Helge Posted March 12, 2004 Share Posted March 12, 2004 For about an hour ago I was gonna script something in AutoIt,and when I opened the AutoIt-directory this message popped upThe virus-program is Normal Virus Control 5.70,and the text on the message isn't to hard to figure out even if youdon't understand Norwegian, but it says something like this :"NVC found a worm and removed it.""File : ........\AU3_Spy.exe"Worm : W32/Mimail_based@mm (W32/UPX)I know that the there's a bigger chance for that it is Normanwho's fucked up and not AutoIt, but I just wanted to report this...Over ! Link to comment Share on other sites More sharing options...
ezzetabi Posted March 12, 2004 Share Posted March 12, 2004 maybe the worm corrupted the autoit file. Link to comment Share on other sites More sharing options...
Administrators Jon Posted March 12, 2004 Administrators Share Posted March 12, 2004 I've just had an email from a user at a .nl domain saying that Au3_spy.exe had a virus but I scanned it here and it's fine. Maybe it was the same AV program Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/ Link to comment Share on other sites More sharing options...
jpm Posted March 12, 2004 Share Posted March 12, 2004 I can add that 101 version is clean on my XP/Sp1 as was 100 Link to comment Share on other sites More sharing options...
Valik Posted March 12, 2004 Share Posted March 12, 2004 At this point, I would be thinking one of two things: "Either I have some over-enthusiastic anti-virus software, or I have some crappy anti-virus software that can't tell the difference between a clean file and an infected one." Anybody hazard a guess to which side I'd leaning towards? Link to comment Share on other sites More sharing options...
Helge Posted March 12, 2004 Author Share Posted March 12, 2004 Anybody hazard a guess to which side I'd leaning towards?I'm guessing the first one And I'm also guessing that my school (which owns the computer I'm now using)got an AV-program which is leaning toward your second description Link to comment Share on other sites More sharing options...
Valik Posted March 12, 2004 Share Posted March 12, 2004 I'm guessing the first one And I'm also guessing that my school (which owns the computer I'm now using)got an AV-program which is leaning toward your second description Nah, I was leaning towards both. My actual thought would of been more like, "Look at this over-enthusiastic piece of crap that can't tell the difference between a virus and a clean file". I suppose it's a plus that your school does use AV, no matter how crappy it is. Back when I was in high-school, we used McAfee... which was way outdated and I don't recall EVER updating the virus-definitions, nor ever being told to do so (As it would of been my responsibility to it if they would of informed me of that task). Link to comment Share on other sites More sharing options...
laurin1 Posted August 3, 2004 Share Posted August 3, 2004 Nah, I was leaning towards both. My actual thought would of been more like, "Look at this over-enthusiastic piece of crap that can't tell the difference between a virus and a clean file". I suppose it's a plus that your school does use AV, no matter how crappy it is. Back when I was in high-school, we used McAfee... which was way outdated and I don't recall EVER updating the virus-definitions, nor ever being told to do so (As it would of been my responsibility to it if they would of informed me of that task). <{POST_SNAPBACK}>I just ran the v3 compiler and SpyBot's TeaTimer says upx.exe is known malware?? Keith Davis MCSA, ZCE, A+, N+ http://www.laurinkeithdavis.com Link to comment Share on other sites More sharing options...
emmanuel Posted August 3, 2004 Share Posted August 3, 2004 I just ran the v3 compiler and SpyBot's TeaTimer says upx.exe is known malware?? <{POST_SNAPBACK}>It's that compilation method that Larry mentioned above. Just tell it to always allow. "I'm not even supposed to be here today!" -Dante (Hicks) Link to comment Share on other sites More sharing options...
Valik Posted August 3, 2004 Share Posted August 3, 2004 I just ran the v3 compiler and SpyBot's TeaTimer says upx.exe is known malware?? <{POST_SNAPBACK}>It's at this point you should stop using this SpyBot's TeaTimer and find a better application. UPX is a very popular executable compressor (Reduces the size of EXE files), so marking it as "malware" shows a fairly high level of incompetence. Link to comment Share on other sites More sharing options...
tuape Posted August 3, 2004 Share Posted August 3, 2004 For about an hour ago I was gonna script something in AutoIt, and when I opened the AutoIt-directory this message popped up The virus-program is Normal Virus Control 5.70, and the text on the message isn't to hard to figure out even if you don't understand Norwegian, but it says something like this : I know that the there's a bigger chance for that it is Norman who's fucked up and not AutoIt, but I just wanted to report this... Over ! <{POST_SNAPBACK}>I think it's good that people worry about viruses. You know, it wouldn't be impossible that AutoIt Spy or some other AutoIt related .exe got infected somehow. If I were you I would check this worm's description from for example here and check if I had those registry entries etc. on my machine. Let's hope this is just another false alarm. Link to comment Share on other sites More sharing options...
pekster Posted August 3, 2004 Share Posted August 3, 2004 I am quite sure this is nothing more than a lazy virus scanner. However, if you are seriousally concserned, run an md5sum of the Au3_Spy program of your file, and check it against an md5sum of a clean AutoIt file (included in the same version as the one you installed with.) [font="Optima"]"Standing in the rain, twisted and insane, we are holding onto nothing.Feeling every breath, holding no regrets, we're still looking out for something."[/font]Note: my projects are off-line until I can spend more time to make them compatable with syntax changes. Link to comment Share on other sites More sharing options...
autoitNOW Posted August 5, 2004 Share Posted August 5, 2004 I am quite sure this is nothing more than a lazy virus scanner. However, if you are seriousally concserned, run an md5sum of the Au3_Spy program of your file, and check it against an md5sum of a clean AutoIt file (included in the same version as the one you installed with.) <{POST_SNAPBACK}>Totally agree with Pekster. Run a md5 check. Some free ones: http://www.fastsum.com/ (fastsum) http://www.mjleaver.com/ (Fingerprint) http://www.brandonstaggs.com/filecheckmd5.html (FileCheckMD5) http://www.slavasoft.com/fsum/ (fsum) An ADVOCATE for AutoIT Link to comment Share on other sites More sharing options...
randd Posted August 5, 2004 Share Posted August 5, 2004 Add:UnxUtils from Sourceforge.Can't go wrong with that stuff. Raoul S. Duke: Few people understand the psychology of dealing with a highway traffic cop. Your normal speeder will panic and immediately pull over to the side. This is wrong. It arouses contempt in the cop-heart. Make the bastard chase you. He will follow. Link to comment Share on other sites More sharing options...
ezzetabi Posted August 5, 2004 Share Posted August 5, 2004 www.hiddensoft.com you cant go wrong with Jon stuff. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now