drakar Posted October 25, 2005 Share Posted October 25, 2005 I use Auto-it beat version (autoit-v3.1.1.83-beta-Setup.exe) to create an exe and Virusscan Mcafee detect a Trojan virus in compile exe file.Can you help me ? Link to comment Share on other sites More sharing options...
/dev/null Posted October 25, 2005 Share Posted October 25, 2005 (edited) I use Auto-it beat version (autoit-v3.1.1.83-beta-Setup.exe) to create an exe and Virusscan Mcafee detect a Trojan virus in compile exe file.Can you help me ?search the support forum for "trojan". You will find similar reports and maybe a workaround as well, though not sure!CheersKurt Edited October 25, 2005 by /dev/null __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
Nuffilein805 Posted October 25, 2005 Share Posted October 25, 2005 did you use tcp/udp-commands? i never had that kind of problems, but i can imagine that your virusscan can make problems if your using tcp/udp my little chatmy little encryption toolmy little hidermy unsafe clickbot Link to comment Share on other sites More sharing options...
jpm Posted October 25, 2005 Share Posted October 25, 2005 That the first time I see a false alarm (if any) on a compiled scipt with the beta. Can you recreate traffic.exe and check the version you use for compilation? I would imagine you have a real virus... Link to comment Share on other sites More sharing options...
jpm Posted October 25, 2005 Share Posted October 25, 2005 can McAfee user verify this compile script. just rename suppress the .txt extension. it was compiled with the next beta I am building. normaly identical to .84 Thanks Link to comment Share on other sites More sharing options...
random667 Posted October 25, 2005 Share Posted October 25, 2005 mcafee 10 shows no threat It is really sad to see a family torn apart by something as simple as a pack of wolves. Link to comment Share on other sites More sharing options...
datskat Posted October 25, 2005 Share Posted October 25, 2005 McAfee VirusScan 8.0i enterprise (DAT 6411) is able to run testvirusbeta.exe no problems Link to comment Share on other sites More sharing options...
PaulDG Posted October 25, 2005 Share Posted October 25, 2005 (edited) Mcafee VS Pro Version v7.03.6000 (Last Version 7) With todays update(4611) passes this file with no problems. Edited October 25, 2005 by PaulGX Link to comment Share on other sites More sharing options...
drakar Posted October 25, 2005 Author Share Posted October 25, 2005 (edited) search the support forum for "trojan". You will find similar reports and maybe a workaround as well, though not sure!CheersKurtI use HttpSetProxy, StringRegExp, RunWait and :$IE=ObjCreate("InternetExplorer.Application") $IE.Navigate("http://www.xxxxxx") $IE.visible = $ievisible Do Sleep(50) Until NOT $IE.Busy$document = $IE.document$form=$IE.document.forms.item("tsmess",0 ) $sujet=$form.elements ("form_id") $sujet.value = $util$from=$form.elements ("from") $from.value = "trafic info" $to=$form.elements ("submitto") $to.value = $mail$mess=$form.elements ("message") $mess.value = $util$form.submitWhile ($document.readyState <> "complete") and ($document.readyState <> 4) Sleep(100) WEnd$IE.quit ()It the same at home virus detect, and I have the same version than my work Viruscan Entreprise 8i dat file 4612 Edited October 25, 2005 by drakar Link to comment Share on other sites More sharing options...
drakar Posted October 25, 2005 Author Share Posted October 25, 2005 I use HttpSetProxy, StringRegExp, RunWait and :$IE=ObjCreate("InternetExplorer.Application") $IE.Navigate("http://www.xxxxxx") $IE.visible = $ievisible Do Sleep(50) Until NOT $IE.Busy$document = $IE.document$form=$IE.document.forms.item("tsmess",0 ) $sujet=$form.elements ("form_id") $sujet.value = $util$from=$form.elements ("from") $from.value = "trafic info" $to=$form.elements ("submitto") $to.value = $mail$mess=$form.elements ("message") $mess.value = $util$form.submitWhile ($document.readyState <> "complete") and ($document.readyState <> 4) Sleep(100) WEnd$IE.quit ()It the same at home virus detect, and I have the same version than my work Viruscan Entreprise 8iTry my script you can see :trafic.exe.txt Link to comment Share on other sites More sharing options...
