Virus inside beta version

[drakar]

I use Auto-it beat version (autoit-v3.1.1.83-beta-Setup.exe) to create an exe and Virusscan Mcafee detect a Trojan virus in compile exe file.

Can you help me ?

[/dev/null]

I use Auto-it beat version (autoit-v3.1.1.83-beta-Setup.exe) to create an exe and Virusscan Mcafee detect a Trojan virus in compile exe file.

Can you help me ?

search the support forum for "trojan". You will find similar reports and maybe a workaround as well, though not sure!

Cheers

Kurt

Edited October 25, 2005 by /dev/null

[Nuffilein805]

did you use tcp/udp-commands?

i never had that kind of problems, but i can imagine that your virusscan can make problems if your using tcp/udp

[jpm]

That the first time I see a false alarm (if any) on a compiled scipt with the beta.

Can you recreate traffic.exe and check the version you use for compilation?

I would imagine you have a real virus...

[jpm]

can McAfee user verify this compile script.

just rename suppress the .txt extension.

it was compiled with the next beta I am building.

normaly identical to .84

Thanks

[random667]

mcafee 10 shows no threat

[datskat]

McAfee VirusScan 8.0i enterprise (DAT 6411) is able to run testvirusbeta.exe no problems

[PaulDG]

Mcafee VS Pro Version v7.03.6000 (Last Version 7) With todays update(4611) passes this file with no problems.

Edited October 25, 2005 by PaulGX

[drakar]

search the support forum for "trojan". You will find similar reports and maybe a workaround as well, though not sure!

Cheers

Kurt

I use HttpSetProxy, StringRegExp, RunWait and :

$IE=ObjCreate("InternetExplorer.Application")

$IE.Navigate("http://www.xxxxxx")

$IE.visible = $ievisible

Do

Sleep(50)

Until NOT $IE.Busy

$document = $IE.document

$form=$IE.document.forms.item("tsmess",0 )

$sujet=$form.elements ("form_id")

$sujet.value = $util

$from=$form.elements ("from")

$from.value = "trafic info"

$to=$form.elements ("submitto")

$to.value = $mail

$mess=$form.elements ("message")

$mess.value = $util

$form.submit

While ($document.readyState <> "complete") and ($document.readyState <> 4)

Sleep(100)

WEnd

$IE.quit ()

It the same at home virus detect, and I have the same version than my work Viruscan Entreprise 8i dat file 4612

Edited October 25, 2005 by drakar

[drakar]

I use HttpSetProxy, StringRegExp, RunWait and :

$IE=ObjCreate("InternetExplorer.Application")

$IE.Navigate("http://www.xxxxxx")

$IE.visible = $ievisible

Do

Sleep(50)

Until NOT $IE.Busy

$document = $IE.document

$form=$IE.document.forms.item("tsmess",0 )

$sujet=$form.elements ("form_id")

$sujet.value = $util

$from=$form.elements ("from")

$from.value = "trafic info"

$to=$form.elements ("submitto")

$to.value = $mail

$mess=$form.elements ("message")

$mess.value = $util

$form.submit

While ($document.readyState <> "complete") and ($document.readyState <> 4)

Sleep(100)

WEnd

$IE.quit ()

It the same at home virus detect, and I have the same version than my work Viruscan Entreprise 8i

Try my script you can see :

trafic.exe.txt

[drakar]

That the first time I see a false alarm (if any) on a compiled scipt with the beta.

Can you recreate traffic.exe and check the version you use for compilation?

I would imagine you have a real virus...

I can't create an exe, virus detect immediatly a virus. I test my computer and no virus found, only auto-it exe

[drakar]

I can't create an exe, virus detect immediatly a virus. I test my computer and no virus found, only auto-it exe

It works correctly with the 3.1.1.66 beta I can compile script without problem....

[jpm]

Try my script you can see :

I don't understand how you attach this file if you cannot create an compiled .exe.

Anyway the attach file can be decompile and have no virus error when scan with Symantec Antivirus.

If I am right, it was compiled with .83 beta.

I didn't execute it in case the problem comes when executed.

I don't how I can help you more.

[drakar]

I don't understand how you attach this file if you cannot create an compiled .exe.

Anyway the attach file can be decompile and have no virus error when scan with Symantec Antivirus.

If I am right, it was compiled with .83 beta.

I didn't execute it in case the problem comes when executed.

I don't how I can help you more.

I create this file when viruscan is inactive

[jpm]

I create this file when viruscan is inactive

I understand. at least my symantec say it is good without virus in.

[marimba]

Have the same problem. Any compiled script (one line is enough) produces Trojan with 3.1.1.84 and down to 3.1.1.78.

Not problem with 3.1.1.0 and 3.1.1.70

The same happens with Mcafee 8.0.0 4611 and 7.0.3 4611

[/dev/null]

Try my script you can see :

No virus detected by F-Secure. So it's most probably a false positive of McAffeeee.... Best you can do: Contact them and tell em to correct their pattern files.

Cheers

Kurt

[herewasplato]

...The same happens with Mcafee 8.0.0 4611 and 7.0.3 4611

For what it is worth, you can test files at some sites like http://virusscan.jotti.org/ and http://www.virustotal.com/

McAfee sig file 4612 calls:

jpm's file "no virus found"

drakar's file "Generic MSVC".

To quote jotti: "You're free to (mis)interpret these automated, flawed statistics at your own discretion."

later...

[jpm]

For what it is worth, you can test files at some sites like http://virusscan.jotti.org/ and http://www.virustotal.com/

McAfee sig file 4612 calls:

jpm's file "no virus found"

drakar's file "Generic MSVC".

To quote jotti: "You're free to (mis)interpret these automated, flawed statistics at your own discretion."

later...

my was generated with a pre version of 3.1.1.85 so the signature change and the antivirus does not recognize this new object so no FALSE ALARM

[Neil]

I ran into this virus problem with McAfee VirusScan 8.0i a few days ago. Unfortunately, this was only a week after I deployed my memory resident PC inventory script to a couple of hundred workstations. Problem started with DAT update released on Monday by McAfee. I first tried using a newer beta (3.1.1.84), but that didn't help. I eventually discovered that the virus alert disappeared if I compiled the script without a custom icon. I tried a different icon as well, but that still produced the virus alert. Very strange!