Sign in to follow this  
Followers 0
Rick

AutoitSC.bin trojan or not?

22 posts in this topic

hi, just recently had Norton 2005 think "AutoitSC.bin" is a trojan virus,

has anyone else experienced this??


Who needs puzzles when we have AutoIt!!

Share this post


Link to post
Share on other sites



hi, just recently had Norton 2005 think "AutoitSC.bin" is a trojan virus,

has anyone else experienced this??

At least the Norton Corporate 9.0 version with the latest virus definition is not thinking that :lmao:

Share this post


Link to post
Share on other sites

Report your false positives direct to Symantec. They should be able to update their patterns promptly if you ask in a nice way.

Share this post


Link to post
Share on other sites

hi, just recently had Norton 2005 think "AutoitSC.bin" is a trojan virus,

has anyone else experienced this??

Hi Im a new one, and I m running Norton because it automaticaly quarentyne 2 .exe created by auit2exe and found 2 "Downloader", one in AutoitSC.bin and other in the .zip of instalation.

I m going to dowload again and reistal.

Share this post


Link to post
Share on other sites

symantec's latest virus defs deleted all my autoit programs saying they're downloaders

this is the first false positive i've ever had with symantec

it also deleted some other programs that were definitely not trojans like it said

they were all in quarantine but this is ridiculous when programs i've had for over 10 years all of a sudden show up as trojans


Share this post


Link to post
Share on other sites

Add one more dissatisfied Symantec Corporate customer (Corporate version 9 with latest updates). Good thing this FUBAR update didn't come out a week ago, as I had some critical AutoIt executables that ran through all users login scripts. They are now deleted off the server. I had another update I wanted to push out to all my users tomorrow, but thanks to Symantec I can't. How much do you think I can sue them for?

More importantly, does anyone know where to report these false positives to Symantec? I sent an email through the customer service link on their website, but I'm not sure that's the best place to send it to.

Share this post


Link to post
Share on other sites

Add one more dissatisfied Symantec Corporate customer (Corporate version 9 with latest updates). Good thing this FUBAR update didn't come out a week ago, as I had some critical AutoIt executables that ran through all users login scripts. They are now deleted off the server. I had another update I wanted to push out to all my users tomorrow, but thanks to Symantec I can't. How much do you think I can sue them for?

More importantly, does anyone know where to report these false positives to Symantec? I sent an email through the customer service link on their website, but I'm not sure that's the best place to send it to.

I need to know as well, this is severly impacting my ability to push out updates to our network. It also has the effect of making the last 5 days at work or so a waste of time for me.

Share this post


Link to post
Share on other sites

Same here, "AutoItSC.bin" as a "Downloader", which I know is completely bogus. :)

I'll be reporting this to Symantec as a false-positive...hopefully they can get their AV defs updated soon...

Share this post


Link to post
Share on other sites

Same here, "AutoItSC.bin" as a "Downloader", which I know is completely bogus. :)

I'll be reporting this to Symantec as a false-positive...hopefully they can get their AV defs updated soon...

They've updated the defs to remove this false-positive. You can install the fix with this: ftp://ftp.symantec.com/public/english_us_...easedefsi32.exe.

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

I have ACG AAbtivirus on my computer and I am sick of False Positives.. So, I have taken on the task to submit to them every time there is a problem, well they know who Valuater is now, after numerous emails and not all of them being nice about it, and one of the techs gave me his personal email...

... there hasn't been a problem since

but i hate the idea that you create a great program and then who knows which anti-virus is going to say its malware and either remove it or ask the user to remove it, as if the antivirus is a PC God,... then the developer and language appear to be "bad" in the eyes of the end user, and...

This Hurts All of Us!!!!!!

8)

[/end ramble]

Edited by Valuater

NEWHeader1.png

Share this post


Link to post
Share on other sites

I have ACG AAbtivirus on my computer and I am sick of False Positives.. So, I have taken on the task to submit to them every time there is a problem, well they know who Valuater is now, after numerous emails and not all of them being nice about it, and one of the techs gave me his personal email...

... there hasn't been a problem since

but i hate the idea that you create a great program and then who knows which anti-virus is going to say its malware and either remove it or ask the user to remove it, as if the antivirus is a PC God,... then the developer and language appear to be "bad" in the eyes of the end user, and...

This Hurts All of Us!!!!!!

8)

[/end ramble]

Any idea when this will roll out to SAV Corporate products?

Share this post


Link to post
Share on other sites

Any idea when this will roll out to SAV Corporate products?

I'm currently using defs '9/20/2006 rev. 52' and it's not flagging AutoIt anymore.

This is with SAV version 10

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

Any idea when this will roll out to SAV Corporate products?

It is no longer a problem (for me anyway) using the sig file dated later that same day.

Virus Definitions File Version: 9/20/2006 rev. 52

Scan engine: 61.2.1.10

SAV Program Version: 10.1.4.4010

Edit: I type too slow....

Edited by herewasplato

[size="1"][font="Arial"].[u].[/u][/font][/size]

Share this post


Link to post
Share on other sites

#14 ·  Posted (edited)

I had to downgrade from 3.2.x to 3.1.1.x and recompile for SAV to ignore my executables.

Norton users can upgrade the virus definitions by using this link: http://www.symantec.com/avcenter/download/pages/US-N95.html

Edited by Blue_Drache

Lofting the cyberwinds on teknoleather wings, I am...The Blue Drache

Share this post


Link to post
Share on other sites

Just wanted to let you know, if you didn't see it on the other thread, that the latest symantec virus definition file (from today, september 21st 2006) fix the issue.

Cheers,

Angel

Share this post


Link to post
Share on other sites

Sorry to bring back an old thread but it's relevant.

The lastest AVG definitions are saying AutoItSC.bin is "Trojan Horse Generic8.GST" :) and I don't know where to contact them about it.

Can anyone help me out with a link or something?

Share this post


Link to post
Share on other sites

Sorry to bring back an old thread but it's relevant.

The lastest AVG definitions are saying AutoItSC.bin is "Trojan Horse Generic8.GST" :) and I don't know where to contact them about it.

Can anyone help me out with a link or something?

This thread lists everyone I think

http://www.autoitscript.com/forum/index.php?showtopic=34658

Share this post


Link to post
Share on other sites

Same here...my AVG just hit on *.bin file and every *.exe I've compiled with AutoIT version 3.2.8.1...

Share this post


Link to post
Share on other sites

Its almost like there is a reason they sticky these things

Share this post


Link to post
Share on other sites

Its almost like there is a reason they sticky these things

I read the sticky.

Found the link in the sticky.

Link in sticky didn't help at all.

Posted here hoping someone might know more.

I managed to find this:

Please try to update your AVG Free Edition and run the AVG Free Edition Complete Test again. If you suspect a file to be a false positive. Test the file at [virusscan.jotti.org] and if it is a false positive, archive (zip, arc, tar etc) the file using a password and email a copy to virus@grisoft.com with a brief description as well as the password you used to archive it with.

If it is a false positive , turn off hueristic scanning for the time being. When Grisoft adjusts the virus defintions you can turn it back on. If turning off Hueristics still doesn't allow access to the file while testing and emailing... disable the resident shield temporarily but remember to re-enable it afterwards.

TIP This may be req'd. with Win Vista OS... From the Windows menu... locate the AVG Control Center icon and right click on it then select Run As Administrator... disable the Resident Shield and then complete the rest of the above instructions.

Maybe that should be added to the sticky.

I can't upload the file to virusscan.jotti.org so I was hoping someone else could do it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0