Bluesmaster 5 Posted November 27, 2013 I discovered the tool "Win32 API Constants" from GaryFrost today, downloaded it and... tada Windows-Defender ( which never protected me from anything ) deleted it immediately. '?do=embed' frameborder='0' data-embedContent>> Virustotal discovers a unusual big bundle of trojans and malware. https://www.virustotal.com/de/file/e07b72f346035626d5ad7157e07c785db038ce681b545999534f4e2109e69d6e/analysis/1381385066/ Im sure this is a wrong diagnosis. But why so hard and why no source is shared. regards My UDF: [topic='156155']_shellExecuteHidden[/topic] Share this post Link to post Share on other sites
Jon 1,009 Posted November 27, 2013 Google flag this download every week as well. I report it as false every week but they never change it :/ Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/ Share this post Link to post Share on other sites
Jon 1,009 Posted November 27, 2013 I've unpacked the exe (removed UPX) and it doesn't seem to get flagged anymore. Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/ Share this post Link to post Share on other sites
JohnOne 1,603 Posted November 27, 2013 If I were the boss of it, UPX would not even be a standard option, it's just a pain in the arse. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Share this post Link to post Share on other sites
Melba23 3,411 Posted November 27, 2013 JohnOne,The default in the Beta and next release is NOT to use upx - so you could well be the boss and not realise it! M23 1 mLipok reacted to this Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area Share this post Link to post Share on other sites
Bluesmaster 5 Posted November 27, 2013 That is weird. Maybe one should ask GaryFrost to recompile it. regards My UDF: [topic='156155']_shellExecuteHidden[/topic] Share this post Link to post Share on other sites
JohnOne 1,603 Posted November 27, 2013 JohnOne, The default in the Beta and next release is NOT to use upx - so you could well be the boss and not realise it! M23 lol I meant remove the option altogether though, I don't really see the point of it except to have files flagged constantly by the AV plonkers. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Share this post Link to post Share on other sites
corgano 22 Posted November 27, 2013 (edited) There is still some point to it, like if want a quick script for an embedded system with limited space, but I know what you're saying. Disabled by default is definately better, the file size isn't that big to start with and there's less false flagging. Makes things easier to share Maybe there's some other compression out there we could use instead? Edited November 27, 2013 by corgano 0x616e2069646561206973206c696b652061206d616e20776974686f7574206120626f64792c20746f206669676874206f6e6520697320746f206e657665722077696e2e2e2e2e Share this post Link to post Share on other sites
