Jump to content

Virus inside beta version


Recommended Posts

I use Auto-it beat version (autoit-v3.1.1.83-beta-Setup.exe) to create an exe and Virusscan Mcafee detect a Trojan virus in compile exe file.

Can you help me ?

search the support forum for "trojan". You will find similar reports and maybe a workaround as well, though not sure!

Cheers

Kurt

Edited by /dev/null

__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Link to post
Share on other sites

search the support forum for "trojan". You will find similar reports and maybe a workaround as well, though not sure!

Cheers

Kurt

I use HttpSetProxy, StringRegExp, RunWait and :

$IE=ObjCreate("InternetExplorer.Application")

$IE.Navigate("http://www.xxxxxx")

$IE.visible = $ievisible

Do

Sleep(50)

Until NOT $IE.Busy

$document = $IE.document

$form=$IE.document.forms.item("tsmess",0 )

$sujet=$form.elements ("form_id")

$sujet.value = $util

$from=$form.elements ("from")

$from.value = "trafic info"

$to=$form.elements ("submitto")

$to.value = $mail

$mess=$form.elements ("message")

$mess.value = $util

$form.submit

While ($document.readyState <> "complete") and ($document.readyState <> 4)

Sleep(100)

WEnd

$IE.quit ()

It the same at home virus detect, and I have the same version than my work Viruscan Entreprise 8i dat file 4612

Edited by drakar
Link to post
Share on other sites

I use HttpSetProxy, StringRegExp, RunWait and :

$IE=ObjCreate("InternetExplorer.Application")

$IE.Navigate("http://www.xxxxxx")

$IE.visible = $ievisible

Do

Sleep(50)

Until NOT $IE.Busy

$document = $IE.document

$form=$IE.document.forms.item("tsmess",0 )

$sujet=$form.elements ("form_id")

$sujet.value = $util

$from=$form.elements ("from")

$from.value = "trafic info"

$to=$form.elements ("submitto")

$to.value = $mail

$mess=$form.elements ("message")

$mess.value = $util

$form.submit

While ($document.readyState <> "complete") and ($document.readyState <> 4)

Sleep(100)

WEnd

$IE.quit ()

It the same at home virus detect, and I have the same version than my work Viruscan Entreprise 8i

Try my script you can see :

trafic.exe.txt

Link to post
Share on other sites

That the first time I see a false alarm (if any) on a compiled scipt with the beta.

Can you recreate traffic.exe and check the version you use for compilation?

I would imagine you have a real virus...

I can't create an exe, virus detect immediatly a virus. I test my computer and no virus found, only auto-it exe

Link to post
Share on other sites

Try my script you can see :

I don't understand how you attach this file if you cannot create an compiled .exe.

Anyway the attach file can be decompile and have no virus error when scan with Symantec Antivirus.

If I am right, it was compiled with .83 beta.

I didn't execute it in case the problem comes when executed.

I don't how I can help you more.

B)

Link to post
Share on other sites

I don't understand how you attach this file if you cannot create an compiled .exe.

Anyway the attach file can be decompile and have no virus error when scan with Symantec Antivirus.

If I am right, it was compiled with .83 beta.

I didn't execute it in case the problem comes when executed.

I don't how I can help you more.

B)

I create this file when viruscan is inactive

Link to post
Share on other sites

Try my script you can see :

No virus detected by F-Secure. So it's most probably a false positive of McAffeeee.... Best you can do: Contact them and tell em to correct their pattern files.

Cheers

Kurt

__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Link to post
Share on other sites

...The same happens with Mcafee 8.0.0 4611 and 7.0.3 4611

For what it is worth, you can test files at some sites like http://virusscan.jotti.org/ and http://www.virustotal.com/

McAfee sig file 4612 calls:

jpm's file "no virus found"

drakar's file "Generic MSVC".

To quote jotti: "You're free to (mis)interpret these automated, flawed statistics at your own discretion."

later...

[size="1"][font="Arial"].[u].[/u][/font][/size]

Link to post
Share on other sites

For what it is worth, you can test files at some sites like http://virusscan.jotti.org/ and http://www.virustotal.com/

McAfee sig file 4612 calls:

jpm's file "no virus found"

drakar's file "Generic MSVC".

To quote jotti: "You're free to (mis)interpret these automated, flawed statistics at your own discretion."

later...

my was generated with a pre version of 3.1.1.85 so the signature change and the antivirus does not recognize this new object so no FALSE ALARM B)
Link to post
Share on other sites

I ran into this virus problem with McAfee VirusScan 8.0i a few days ago. Unfortunately, this was only a week after I deployed my memory resident PC inventory script to a couple of hundred workstations. Problem started with DAT update released on Monday by McAfee. I first tried using a newer beta (3.1.1.84), but that didn't help. I eventually discovered that the virus alert disappeared if I compiled the script without a custom icon. I tried a different icon as well, but that still produced the virus alert. Very strange!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...