User3D Posted May 31, 2013 Posted May 31, 2013 Hi, Today after updating the Malwarebytes database, the Malwarebytes scan showed being executed AutoIt3.exe as trojan, and deleted it at the system reboot: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Version de la base de données: v2013.05.31.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 .......... Processus mémoire détecté(s): 1 C:Program Files (x86)AutoIt3AutoIt3.exe (Trojan.Inject.AI) -> 820 -> Suppression au redémarrage. This makes me very anxoius. Have I installed a Trojan with this marvelous package? Is there any virus, which attacks AutoIt3.exe ? Is there any possibility to check, if really this program is/is not a trojan? Is there any signature, which allows to control if the .exe is not altered? Only 32 bits version seems to be considered as trojan. Any comment and help will be welcomed, as I am a bit anxious because of this detection. Best regards User3D
water Posted May 31, 2013 Posted May 31, 2013 Did you read >this pinned thread on the GH&S forum? My UDFs and Tutorials: Reveal hidden contents UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
Moderators Melba23 Posted May 31, 2013 Moderators Posted May 31, 2013 User3D,AutoIt is quite safe - but scriptkiddies use it to write malware and so alas it often gets flagged as a problem. I refer you to the pinned thread about this very thing - perhaps you might like to tell the AV producer, although from past experience that will do little good in the long term. M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Reveal hidden contents ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area
User3D Posted May 31, 2013 Author Posted May 31, 2013 Thanks MVP, I missed this thread. I'll go through it and I'll try to submit this detection as a false one to Malwarebytes. This detection arrived with the latest version of their database. Bregs
User3D Posted May 31, 2013 Author Posted May 31, 2013 Hi, I started to look fprocedures in order to report the false detection. I checked all the scripts 32 and 64 bits I made with AutoIt (for the time being, I have only the scripts done by me + some UDF), and no thread was detected. One of these scripts updayed Malwaredatabase nad performs the scan. It took tne next malwarebytes database - and with this database, Malwarebytes hasn't detected any thread. The thread detected was in AutoIt3.exe and this 32 bit program was deleted. As my system is 64 bits, I do not notice any mifunctionning of autoit. The only point is that to execute 32 bit version of script, I have to compile it before. To be honnest, I'm a little bit lost: - none of my scripts is being considered as a thread (neither 32 nor 64 bit compiled .exe) - I can run .au3 files using 64 bit version AutoIt3_X64.exe - AutoIt3.exe is considered as thread I cannot explain myself this situation. Why 32 bit compiled scripts are not considered as threads, while 32 bit AutoIt3.exe is? Why AutoIt3_X64.exe is not considered as threat while while 32 bit AutoIt3.exe is? Brges User3D
Moderators Melba23 Posted May 31, 2013 Moderators Posted May 31, 2013 User3D,I suggest you ask the AV companies - they are the ones who flag AutoIt. Anyway, enough discussion of this or the Oozlum bird will get loose again. M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Reveal hidden contents ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area
Recommended Posts