drakar Posted October 25, 2005 Author Share Posted October 25, 2005 That the first time I see a false alarm (if any) on a compiled scipt with the beta.Can you recreate traffic.exe and check the version you use for compilation?I would imagine you have a real virus...I can't create an exe, virus detect immediatly a virus. I test my computer and no virus found, only auto-it exe Link to comment Share on other sites More sharing options...
drakar Posted October 25, 2005 Author Share Posted October 25, 2005 I can't create an exe, virus detect immediatly a virus. I test my computer and no virus found, only auto-it exeIt works correctly with the 3.1.1.66 beta I can compile script without problem.... Link to comment Share on other sites More sharing options...
jpm Posted October 25, 2005 Share Posted October 25, 2005 Try my script you can see :I don't understand how you attach this file if you cannot create an compiled .exe.Anyway the attach file can be decompile and have no virus error when scan with Symantec Antivirus.If I am right, it was compiled with .83 beta.I didn't execute it in case the problem comes when executed.I don't how I can help you more. Link to comment Share on other sites More sharing options...
drakar Posted October 25, 2005 Author Share Posted October 25, 2005 I don't understand how you attach this file if you cannot create an compiled .exe.Anyway the attach file can be decompile and have no virus error when scan with Symantec Antivirus.If I am right, it was compiled with .83 beta.I didn't execute it in case the problem comes when executed.I don't how I can help you more. I create this file when viruscan is inactive Link to comment Share on other sites More sharing options...
jpm Posted October 25, 2005 Share Posted October 25, 2005 I create this file when viruscan is inactiveI understand. at least my symantec say it is good without virus in. Link to comment Share on other sites More sharing options...
marimba Posted October 25, 2005 Share Posted October 25, 2005 Have the same problem. Any compiled script (one line is enough) produces Trojan with 3.1.1.84 and down to 3.1.1.78. Not problem with 3.1.1.0 and 3.1.1.70 The same happens with Mcafee 8.0.0 4611 and 7.0.3 4611 Link to comment Share on other sites More sharing options...
/dev/null Posted October 25, 2005 Share Posted October 25, 2005 Try my script you can see :No virus detected by F-Secure. So it's most probably a false positive of McAffeeee.... Best you can do: Contact them and tell em to correct their pattern files.CheersKurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
herewasplato Posted October 26, 2005 Share Posted October 26, 2005 ...The same happens with Mcafee 8.0.0 4611 and 7.0.3 4611For what it is worth, you can test files at some sites like http://virusscan.jotti.org/ and http://www.virustotal.com/McAfee sig file 4612 calls:jpm's file "no virus found"drakar's file "Generic MSVC".To quote jotti: "You're free to (mis)interpret these automated, flawed statistics at your own discretion."later... [size="1"][font="Arial"].[u].[/u][/font][/size] Link to comment Share on other sites More sharing options...
jpm Posted October 26, 2005 Share Posted October 26, 2005 For what it is worth, you can test files at some sites like http://virusscan.jotti.org/ and http://www.virustotal.com/McAfee sig file 4612 calls:jpm's file "no virus found"drakar's file "Generic MSVC".To quote jotti: "You're free to (mis)interpret these automated, flawed statistics at your own discretion."later...my was generated with a pre version of 3.1.1.85 so the signature change and the antivirus does not recognize this new object so no FALSE ALARM Link to comment Share on other sites More sharing options...
Neil Posted October 27, 2005 Share Posted October 27, 2005 I ran into this virus problem with McAfee VirusScan 8.0i a few days ago. Unfortunately, this was only a week after I deployed my memory resident PC inventory script to a couple of hundred workstations. Problem started with DAT update released on Monday by McAfee. I first tried using a newer beta (3.1.1.84), but that didn't help. I eventually discovered that the virus alert disappeared if I compiled the script without a custom icon. I tried a different icon as well, but that still produced the virus alert. Very strange! Link to comment Share on other sites More sharing options...
Recommended Posts