Jump to content
Sign in to follow this  
jiks

all Compile File is Virus !!!

Recommended Posts

jiks

hi

Please Create New Autoit Project

write in Project :

msgbox(0,0,0)

now Compile it to .exe 

u can go to this site for check file for Virus Detecet ...

http://virustotal.com

all Compiled File is Virus ....

why ?

Share this post


Link to post
Share on other sites
water

Did you read this >thread?

You need to give us more information. Which AutoIt version do you use to compile yourscript? Do you use UPX?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
orbs

@jiks,

1) testing exe's with VirusTotal is a good habit. keep up with it.

2) see the thread water linked to.

3) it is possible that the exe is infected because your computer is infected. are you sure you are clean? what AV are you using? 

4) since the au3 code is basically stored as text in the exe, what triggers the AV engines is the AutoIt engine, so basically it makes very little difference what is the au3 code you compile.

5) i reproduced you test:

default compiler settings:

https://www.virustotal.com/en/file/7338b6828d47e24cb4f971bc727323ee2dd980d21160dd1d8eb6bb2b214ebbb4/analysis/1376380149/

UPX disabled:

https://www.virustotal.com/en/file/f15eb01b0f36bdcce6f10b12211767f3c2d8772f68838c49458ae12e02540c5e/analysis/1376380323/

2/45 is clean. if it was infected, the result would be around 40/45.

side note: what is bothering is that one of the false positives comes from McAfee (gateway heuristics). however, i bet you Obama's paycheck that this will be changed in one of the upcoming updates, these things tend to be random.

6) please link to your test results page in VirusTotal.

Share this post


Link to post
Share on other sites
FireFox

If you really want a result of 0/45, compile it with the latest beta.

  • Like 1

 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
orbs

If you really want a result of 0/45, compile it with the latest beta.

why is that?

Share this post


Link to post
Share on other sites
FireFox

The internal structure is not yet known by the AV to analyze it (this is a personal deduction and I may be wrong and I hope someone to correct me :) )


 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
Mobius

The internal structure is not yet known by the AV to analyze it (this is a personal deduction and I may be wrong and I hope someone to correct me :) )

I think it's because the betas are in a state of change so few if any are writing malicious applications with them.

Sadly I think all this will change once a stable version is released, but for now armored or unarmored beta standalones cause very few false positives.

Ed: I wouldn't start telling people to not use older au3 versions simply because of crummy Av flags.

Edited by Mobius

Share this post


Link to post
Share on other sites
Melba23

Hi,

I think the Oozlum bird has had its exercise for the day and vanished up its own fundament as usual. :D

M23

  • Like 1

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×