Sign in to follow this  
Followers 0
Blinky

Script detected as virus

5 posts in this topic

#1 ·  Posted (edited)

Hi! I've been working on a TCP multiclient chat and at some poin in the development it started to be detected as a virus. i don't realy know what to do to make it work. Please help if you know what's hapening.

here is the code for the client sorry if it's a mess but in my defence i wrote it in 2 days so i'm glad it works

i'll keep the server on for those who want to test it

#NoTrayIcon
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <GuiListView.au3>
#include <Sound.au3>
#include <EditConstants.au3>
#include <WindowsConstants.au3>
#include <GuiEdit.au3>
#include <GuiTab.au3>

Global $sound=_SoundOpen(@WindowsDir&"/media/notify.wav")
Global $flash=0, $Loginname, $ulist, $DBLCLKindex
Global $ipn="no.better-than.tv", $selvar=-8
Global $cw[15][5], $privartestartnamestatus, $privartestartname
Global $xg=500, $yg=500, $hiw=100, $tabslist[20][7]

GUIRegisterMsg($WM_NOTIFY, "WM_NOTIFY")

TCPStartup()

$lg=GUICreate("Log IN",170,70)
GUICtrlCreateLabel("Name",10,10,50,20)
$ni=GUICtrlCreateInput("",60,10,100,20)
$lbut=GUICtrlCreateButton("Login",10,40,150,20,$BS_DEFPUSHBUTTON)
GUISetState()
While 1
    $ms=GUIGetMsg()
    If $ms=$lbut Then
        $ip=TCPNameToIP($ipn)
        $Loginname=GUICtrlRead($ni)
        $iMainSocket = TCPConnect($ip, 34567)
        If @error Then
            MsgBox(0x20, "CWI", "Unable to connect to server")
            Exit
        EndIf
        TCPSend($iMainSocket,"Login####"&$Loginname)
        GUIDelete($lg)
        ExitLoop
    EndIf
    if $ms=$GUI_EVENT_CLOSE Then
        TCPShutdown()
        Exit
    EndIf
WEnd


$gui=GUICreate("CWI",$xg,$yg)
$file_menu=GUICtrlCreateMenu("File")
$file_update_menu=GUICtrlCreateMenuItem("Update",$file_menu)
$file_exit_menu=GUICtrlCreateMenuItem("Exit",$file_menu)

$tabs=GUICtrlCreateTab(1,0,$xg,$yg-20)
$maintab=GUICtrlCreateTabItem("Cwi-Chat")
$edit=GUICtrlCreateEdit("",10,30,$xg-115,$yg-140,$ES_READONLY + $WS_VSCROLL,$WS_EX_STATICEDGE)
GUICtrlSetState(-1, $GUI_SHOW)
_GUICtrlEdit_SetMargins($Edit, BitOR($EC_LEFTMARGIN, $EC_RIGHTMARGIN), 10, 10)
GUICtrlSetFont(-1,10,600)
GUICtrlSetColor(-1,0x2222ff)
$ulist=GUICtrlCreateListView("Online Users",$xg-100,30,90,$yg-140)
    GUICtrlSetState(-1, $GUI_SHOW)
$cm=GUICtrlCreateContextMenu($ulist)
    GUICtrlSetState(-1, $GUI_SHOW)
$openprivate=GUICtrlCreateMenuItem("Private Msg",$cm)
    GUICtrlSetState(-1, $GUI_SHOW)
$inp=GUICtrlCreateInput("",10,$yg-100,$xg-115,70)
    GUICtrlSetState(-1, $GUI_SHOW)
$sbut=GUICtrlCreateButton("SEND",$xg-95,$yg-100,85,70,$BS_DEFPUSHBUTTON)
    GUICtrlSetState(-1, $GUI_SHOW)

GUISetState()

