Worm In Au3_spy.exe

[Helge]

For about an hour ago I was gonna script something in AutoIt,

and when I opened the AutoIt-directory this message popped up

The virus-program is Normal Virus Control 5.70,

and the text on the message isn't to hard to figure out even if you

don't understand Norwegian, but it says something like this :

"NVC found a worm and removed it."

"File : ........\AU3_Spy.exe"

Worm : W32/Mimail_based@mm (W32/UPX)

I know that the there's a bigger chance for that it is Norman

who's fucked up and not AutoIt, but I just wanted to report this...

Over !

[ezzetabi]

maybe the worm corrupted the autoit file.

[Jon]

I've just had an email from a user at a .nl domain saying that Au3_spy.exe had a virus but I scanned it here and it's fine.

Maybe it was the same AV program

[jpm]

I can add that 101 version is clean on my XP/Sp1 as was 100

[Valik]

At this point, I would be thinking one of two things: "Either I have some over-enthusiastic anti-virus software, or I have some crappy anti-virus software that can't tell the difference between a clean file and an infected one." Anybody hazard a guess to which side I'd leaning towards?

[Helge]

Anybody hazard a guess to which side I'd leaning towards?

I'm guessing the first one

And I'm also guessing that my school (which owns the computer I'm now using)

got an AV-program which is leaning toward your second description

[Valik]

I'm guessing the first one 

And I'm also guessing that my school (which owns the computer I'm now using)

got an AV-program which is leaning toward your second description 

Nah, I was leaning towards both. My actual thought would of been more like, "Look at this over-enthusiastic piece of crap that can't tell the difference between a virus and a clean file". I suppose it's a plus that your school does use AV, no matter how crappy it is. Back when I was in high-school, we used McAfee... which was way outdated and I don't recall EVER updating the virus-definitions, nor ever being told to do so (As it would of been my responsibility to it if they would of informed me of that task).

[laurin1]

Nah, I was leaning towards both.  My actual thought would of been more like, "Look at this over-enthusiastic piece of crap that can't tell the difference between a virus and a clean file".  I suppose it's a plus that your school does use AV, no matter how crappy it is.  Back when I was in high-school, we used McAfee... which was way outdated and I don't recall EVER updating the virus-definitions, nor ever being told to do so (As it would of been my responsibility to it if they would of informed me of that task).

<{POST_SNAPBACK}>

I just ran the v3 compiler and SpyBot's TeaTimer says upx.exe is known malware??

[emmanuel]

I just ran the v3 compiler and SpyBot's TeaTimer says upx.exe is known malware??

<{POST_SNAPBACK}>

It's that compilation method that Larry mentioned above. Just tell it to always allow.

[Valik]

I just ran the v3 compiler and SpyBot's TeaTimer says upx.exe is known malware??

<{POST_SNAPBACK}>

It's at this point you should stop using this SpyBot's TeaTimer and find a better application. UPX is a very popular executable compressor (Reduces the size of EXE files), so marking it as "malware" shows a fairly high level of incompetence.

[tuape]

For about an hour ago I was gonna script something in AutoIt,

and when I opened the AutoIt-directory this message popped up

The virus-program is Normal Virus Control 5.70,

and the text on the message isn't to hard to figure out even if you

don't understand Norwegian, but it says something like this :

I know that the there's a bigger chance for that it is Norman

who's fucked up and not AutoIt, but I just wanted to report this...

Over !

<{POST_SNAPBACK}>

I think it's good that people worry about viruses. You know, it wouldn't be impossible that AutoIt Spy or some other AutoIt related .exe got infected somehow. If I were you I would check this worm's description from for example here and check if I had those registry entries etc. on my machine. Let's hope this is just another false alarm.

[pekster]

I am quite sure this is nothing more than a lazy virus scanner. However, if you are seriousally concserned, run an md5sum of the Au3_Spy program of your file, and check it against an md5sum of a clean AutoIt file (included in the same version as the one you installed with.)

[autoitNOW]

I am quite sure this is nothing more than a lazy virus scanner.  However, if you are seriousally concserned, run an md5sum of the Au3_Spy program of your file, and check it against an md5sum of a clean AutoIt file (included in the same version as the one you installed with.)

<{POST_SNAPBACK}>

Totally agree with Pekster. Run a md5 check. Some free ones:

http://www.fastsum.com/ (fastsum)

http://www.mjleaver.com/ (Fingerprint)

http://www.brandonstaggs.com/filecheckmd5.html (FileCheckMD5)

http://www.slavasoft.com/fsum/ (fsum)

[randd]

Add:

UnxUtils from Sourceforge.

Can't go wrong with that stuff.

[ezzetabi]

www.hiddensoft.com you cant go wrong with Jon stuff.