mergleh

Assistance diagnosing a random AutoIt Error

13 posts in this topic

Hello all,

I just started having an issue this morning where I will get an error every few minutes (attached .jpg).  If I don't close the error, I don't receive another error or anything like that, however, if I close the error, it will come back very consistently.  I would like to know if there is any way I can track down what program is trying to execute the file mentioned in the error.  I'm not sure if this is some type of malware or just an innocuous message after a legitimate program updated or something.

Any assistance you all can provide would be greatly appreciated.

Thanks,

Scott

error.jpg

Share this post


Link to post
Share on other sites



Can you post your AutoIt code?

Share this post


Link to post
Share on other sites

The file extension CGB seems to stand for "Gameboy Color".
Does this ring a bell?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

@mergleh, welcome to AutoIt forum.

three elements arise my suspicion for a malware in your system: 1) "Line 0" mentioned in the error, which makes no sense AutoIt-wise, 2) a seemingly-random path and file name, and 3) - an impression of mine - that you were not executing the AutoIt script.

perform a thorough malware scan, with several independent scanners.

Share this post


Link to post
Share on other sites

"Line 0" makes pretty much sense - when the user runs a compiled script.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

@water please explain. in what circumstances will a compiled script crash in line 0 ? :huh2:

Share this post


Link to post
Share on other sites

A compiled script does not provide any line numbers (they get lost during compilation) - hence it will display 0.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

i just tested to find that is incorrect. try for yourself:

Global $i
Global $aArray[]

compile and run this, see error in line 2 ("Error: Variable subscript badly formatted.")

whatever you do, you cannot have an error in line 0, simply because the first line is always 1. that is, unless the interpreter in compromised.

Share this post


Link to post
Share on other sites

orbs,

It used to be the case that compiled scripts did not return the line number where the error occurred, but this behaviour was changed in one of the more recent releases. So I would think that the executable in question is pretty old.

mergleh,

As well as checking for malware,  I suggest you use Task Manager to look at the running processes when the error appears to see if you can see anything that looks out of place. Then cancel the MsgBox and see which process disappears, only to reappear sometime later. You might also use msconfig to check if anything untoward is being started automatically.

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

#10 ·  Posted

The error is giving you the path to the file it is looking for. In addition to the malware scans suggested above, look to see if this directory exists. Then do a search in the registry for both the name of the directory and the name of the file it is trying to open.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

#11 ·  Posted

6 hours ago, Subz said:

Can you post your AutoIt code?

I am familiar at a very basic level as to what AutoIt is used for but I am not a developer.  This is just an error that started popping up yesterday.  I did not write what is causing this error.

6 hours ago, water said:

The file extension CGB seems to stand for "Gameboy Color".
Does this ring a bell?

It does not.

6 hours ago, orbs said:

@mergleh, welcome to AutoIt forum.

three elements arise my suspicion for a malware in your system: 1) "Line 0" mentioned in the error, which makes no sense AutoIt-wise, 2) a seemingly-random path and file name, and 3) - an impression of mine - that you were not executing the AutoIt script.

perform a thorough malware scan, with several independent scanners.

I also am under the impression that this is malware from some site I went to or something I downloaded.  I am not initiating anything that is causing this to pop up, i can click OK and let the computer sit for about 5 minutes and it will come up again.  The only two programs I have installed in the past couple days are a hex editor (called HxD) to allow me to modify a game .exe to run in 21:9 and a program called SpyBot Anti-Beacon which disables telemetry data from being sent to Microsoft.

I did a scan with the trial version of Malware Bytes and nothing came up.  I also did a scan with BitDefender which I always have running along with ESET's online scan (I know these aren't really malware scanners but I figured it couldn't hurt). and all of them came up clean.

5 hours ago, Melba23 said:

mergleh,

As well as checking for malware,  I suggest you use Task Manager to look at the running processes when the error appears to see if you can see anything that looks out of place. Then cancel the MsgBox and see which process disappears, only to reappear sometime later. You might also use msconfig to check if anything untoward is being started automatically.

M23

I also had this idea but there are so many processes that are constantly shifting around, there may be something popping up alongside the error but I'm not not seeing it.  I've tried sorting by CPU usage as I don't know that any other sorting method would make it obvious.  I checked msconfig and nothing that is enabled to run on startup is new, all of that stuff has been there for weeks.  I guess it's possible there's a new service that's running but I am not able to identify it in that large list.

I was hoping that there was a way, via a log file or something, to trace back what tried to execute a command via AutoIt.  I must admit that I don't have the best understanding as to how AutoIt works but can programs that I install come "bundled" with AutoIt functionality for their own uses, such as to update the program, etc?  I've never directly installed AutoIt so I'm not even sure how it's trying to execute.

21 minutes ago, JLogan3o13 said:

The error is giving you the path to the file it is looking for. In addition to the malware scans suggested above, look to see if this directory exists. Then do a search in the registry for both the name of the directory and the name of the file it is trying to open.

This part is a bit interesting.  I have hidden folders shown (for reference, I can see App Data) When I go to C;\Users\mergleh, I do not see the folder in question (qlgdobk), however, I can type that directory in Windows Explorer and I am taken there.  I can also navigate to that directory via Command Prompt.  There is nothing in the folder when I go to it and I actually tried to delete it in Command Prompt and I cannot.

 

Adding some clarification:  When the error comes up, I see a process listed in the "Details" tab of Task Manager labeled hgls.exe with the AutoIt icon.  A search for that comes up with nothing relevant as far as I can tell.  I think at this point, my best bet is to try to monitor the processes that spike in CPU usage when the error comes up and when I click OK.  I have been doing that and there are only a few  at the top of the list around that time so maybe I can just start closing things one by one until the error stops.  If anyone else has a recommendation, I'm open to try anything.

Thank you guys for all the help thus far, I really appreciate it.

 

-Scott

Share this post


Link to post
Share on other sites

#12 ·  Posted

Adding a bit -- I mentioned installing 2 programs recently, I have uninstalled those and the problem persists.  I did a search for the folder name, file name, and hgls.exe in the registry and I get no hits.

Share this post


Link to post
Share on other sites

#13 ·  Posted

I was able to at least track down the reason it was occuring every 5 minutes.  Using Process Explorer, I opened hgls.exe and found some additional information (please see screenshot).  From there, it mentioned that this was running due to Task Scheduler.  I went into Task Scheduler and found that there was a task set to execute that file every 5 minutes.  I deleted the task and the errors stopped.  While I still dont know where this came from (and I'll likely just go ahead and reformat as it's been a while anyway), I at least was able to figure out why it was occuring every 5 minutes.

hgls.jpg

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now