 edit_append($edit,"Connected to server",0)
While 1
        $msg=GUIGetMsg()
        $sNewData = TCPRecv($iMainSocket, 2048)
            If @error Then
                 edit_append($edit,"Disconected from server; will exit in 10 s",0)
                Sleep(10000)
                Exit
            ElseIf $sNewData Then
                $split_new_data = StringSplit($sNewData, "####",1)
                $request=$split_new_data[1]
                    Switch $request
                        Case "Sys"
                             edit_append($edit,$split_new_data[2], 0)
                        Case "Chat"
                             edit_append($edit,$split_new_data[2], 1)
                            If Not WinActive("[TITLE:CWI]") Then
                            _SoundPlay($sound,0)
                            $flash = 1
                            EndIf
                        Case "Upgrade"
                            upgrade($split_new_data[2])
                        Case "Userlist"
                            $o_users=StringSplit($split_new_data[2], ",",1)
                            $list=StringReplace($split_new_data[2],",","|")
                            _GUICtrlListView_DeleteAllItems(GUICtrlGetHandle($ulist))
                            For $z=1 to $o_users[0]
                                GUICtrlCreateListViewItem($o_users[$z],$ulist)
                            Next
                            $lval=1
                        Case "Privat"
                            $getPrivat=StringSplit($split_new_data[2], "@@@",1)
                            While 1
                                For $x=0 To 19
                                    If $tabslist[$x][1]=$getPrivat[1] Then
                                         edit_append($tabslist[$x][2],$getPrivat[1] & " > " & $getPrivat[2])
                                        $search="TRUE"
                                        ExitLoop
                                    EndIf
                                    $search="FALSE"
                                Next
                                If $search="FALSE" Then
                                    Tabs_op("+",$getPrivat[1],0)
                                EndIf
                                If $search="TRUE" Then ExitLoop
                            WEnd
                        Case "User"
                            $get_op=StringSplit($split_new_data[2],"@@@",1)
                            If $get_op[2] = 0 Then
                                For $x=0 To 19
                                    If $tabslist[$x][1]=$get_op[1] Then
                                         edit_append($tabslist[$x][2],"User Offline")
                                        status_set($x,0)
                                        ExitLoop
                                    EndIf
                                Next
                                 edit_append($edit,$get_op[3]&$get_op[1], 0)
                            EndIf
                            If $get_op[2] = 1 Then
                                For $x=0 To 19
                                    If $tabslist[$x][1]=$get_op[1] Then
                                         edit_append($tabslist[$x][2],"User Online",0)
                                        status_set($x,1)
                                        ExitLoop
                                    EndIf
                                Next
                                 edit_append($edit,$get_op[3]&$get_op[1], 0)
                            EndIf
                    EndSwitch
                EndIf
        if $msg=$GUI_EVENT_CLOSE Then
            TCPSend($iMainSocket,"Logout####Droped")
            Sleep(200)
            TCPShutdown()
            Exit
        EndIf
        if $msg=$sbut Then
            $data=GUICtrlRead($inp)
            TCPSend($iMainSocket,"Chat####"&$data)
            If @error Then MsgBox(0,"","ERROR")
            GUICtrlSetData($inp,"")
        EndIf

        if $msg=$file_update_menu Then TCPSend($iMainSocket,"Upgrade####list")

        if $msg=$openprivate And $Loginname<>$privartestartnamestatus then Tabs_op("+",$privartestartnamestatus)

        For $x=0 To 19
            If $msg=$tabslist[$x][5] And $tabslist[$x][0]<>-1 Then
                $data=GUICtrlRead($tabslist[$x][3])
                TCPSend($iMainSocket,"Privat####"&$tabslist[$x][1]&"@@@"&$data)
                If @error Then MsgBox(0,"","ERROR")
                GUICtrlSetData($tabslist[$x][3],"")
                 edit_append($tabslist[$x][2],$Loginname & " > " & $data)
            EndIf
            If $msg=$tabslist[$x][6] And $tabslist[$x][0]<>-1  Then Tabs_op("-",$tabslist[$x][1])
        Next

        If WinActive("[TITLE:CWI]") Then
            $winactive=1
            $flash=0
        Else
            $winactive=0
        EndIf
        If $flash=1 and $winactive=0 Then
            WinFlash("[TITLE:CWI]","",2,300)
        EndIf
        $selectedtab=_GUICtrlTab_GetCurSel($tabs)
        If $selvar<>$selectedtab Then
;~          MsgBox(0,"",$selectedtab)
            $selvar=$selectedtab
            $selectedtext=_GUICtrlTab_GetItemText($tabs,$selectedtab)
            If $selectedtext="Cwi-Chat" Then
                GUICtrlSetState($sbut,$GUI_FOCUS)
            Else
                GUICtrlSetState($sbut,$GUI_NOFOCUS)
            EndIf

            For $x=0 to 19
                If $tabslist[$x][0]<>-1 Then ContinueLoop
                If $selectedtext=$tabslist[$x][1] Then
                    GUICtrlSetState($tabslist[$x][5],$GUI_FOCUS)

                Else
                    GUICtrlSetState($tabslist[$x][5],$GUI_NOFOCUS)
                EndIf
            Next
        EndIf
    Sleep(10)
WEnd

Func edit_append($edithndl, $bla , $prefixstamp = 1 , $stamp="")

    $Timestamp = String(@hour & ":" & @MIN & " > ")
    If $prefixstamp= 2 then _GUICtrlEdit_AppendText($edithndl,$stamp & $bla &@CRLF)
    If $prefixstamp= 1 then _GUICtrlEdit_AppendText($edithndl,$Timestamp & $bla&@CRLF)
    If $prefixstamp= 0 then _GUICtrlEdit_AppendText($edithndl,$bla&@CRLF)
EndFunc

