Jump to content

Recommended Posts

Posted

Hi,

Today after updating the Malwarebytes database, the Malwarebytes scan showed being executed AutoIt3.exe as trojan, and deleted it at the system reboot:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.05.31.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576

..........

Processus mémoire détecté(s): 1
C:Program Files (x86)AutoIt3AutoIt3.exe (Trojan.Inject.AI) -> 820 -> Suppression au redémarrage.

 

This makes me very anxoius. Have I installed a Trojan with this marvelous package? Is there any virus, which attacks AutoIt3.exe ?

Is there any possibility to check, if really this program is/is not a trojan? Is there any signature, which allows to control if the .exe is not altered?
Only 32 bits version seems to be considered as trojan.

Any comment and help will be welcomed, as I am a bit anxious because of this detection.

Best regards

User3D

 

Posted

Did you read >this pinned thread on the GH&S forum?

My UDFs and Tutorials:

  Reveal hidden contents

 

  • Moderators
Posted

User3D,

AutoIt is quite safe - but scriptkiddies use it to write malware and so alas it often gets flagged as a problem. :(

I refer you to the pinned thread about this very thing - perhaps you might like to tell the AV producer, although from past experience that will do little good in the long term. :(

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

  Reveal hidden contents

 

Posted

Thanks MVP, I missed this thread.

I'll go through it and I'll try to submit this detection as a false one to Malwarebytes.

This detection arrived with the latest version of their database.

Bregs

Posted

Hi,

I started to look fprocedures in order to report the false detection. I checked all the scripts 32 and 64 bits I made with AutoIt (for the time being, I have only the scripts done by me + some UDF), and no thread was detected.

One of these scripts updayed Malwaredatabase nad performs the scan. It took tne next malwarebytes database - and with this database, Malwarebytes hasn't detected any thread.

The thread detected was in AutoIt3.exe and this 32 bit program was deleted. As my system is 64 bits, I do not notice any mifunctionning of autoit. The only point is that to execute 32 bit version of script, I have to compile it before.

To be honnest, I'm a little bit lost:

- none of my scripts is being considered as a thread (neither 32 nor 64 bit compiled .exe)

- I can run .au3 files using 64 bit version AutoIt3_X64.exe

- AutoIt3.exe is considered as thread

I cannot explain myself this situation. Why 32 bit compiled scripts are not considered as threads, while 32 bit AutoIt3.exe is? Why AutoIt3_X64.exe is not considered as threat while while 32 bit AutoIt3.exe is?

Brges

User3D

  • Moderators
Posted

User3D,

I suggest you ask the AV companies - they are the ones who flag AutoIt. Anyway, enough discussion of this or the Oozlum bird will get loose again. :o

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

  Reveal hidden contents

 

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...