Sign in to follow this  
Followers 0
FuryCell

AntiVirus False Positives (Again)

7 posts in this topic

#1 ·  Posted (edited)

I just scanned an AutoItScript I compiled at http://virusscan.jotti.org/ and got these results:

File: MD5.exe

Status: INFECTED/MALWARE

MD5 49874947f9287de91c606c981afc79ed

Packers detected: UPX, AUTOIT

Scanner results

AntiVir Found nothing

ArcaVir Found Trojan.Clicker.Small.Ht

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

UNA Found nothing

VBA32 Found nothing

It appears to be another false postive becuase of careless updates to antivirus definitions. :P

Edited by SolidSnake

HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

could you give some more info like what was in it and what was it compiled/packed with ?

latest beta gives me this.

POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)

VBA32

Found Trojan-Downloader.Agent.70 (probable variant)

ArcaVir probbly just flagged it becouse it was packed by the default UPX.

Edited by w0uter

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

could you give some more info like what was in it and what was it compiled/packed with ?

latest beta gives me this.

I have attached the script which was compiled using the v3.1.1 compiler. It was an MD5 include I downloaded off the forums.

ArcaVir probbly just flagged it becouse it was packed by the default UPX.

I do not understand what you mean by this. Could you please try and explain it in different words.

Thanks for the feedback.

-SolidSnake

MD5.au3

Edited by SolidSnake

HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.

Share this post


Link to post
Share on other sites

AutoIt uses a UPX packer by default. w0uter was simply stating that, the anti-virus protection programs, typically find this and label it as a 'potential threat'. That seems to be the consensus here.


[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

AutoIt uses a UPX packer by default. w0uter was simply stating that, the anti-virus protection programs, typically find this and label it as a 'potential threat'. That seems to be the consensus here.

Thanks.


HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

tested it with the latest beta + upx beta

Status:         POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). 
            This might be a false positive. Therefore, results of this scan will not be stored in the database)

MD5:            317612dd7eaac711d4bdf698f5b47047

Packers detected:   UPX, AUTOIT

Scanner results:
AntiVir         Found nothing
ArcaVir         Found nothing
Avast           Found nothing
AVG Antivirus       Found nothing
BitDefender     Found nothing
ClamAV          Found nothing
Dr.Web          Found nothing
F-Prot Antivirus    Found nothing
Fortinet        Found nothing
Kaspersky Anti-Virus    Found nothing
NOD32           Found nothing
Norman Virus Control    Found nothing
UNA         Found nothing
VBA32           Found Trojan-Downloader.Agent.70 (probable variant)
Edited by w0uter

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

tested it with the latest beta + upx beta

Status:         POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). 
            This might be a false positive. Therefore, results of this scan will not be stored in the database)

MD5:            317612dd7eaac711d4bdf698f5b47047

Packers detected:   UPX, AUTOIT

Scanner results:
AntiVir         Found nothing
ArcaVir         Found nothing
Avast           Found nothing
AVG Antivirus       Found nothing
BitDefender     Found nothing
ClamAV          Found nothing
Dr.Web          Found nothing
F-Prot Antivirus    Found nothing
Fortinet        Found nothing
Kaspersky Anti-Virus    Found nothing
NOD32           Found nothing
Norman Virus Control    Found nothing
UNA         Found nothing
VBA32           Found Trojan-Downloader.Agent.70 (probable variant)
That makes two problems VBA32 and AcraVir. Guess somebody should send an email to both of them so they can fix their definitions.

Thanks for the feedback.

Edited by SolidSnake

HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0