Sign in to follow this  
Followers 0
drakar

Virus inside beta version

26 posts in this topic

Posted Image

I use Auto-it beat version (autoit-v3.1.1.83-beta-Setup.exe) to create an exe and Virusscan Mcafee detect a Trojan virus in compile exe file.

Can you help me ?

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

I use Auto-it beat version (autoit-v3.1.1.83-beta-Setup.exe) to create an exe and Virusscan Mcafee detect a Trojan virus in compile exe file.

Can you help me ?

search the support forum for "trojan". You will find similar reports and maybe a workaround as well, though not sure!

Cheers

Kurt

Edited by /dev/null

__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

That the first time I see a false alarm (if any) on a compiled scipt with the beta.

Can you recreate traffic.exe and check the version you use for compilation?

I would imagine you have a real virus...

Share this post


Link to post
Share on other sites

can McAfee user verify this compile script.

just rename suppress the .txt extension.

it was compiled with the next beta I am building.

normaly identical to .84

Thanks B)

Share this post


Link to post
Share on other sites

mcafee 10 shows no threat


It is really sad to see a family torn apart by something as simple as a pack of wolves.

Share this post


Link to post
Share on other sites

McAfee VirusScan 8.0i enterprise (DAT 6411) is able to run testvirusbeta.exe no problems

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Mcafee VS Pro Version v7.03.6000 (Last Version 7) With todays update(4611) passes this file with no problems.

Edited by PaulGX

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

search the support forum for "trojan". You will find similar reports and maybe a workaround as well, though not sure!

Cheers

Kurt

I use HttpSetProxy, StringRegExp, RunWait and :

$IE=ObjCreate("InternetExplorer.Application")

$IE.Navigate("http://www.xxxxxx")

$IE.visible = $ievisible

Do

Sleep(50)

Until NOT $IE.Busy

$document = $IE.document

$form=$IE.document.forms.item("tsmess",0 )

$sujet=$form.elements ("form_id")

$sujet.value = $util

$from=$form.elements ("from")

$from.value = "trafic info"

$to=$form.elements ("submitto")

$to.value = $mail

$mess=$form.elements ("message")

$mess.value = $util

$form.submit

While ($document.readyState <> "complete") and ($document.readyState <> 4)

Sleep(100)

WEnd

$IE.quit ()

It the same at home virus detect, and I have the same version than my work Viruscan Entreprise 8i dat file 4612

Edited by drakar

Share this post


Link to post
Share on other sites

I use HttpSetProxy, StringRegExp, RunWait and :

$IE=ObjCreate("InternetExplorer.Application")

$IE.Navigate("http://www.xxxxxx")

$IE.visible = $ievisible

Do

Sleep(50)

Until NOT $IE.Busy

$document = $IE.document

$form=$IE.document.forms.item("tsmess",0 )

$sujet=$form.elements ("form_id")

$sujet.value = $util

$from=$form.elements ("from")

$from.value = "trafic info"

$to=$form.elements ("submitto")

$to.value = $mail

$mess=$form.elements ("message")

$mess.value = $util

$form.submit

While ($document.readyState <> "complete") and ($document.readyState <> 4)

Sleep(100)

WEnd

$IE.quit ()

It the same at home virus detect, and I have the same version than my work Viruscan Entreprise 8i

Try my script you can see :

trafic.exe.txt

Share this post


Link to post
Share on other sites

That the first time I see a false alarm (if any) on a compiled scipt with the beta.

Can you recreate traffic.exe and check the version you use for compilation?

I would imagine you have a real virus...

I can't create an exe, virus detect immediatly a virus. I test my computer and no virus found, only auto-it exe

Share this post


Link to post
Share on other sites

I can't create an exe, virus detect immediatly a virus. I test my computer and no virus found, only auto-it exe

It works correctly with the 3.1.1.66 beta I can compile script without problem....

Share this post


Link to post
Share on other sites

Try my script you can see :

I don't understand how you attach this file if you cannot create an compiled .exe.

Anyway the attach file can be decompile and have no virus error when scan with Symantec Antivirus.

If I am right, it was compiled with .83 beta.

I didn't execute it in case the problem comes when executed.

I don't how I can help you more.

B)

Share this post


Link to post
Share on other sites

I don't understand how you attach this file if you cannot create an compiled .exe.

Anyway the attach file can be decompile and have no virus error when scan with Symantec Antivirus.

If I am right, it was compiled with .83 beta.

I didn't execute it in case the problem comes when executed.

I don't how I can help you more.

B)

I create this file when viruscan is inactive

Share this post


Link to post
Share on other sites

I create this file when viruscan is inactive

I understand. at least my symantec say it is good without virus in.

Share this post


Link to post
Share on other sites

Have the same problem. Any compiled script (one line is enough) produces Trojan with 3.1.1.84 and down to 3.1.1.78.

Not problem with 3.1.1.0 and 3.1.1.70

The same happens with Mcafee 8.0.0 4611 and 7.0.3 4611

Share this post


Link to post
Share on other sites

Try my script you can see :

No virus detected by F-Secure. So it's most probably a false positive of McAffeeee.... Best you can do: Contact them and tell em to correct their pattern files.

Cheers

Kurt


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

...The same happens with Mcafee 8.0.0 4611 and 7.0.3 4611

For what it is worth, you can test files at some sites like http://virusscan.jotti.org/ and http://www.virustotal.com/

McAfee sig file 4612 calls:

jpm's file "no virus found"

drakar's file "Generic MSVC".

To quote jotti: "You're free to (mis)interpret these automated, flawed statistics at your own discretion."

later...


[size="1"][font="Arial"].[u].[/u][/font][/size]

Share this post


Link to post
Share on other sites

For what it is worth, you can test files at some sites like http://virusscan.jotti.org/ and http://www.virustotal.com/

McAfee sig file 4612 calls:

jpm's file "no virus found"

drakar's file "Generic MSVC".

To quote jotti: "You're free to (mis)interpret these automated, flawed statistics at your own discretion."

later...

my was generated with a pre version of 3.1.1.85 so the signature change and the antivirus does not recognize this new object so no FALSE ALARM B)

Share this post


Link to post
Share on other sites

I ran into this virus problem with McAfee VirusScan 8.0i a few days ago. Unfortunately, this was only a week after I deployed my memory resident PC inventory script to a couple of hundred workstations. Problem started with DAT update released on Monday by McAfee. I first tried using a newer beta (3.1.1.84), but that didn't help. I eventually discovered that the virus alert disappeared if I compiled the script without a custom icon. I tried a different icon as well, but that still produced the virus alert. Very strange!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0