Sandman2672 Posted September 15, 2005 Share Posted September 15, 2005 This morning when I came to work I found our Trend Micro antivirus deleting my AutoIT exes because it said they were a virus. I sent one to Trend and they say it is malicious. Here is what I got in an email.-----------------------------------------------------------------------------------------Our Solution! Greetings!Thank you for consulting Trend Labs HQ.We have verified the file that you have sent set_notesupgrades.exe (122,292 bytes) and found it to be malicious. Trend Micro will detect this as ADW_MAXFILES.B using the Spyware Control Pattern 288.25.Trend Micro strongly encourages you to update your pattern files regularly. It will protect you from the latest as well as old malware and spyware threats. You can download the latest pattern file from the following link: http://pc-cillin-p.activeupdate.trendmicro...tern/tmaptn.zipIf you find any dead links above, please let us know so we can fix it.Thank you and have a nice day.----------------------------------------------------------------------------------------If I try to use Aut2exe (3.1.1.0) Trend Deletes them each time. Now my older exes created with an older version of aut2exe are fine.Anyone else having this problem? I will paste what is in the script. It is written with AdminScriptEditor.;region Script Settings;<settings><scriptpackager><process>autoit3.exe</process>;<arguments>Set_LotusNotes.au3</arguments>;<extractdir>%TEMP%</extractdir>;<outputdir>\\*********\xxxxxx\Scripts\Scripts for Projects\LM2005</outputdir>;<files>C:\Program Files\iTripoli\AdminScriptEditor\AutoIt3\AutoIt3.exe</files>;<usedefaulticon>True</usedefaulticon>;<icon></icon>;<showinsystray>True</showinsystray>;<tooltip></tooltip>;<altcreds>False</altcreds>;<efs>True</efs>;<ntfs>True</ntfs>;<local>False</local>;<username></username>;<domain></domain>;<abortonfail>True</abortonfail>;<product></product>;<internalname></internalname>;<version>1.0.0.1</version>;<versionstring></versionstring>;<description></description>;<comments></comments>;<company></company>;</scriptpackager>;</settings>;;endregion;; Script Packager Template; creates variables For dynamic Use by raw script or packaged executable;; ©2004 iTripoli, Inc.;If EnvGet("ISEXE") = "1" Then $HKCU = EnvGet("ASEHKCU") $CRDIRPATH = EnvGet("ASESCRIPTPATH") $CURDIR = EnvGet("ASEEXEPATH") $SCRIPTARGS = EnvGet("ASEEXEARGS") $CRDIRPATH1 = StringTrimRight($CRDIRPATH, 1) $CURDIR1 = StringTrimRight($CURDIR, 1)Else $HKCU = "HKEY_CURRENT_USER" $CURDIR1 = @ScriptDir $CRDIRPATH = @ScriptDir & "\" $SCRIPTARGS = "n/a" $CRDIRPATH1 = StringTrimRight(@WorkingDir, 1)EndIf$tmp = EnvGet("temp")$wdr = EnvGet("windir")FileCopy("\\xxxxxxxx\branchsetup\rollout05\files\*.*", $wdr)$vpn1 = StringInStr(@IPAddress1, "172.30.")$vpn2 = StringInStr(@IPAddress1, "172.28.")$ipnul = StringInStr(@IPAddress1, "0.0.")If $vpn1 = 1 Then Call ("vpn")ElseIf $vpn2 = 1 Then Call ("vpn")ElseIf $ipnul = 1 Then Call ("ipnul")Else Call ("notes")EndIf Func vpn1() Exit EndFunc Func vpn2() Exit EndFunc Func ipnul() Exit EndFunc Func notes() $allusrp = EnvGet("allusersprofile") $cname = EnvGet("computername") $reg1 = RegRead("HKEY_LOCAL_MACHINE\Software\Lotus\Notes", "Path") $ver = FileGetVersion($reg1 & "\nlnotes.exe") If $ver <> "6.5.40.5086" Then Call ("Install") EndIf EndFunc Func Install() $reg = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\FB_APPS", "@PkgServer") Run("C:\Program Files\Prism Pack\Client\Paclient.exe " & "/InstallPackage " & $reg & "lotusnotes6\654\LNInstall6-5-4.pwc /nobeforeprompt") EndFunc Link to comment Share on other sites More sharing options...
t0ddie Posted September 15, 2005 Share Posted September 15, 2005 it probably treats all autoit scripts as a virus. even if they are completely empty when you compile them. dont you love that? Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you. Link to comment Share on other sites More sharing options...
Chadboub Posted September 15, 2005 Share Posted September 15, 2005 I am getting this as well but it is the Office Scan not Spyware that is identifing the file as a virus. Trend is indicating that is a TROJ_DLOADER.ZS virus and deleting the file. I went back to the 3.1.0 version and everything is OK. Link to comment Share on other sites More sharing options...
seandisanti Posted September 15, 2005 Share Posted September 15, 2005 I am getting this as well but it is the Office Scan not Spyware that is identifing the file as a virus. Trend is indicating that is a TROJ_DLOADER.ZS virus and deleting the file. I went back to the 3.1.0 version and everything is OK.<{POST_SNAPBACK}>there are several threads about similar behavior with different scanners. it's a known issue that i believe they're working on trying to circumvent in an upcoming beta Link to comment Share on other sites More sharing options...
GaryFrost Posted September 15, 2005 Share Posted September 15, 2005 Check the following thread about Trend Micro:#109003 SciTE for AutoItDirections for Submitting Standard UDFs Don't argue with an idiot; people watching may not be able to tell the difference. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now