 as was 100

Share this post


Link to post
Share on other sites

At this point, I would be thinking one of two things: "Either I have some over-enthusiastic anti-virus software, or I have some crappy anti-virus software that can't tell the difference between a clean file and an infected one." Anybody hazard a guess to which side I'd leaning towards? :whistle:

Share this post


Link to post
Share on other sites

Anybody hazard a guess to which side I'd leaning towards?

I'm guessing the first one :whistle:

And I'm also guessing that my school (which owns the computer I'm now using)

got an AV-program which is leaning toward your second description B)

Share this post


Link to post
Share on other sites

I'm guessing the first one  :whistle:

And I'm also guessing that my school (which owns the computer I'm now using)

got an AV-program which is leaning toward your second description  B)

Nah, I was leaning towards both. My actual thought would of been more like, "Look at this over-enthusiastic piece of crap that can't tell the difference between a virus and a clean file". I suppose it's a plus that your school does use AV, no matter how crappy it is. Back when I was in high-school, we used McAfee... which was way outdated and I don't recall EVER updating the virus-definitions, nor ever being told to do so (As it would of been my responsibility to it if they would of informed me of that task).

Share this post


Link to post
Share on other sites

Nah, I was leaning towards both.  My actual thought would of been more like, "Look at this over-enthusiastic piece of crap that can't tell the difference between a virus and a clean file".  I suppose it's a plus that your school does use AV, no matter how crappy it is.  Back when I was in high-school, we used McAfee... which was way outdated and I don't recall EVER updating the virus-definitions, nor ever being told to do so (As it would of been my responsibility to it if they would of informed me of that task).

<{POST_SNAPBACK}>

I just ran the v3 compiler and SpyBot's TeaTimer says upx.exe is known malware??

Keith Davis

MCSA, ZCE, A+, N+

http://www.laurinkeithdavis.com

Share this post


Link to post
Share on other sites

I just ran the v3 compiler and SpyBot's TeaTimer says upx.exe is known malware??

<{POST_SNAPBACK}>

It's that compilation method that Larry mentioned above. Just tell it to always allow.

"I'm not even supposed to be here today!" -Dante (Hicks)

Share this post


Link to post
Share on other sites

I just ran the v3 compiler and SpyBot's TeaTimer says upx.exe is known malware??

<{POST_SNAPBACK}>

It's at this point you should stop using this SpyBot's TeaTimer and find a better application. UPX is a very popular executable compressor (Reduces the size of EXE files), so marking it as "malware" shows a fairly high level of incompetence.

Share this post


Link to post
Share on other sites

For about an hour ago I was gonna script something in AutoIt,

and when I opened the AutoIt-directory this message popped up

Posted Image

The virus-program is Normal Virus Control 5.70,

and the text on the message isn't to hard to figure out even if you

don't understand Norwegian, but it says something like this :

I know that the there's a bigger chance for that it is Norman

who's fucked up and not AutoIt, but I just wanted to report this...

Over !

<{POST_SNAPBACK}>

I think it's good that people worry about viruses. You know, it wouldn't be impossible that AutoIt Spy or some other AutoIt related .exe got infected somehow. If I were you I would check this worm's description from for example here and check if I had those registry entries etc. on my machine. Let's hope this is just another false alarm.

Share this post


Link to post
Share on other sites

I am quite sure this is nothing more than a lazy virus scanner. However, if you are seriousally concserned, run an md5sum of the Au3_Spy program of your file, and check it against an md5sum of a clean AutoIt file (included in the same version as the one you installed with.)


[font="Optima"]"Standing in the rain, twisted and insane, we are holding onto nothing.Feeling every breath, holding no regrets, we're still looking out for something."[/font]Note: my projects are off-line until I can spend more time to make them compatable with syntax changes.

Share this post


Link to post
Share on other sites

I am quite sure this is nothing more than a lazy virus scanner.  However, if you are seriousally concserned, run an md5sum of the Au3_Spy program of your file, and check it against an md5sum of a clean AutoIt file (included in the same version as the one you installed with.)

<{POST_SNAPBACK}>

Totally agree with Pekster. Run a md5 check. Some free ones:

http://www.fastsum.com/ (fastsum)

http://www.mjleaver.com/ (Fingerprint)

http://www.brandonstaggs.com/filecheckmd5.html (FileCheckMD5)

http://www.slavasoft.com/fsum/ (fsum)


An ADVOCATE for AutoIT

Share this post


Link to post
Share on other sites

Add:

UnxUtils from Sourceforge.

Can't go wrong with that stuff. :ph34r:


Raoul S. Duke: Few people understand the psychology of dealing with a highway traffic cop. Your normal speeder will panic and immediately pull over to the side. This is wrong. It arouses contempt in the cop-heart. Make the bastard chase you. He will follow.

Share this post


Link to post
Share on other sites

www.hiddensoft.com you cant go wrong with Jon stuff. :ph34r:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0