Func upgrade($itms)
    If FileExists("update.exe") Then
    $file=FileOpen("Update.txt",2)
    FileWriteLine($file,$itms)
    FileClose($file)
    TCPSend($iMainSocket,"Logout####for update")
    Sleep(200)
    TCPCloseSocket($iMainSocket)
    TCPShutdown()
    Run("Update.exe")
    Exit
    EndIf
EndFunc

Func Tabs_op($op,$tabname="test",$param1=1)
If $op="+" Then
    If _GUICtrlTab_FindTab($tabs,$tabname)<>-1 And $param1=1 Then
    _GUICtrlTab_ActivateTab($tabs,_GUICtrlTab_FindTab($tabs,$tabname))
    Else
    For $ct1 = 0 To 19
        If $tabslist[$ct1][0]<>-1 Then ContinueLoop
        $tabslist[$ct1][0]=GUICtrlCreateTabItem($tabname)
        $tabslist[$ct1][6]=GUICtrlCreateButton ( "X",$xg-20,30,15,15 )
        GUICtrlSetBkColor(-1,0xFF0000)
        GUICtrlSetColor(-1,0xFFFFFF)
        $tabslist[$ct1][1]=$tabname
        $tabslist[$ct1][2]=GUICtrlCreateEdit("",10,30,$xg-115,$yg-140,$ES_READONLY + $WS_VSCROLL,$WS_EX_STATICEDGE)
        $tabslist[$ct1][3]=GUICtrlCreateInput("",10,$yg-100,$xg-115,70)
        $tabslist[$ct1][4]=GUICtrlCreateLabel("STATUS",$xg-95,($yg-90)/2,70,70)
        GUICtrlSetColor(-1,0xFF00FF)
        $tabslist[$ct1][5]=GUICtrlCreateButton("SEND",$xg-95,$yg-100,85,70,$BS_DEFPUSHBUTTON)
        GUICtrlCreateTabItem("")
        status_set($ct1,1)
        ExitLoop
    Next
    EndIf
EndIf

If $op="-" Then
    For $x=0 To 19
        If $tabslist[$x][1]<>$tabname Or $tabslist[$x][0]=-1  Then ContinueLoop
        GUICtrlDelete($tabslist[$x][2])
        GUICtrlDelete($tabslist[$x][3])
        GUICtrlDelete($tabslist[$x][4])
        GUICtrlDelete($tabslist[$x][5])
        GUICtrlDelete($tabslist[$x][0])
        GUICtrlDelete($tabslist[$x][6])
        $tabslist[$x][0]=-1
        $tabslist[$x][1]=""
    Next
EndIf
EndFunc


Func WM_NOTIFY($hWnd, $iMsg, $iwParam, $ilParam)
    #forceref $hWnd, $iMsg, $iwParam
    Local $hWndFrom, $iIDFrom, $iCode, $tNMHDR, $hWndListView, $tInfo
    $hWndListView = $ulist
    If Not IsHWnd($ulist) Then $hWndListView = GUICtrlGetHandle($ulist)
    $tNMHDR = DllStructCreate($tagNMHDR, $ilParam)
    $hWndFrom = HWnd(DllStructGetData($tNMHDR, "hWndFrom"))
    $iCode = DllStructGetData($tNMHDR, "Code")
    Switch $hWndFrom
        Case $hWndListView
            Switch $iCode
                Case $NM_DBLCLK
                    $tInfo = DllStructCreate($tagNMITEMACTIVATE, $ilParam)
                    $DBLCLKindex=DllStructGetData($tInfo, "Index")
                    $privartestartname=_GUICtrlListView_GetItemText($hWndListView, $DBLCLKindex)
                    If $Loginname<>$privartestartname Then Tabs_op("+",$privartestartname)
            EndSwitch
    EndSwitch
    Return $GUI_RUNDEFMSG
EndFunc


Func status_set($labelHnd,$param1=-1)
    If $param1=1 Then
        GUICtrlSetData($tabslist[$labelHnd][4],"User"&@CRLF&"ONLINE")
        GUICtrlSetColor($tabslist[$labelHnd][4],0x00FF00)
        GUICtrlSetState($tabslist[$labelHnd][3],$GUI_ENABLE)
        GUICtrlSetState($tabslist[$labelHnd][5],$GUI_ENABLE)
    EndIf
    If $param1=0 Then
        GUICtrlSetData($tabslist[$labelHnd][4],"User"&@CRLF&"OFFLINE")
        GUICtrlSetColor($tabslist[$labelHnd][4],0xFF0000)
        GUICtrlSetState($tabslist[$labelHnd][3],$GUI_DISABLE)
        GUICtrlSetState($tabslist[$labelHnd][5],$GUI_DISABLE)
    EndIf
EndFunc

thx

Edited by Blinky

Share this post


Link to post
Share on other sites



Best thing you can do is report the file to your Antivirus company / provider as a false positive.

