DaLiMan Posted April 25, 2018 Posted April 25, 2018 Hi, Today I got a message my exe file is a trojan [Trojan:Win32/Fuerboos.B!cl] and is very dangerous?! Now ofcourse this is not the case, but MS defender thinks otherwice. Can I re-code my source or something or has this to do with the auto-it compiler? Sourcecode is below: expandcollapse popup#Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Icon=BMP\Meso.ico #AutoIt3Wrapper_Res_Comment=Open MesoBoek.accdb boekhouding. #AutoIt3Wrapper_Res_Description=MesoBoek #AutoIt3Wrapper_Res_Fileversion=0.1.0.5 #AutoIt3Wrapper_Res_Fileversion_AutoIncrement=p #AutoIt3Wrapper_Res_LegalCopyright=Mirjam Lith Mesologie #AutoIt3Wrapper_Res_Language=1043 ://////=__= #AutoIt3Wrapper_Run_Tidy=y #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** ;================================================= #INCLUDE settings ======================================================== #include <MsgBoxConstants.au3> #include <FileConstants.au3> #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> #include <ColorConstants.au3> #include <InetConstants.au3> ;============================================== Optie settings en variabelen ================================================= HotKeySet("{ESC}", "_ExitNow") FileInstall(".\BMP\Meso_met.jpg", @ScriptDir & "\Meso_met.jpg") FileInstall("Meso.ico", @ScriptDir & "\Meso.ico") Dim $url = "http://www.mirjamlithmesologie.nl/MB/version.mb" Dim $urlDB = "http://www.mirjamlithmesologie.nl/MB/MesoBoek.accdb" Dim $curVer = @ScriptDir & "\version.mb" Dim $NewDB = @ScriptDir & "\MesoBoek.accdb" Global $iPID Global $Name = "MesoBoek" Global $DoubleRunChk = $Name & "!" Local $sDBlokatie, $sDBbupLokatie ;~ Local $sDBnaam = "MesoBoek_be" ;~ Local $sDBextentie = ".accdb" ;~ Global $oErrorHandler = ObjEvent("AutoIt.Error", "_ErrFunc") Local $DBdata = @ScriptDir & "\Data\MesoBoek_db.accdb" Local $tblname = "tblDBgegevens" Local $query = "SELECT * FROM " & $tblname Local $oShell = ObjCreate("shell.application") ; Get the Windows Shell Object ConsoleWrite("oShell=" & $oShell & @CRLF) ; ================================== Controle of het programma niet dubbel wordt opgestart ================================== If WinExists($DoubleRunChk) Then WinClose(WinGetHandle($DoubleRunChk)) EndIf AutoItWinSetTitle($DoubleRunChk) ;======================================================= Check Data beschikbaarheid ======================================================== $adoCon = ObjCreate("ADODB.Connection") ConsoleWrite("adocon=" & $adoCon & @CRLF) ;~ $adoCon.Open("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=D:\Documents\Boekhouding\Data\MesoBoek_db.accdb;User Id=;Password=;") $adoCon.Open("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" & $DBdata & ";User Id=;Password=;") $adoRs = ObjCreate("ADODB.Recordset") $adoRs.CursorType = 1 $adoRs.LockType = 3 $adoRs.Open($query, $adoCon) $sDBlokatie = $adoRs.Fields("DBlokatie").value ;Retrieve value by field name $sDBbupLokatie = $adoRs.Fields("BupLokatie").value ;Retrieve value by field name If $sDBlokatie = Null Then $sDBlokatie = @ScriptDir & "\Data" If $sDBbupLokatie = Null Then $sDBbupLokatie = @ScriptDir & "\Data\BackUp" $adoCon.Close If FileExists($sDBlokatie) = 0 Then MsgBox(64, $Name & " - Foutmelding", "De DataBase verbinding op onderstaande lokatie is niet beschikbaar, herstel de vebinding en probeer opnieuw." & @CRLF & @CRLF & $sDBlokatie) Exit EndIf ;====================================================== GUI settings========================================================== #Region ### START Koda GUI section ### Form= $Form1 = GUICreate("Form1", 508, 247, 192, 124, BitOR($WS_BORDER, $WS_POPUP), BitOR($WS_EX_TOPMOST, $WS_EX_TOOLWINDOW)) GUISetBkColor(0xFFFFFF) $Pic1 = GUICtrlCreatePic(@ScriptDir & "\Meso_met.jpg", 24, 16, 73, 89) $Label1 = GUICtrlCreateLabel("MesoBoek - Daniel Lith - 2016", 360, 224, 147, 17) $Label2 = GUICtrlCreateLabel("MesoBoek", 136, 32, 268, 69) GUICtrlSetFont(-1, 42, 400, 0, "Arial") $Label3 = GUICtrlCreateLabel("", 28, 144, 460, 17) $btnUpdate = GUICtrlCreateButton("Update", 384, 184, 89, 25) GUICtrlSetState(-1, $GUI_HIDE) $btnNoUpdate = GUICtrlCreateButton("Nu niet", 280, 184, 89, 25) GUICtrlSetState(-1, $GUI_HIDE) $Progress = GUICtrlCreateLabel("", 24, 164, 5, 17) GUICtrlSetBkColor(-1, 0x17D81B) GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### ;======================================================= RUN program ======================================================== While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case Else _VersieControle() Sleep(1000) _Startup() Sleep(2000) _Progressor(460, "Klaar.") Sleep(300) Exit EndSwitch WEnd Func _VersieControle() _Progressor(50, "Verbinding maken met server.") Local $sCurVersie = FileRead($curVer) ;~ MsgBox(0, "", $dFile) ; Read the file without downloading to a folder. The option of 'get the file from the local cache' has been selected. Local $dData = InetRead($url, 19) ; Convert the ANSI compatible binary string back into a string. Local $sOnlineVersie = StringRegExpReplace(BinaryToString($dData), '\s', "") ;~ Local $sOnlineVersie = InetGetInfo($dData) ; Display the results. ;~ MsgBox($MB_SYSTEMMODAL, "", $sOnlineVersie) If $sCurVersie < $sOnlineVersie Then GUICtrlSetState($btnUpdate, $GUI_SHOW) GUICtrlSetState($btnNoUpdate, $GUI_SHOW) _Progressor(100, "Nieuwe versie [v." & $sOnlineVersie & "] beschikbaar. Nu updaten?") While 1 ;~ Local $msg = MsgBox($MB_OKCANCEL + $MB_ICONWARNING, "Update", "Wilt u nu een update uitvoeren?") $nMsg = GUIGetMsg() Switch $nMsg Case $btnNoUpdate _Progressor(250, "Verder zonder updaten.") ExitLoop Case $btnUpdate _Progressor(250, "Downloaden nieuwe versie") FileSetAttrib($curVer, "-H") Local $dGet1 = InetGet($url, $curVer, $INET_FORCERELOAD, $INET_DOWNLOADBACKGROUND) Do Sleep(250) Until InetGetInfo($dGet1, $INET_DOWNLOADCOMPLETE) FileSetAttrib($curVer, "+H") Local $dGet2 = InetGet($urlDB, $NewDB, $INET_FORCERELOAD, $INET_DOWNLOADBACKGROUND) Do Sleep(250) Until InetGetInfo($dGet2, $INET_DOWNLOADCOMPLETE) ExitLoop EndSwitch WEnd Else If $sOnlineVersie = "" Then _Progressor(280, "Kan geen verbinding met server maken.") Else _Progressor(280, "U heeft de laatste versie.") EndIf EndIf EndFunc ;==>_VersieControle Func _Startup() _Progressor(380, "Bezig met opstarten MesoBoek") $iPID = ShellExecute(@ScriptDir & "\MesoBoek.accdb") ConsoleWrite("PID: " & $iPID & @LF) EndFunc ;==>_Startup Func _Progressor(Const $procent, Const $dText) GUICtrlSetPos($Progress, 24, 164, $procent) GUICtrlSetData($Label3, $dText) EndFunc ;==>_Progressor Func _ExitNow() Exit EndFunc ;==>_ExitNow
Trong Posted April 25, 2018 Posted April 25, 2018 See here: https://www.autoitscript.com/forum/topic/34658-are-my-autoit-exes-really-infected/ Regards,
Recommended Posts