Sign in to follow this  
Followers 0
CatKaiser

How to trace origin of autoit

4 posts in this topic

Good day,

I happen to find myself some virus like script named trojan-dropper.win32.autoit

From what I've found on the net, it's a script written on autoit. The problem is that my computer is not infected by it, however every couple of hours my antivirus finds some infected files on my external hdd like calculator.exe and others which he deletes.

So my question is how can I trace the origin of the script that creates these files, and how to trace the origin of the place this script starts from.

Thanks is advance.

Share this post


Link to post
Share on other sites



CatKaiser,

Welcome to the AutoIt forum. :)

I am sorry that your first contact with AutoIt has been in such unpleasant circumstances. However, AutoIt itself is not a virus - however some AV companies flag compiled AutoIt executables as such. This is because every compiled AutoIt executable uses the same interpreter stub to run - so when someone does write malware in AutoIt they also implicate every other AutoIt script. Alas there is nothing that we can do about it - we have repeatedly informed the AV companies of this problem but they still flag AutoIt on occasion. :(

As AutoIt is widely used I am afraid there is no way that you can trace the origins of this script unless you are very lucky. All I can do is suggest that you use reputable AV software to prevent future infections. Bear in mind that all languages can produce malware - so please do not blame AutoIt itself. As you can see from the Forum rules (there is also a link at bottom right of each page) we do not support the coding of malware with AutoIt on this forum - but unfortunately we cannot prevent others from misusing it. However, I believe that that the good uses of AutoIt far outweigh the bad - even if that is small comfort to you. ;)

I hope that is a good enough explanation. :)

M23

1 person likes this

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

Thank you for the reply. I lost my trust in the AV program, as soon as after deleting it with kaspersky it showed up again few hours later. I wanted to trace it down on my pc manually and remove anything related to it. Personally I have nothign against autoit, however the virus title got autoit in it, so i thought maybe there is a way to remove it from the inside.

Share this post


Link to post
Share on other sites

CatKaiser,

That name is just a generic one chosen by the AV company - it is not related to any particular script.

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0