Share this post


Link to post
Share on other sites

@czardas

I'll try that thx!

Share this post


Link to post
Share on other sites

Please search the forum for this subject. There are a lot of threads on this issue.

There is even a pinned in the General help & Support thread: title="Are my AutoIt EXEs really infected? - started 17 October 2006 - 05:22 PM"> Are my AutoIt EXEs really infected?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Hi,

I see that dratted bird is out again. ;)

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Similar Content

    • zxtnt09
      By zxtnt09
      Hi guys,
      i was use this : 

      On vps , but i can not connect to that,
      i don't know how can i do 
    • Alexxander
      By Alexxander
      Today i installed the latest v3.3.14.0
      after a clean windows install ,during the installation of autoit  my eset nod found a virus in
      C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
      here is the online scan
      https://www.virustotal.com/en/file/b25d575ebd36301b0e12940f01d53a922148d1471f832aeb327d1e78741d7f31/analysis/
      i believe this is a false positive, but we need a prove , then we could fix this
      this is the first time my AV find a virus in autoit, i had been using autoit and eset fro more than 3 years , any one had the same issue ?
    • Manko
      By Manko
      Know your system!
      Prod your system for unwanted code! (virus/malware)
      Please report bugs/requests/criticism or whatever!

      ProDLLer v0.503
      Update: 23rd of October 2011
      ProDLLer.rar
      Earlier versions downloaded: 2726 times.


      Most Recent changes... ; 0.503 ; Fixed: Don't leave icon in tray when leaving, XP/7. ; Fixed: Don't leave them after crash either. ; Added: Don't allow shutdown or standby while ProDLLing in XP, Thanks to Prog@ndy. Vista/7, dont alow shutdown. ; Added: Don't let ProDLLer be put to sleep by idletimers in xp/vista/7. ; Fixed: Lockup when returning from sleep in vista/7, . (if "Noprocs" running then disable "noprocs" and resume all procs.) ; Change: No suspending of "theme"-service in XP. On crash, just resume all processes... like we have to in vista/7... ; 0.502 ; Fixed: Gui-problem fixed by BeginPaint/endpaint... tested on win7 ; Fixed: "Crashnet" and SuspendAll. In the unlikely event that this happens. All procs will be resumed on vist and win7. ; Fixed: Fixed false positives in SSDTshadow on vista/win7. ; 0.501 ; Added: SSDTshadow - not complete, but fully functional. = lacking names. (Logic is painful; need to guard against faults...) ; Fixed: Lockup in crashnet if "Services.exe" and "System" is suspended. Just resume them... You can suspend again... ; Fixed: Further lockups, same, to do with themes and "lsass.exe"... ; 0.500 ; Added: Startup-killing... to take a load off the GUI... it will ask... ; Fixed: Slowdown because I accidentaly changed ProDLLer to itterate processes every second... ; Fixed: Process-CPU-utilization. Movement of abandoned children... I cheat. Just load up new list... ; Fixed: Got rid of the Adlib. There were too many possible problems... ; Fixed: CPU-load. Is again aligned... ; 0.499 ; Added: If over 16 procs start from 1 sec to another or if a total of 40 procs have started; "NoProcsAllowed" is activated. ; Added: Crash-recovery... Just start a new instance of ProDLLer... :) ; Change: No loading of moduleinfo at start. ; Added: Refresh moduleinfo when we need it. KINDA CLUNKY SINCE I ITERATE ALL OF THEM, RIGHT NOW.... ; Added: On start of app. Disallow new procs. "NoProcsAllowed" is activated. ; Fixed: A number of bugs that crash Prodller if insane amounts of processes start and stop... ; 0.498 ; Fixed: "KernelNot.". When disabling callbacks; adjacent CBs of same type would sometimes vanish. Famous anti-rootkit had same faulty behavior. ; 0.497 ; Fixed: Lockup when suspending some procs during modules-itteration. Context-menu disabled during itteration. ; Fixed: Lockup after thread-view due to excessive killing of already terminated security-threads... Now checking IF it needs killing... ; Fixed: Lockup when trying to change state of services while it is already working with your earlier request. Disable display. Thanks for functions:

      Thanks to "Smoke_N" for his "_ProcessListModules()"! Apparently i borrowed it a looooong time ago.
      Thanks to "Engine" for his GREAT "Windows Services UDF"!!!
      Thanks to JScript, Larry, SmOke_N, mrRevoked for _ProcessGetPath. I used this because I'm too lazy to do one myself.

      Special thanks to:

      Thanks to wraithdu for help and support!
      Thanks to Ascend4nt for support and friendship!
      Thanks to trancexx for good talks and friendship!

      Thanks also to this great community! I really feel empowered!

      /Manko [EDIT: New version.]