Sign in to follow this  
Followers 0
User3D

Malwarebytes shows AutoIt as a trojan

6 posts in this topic

Hi,

Today after updating the Malwarebytes database, the Malwarebytes scan showed being executed AutoIt3.exe as trojan, and deleted it at the system reboot:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.05.31.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576

..........

Processus mémoire détecté(s): 1
C:Program Files (x86)AutoIt3AutoIt3.exe (Trojan.Inject.AI) -> 820 -> Suppression au redémarrage.

 

This makes me very anxoius. Have I installed a Trojan with this marvelous package? Is there any virus, which attacks AutoIt3.exe ?

Is there any possibility to check, if really this program is/is not a trojan? Is there any signature, which allows to control if the .exe is not altered?
Only 32 bits version seems to be considered as trojan.

Any comment and help will be welcomed, as I am a bit anxious because of this detection.

Best regards

User3D

 

Share this post


Link to post
Share on other sites



Did you read >this pinned thread on the GH&S forum?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

User3D,

AutoIt is quite safe - but scriptkiddies use it to write malware and so alas it often gets flagged as a problem. :(

I refer you to the pinned thread about this very thing - perhaps you might like to tell the AV producer, although from past experience that will do little good in the long term. :(

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

Thanks MVP, I missed this thread.

I'll go through it and I'll try to submit this detection as a false one to Malwarebytes.

This detection arrived with the latest version of their database.

Bregs

Share this post


Link to post
Share on other sites

Hi,

I started to look fprocedures in order to report the false detection. I checked all the scripts 32 and 64 bits I made with AutoIt (for the time being, I have only the scripts done by me + some UDF), and no thread was detected.

One of these scripts updayed Malwaredatabase nad performs the scan. It took tne next malwarebytes database - and with this database, Malwarebytes hasn't detected any thread.

The thread detected was in AutoIt3.exe and this 32 bit program was deleted. As my system is 64 bits, I do not notice any mifunctionning of autoit. The only point is that to execute 32 bit version of script, I have to compile it before.

To be honnest, I'm a little bit lost:

- none of my scripts is being considered as a thread (neither 32 nor 64 bit compiled .exe)

- I can run .au3 files using 64 bit version AutoIt3_X64.exe

- AutoIt3.exe is considered as thread

I cannot explain myself this situation. Why 32 bit compiled scripts are not considered as threads, while 32 bit AutoIt3.exe is? Why AutoIt3_X64.exe is not considered as threat while while 32 bit AutoIt3.exe is?

Brges

User3D

Share this post


Link to post
Share on other sites

User3D,

I suggest you ask the AV companies - they are the ones who flag AutoIt. Anyway, enough discussion of this or the Oozlum bird will get loose again. :o

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0