Sign in to follow this  
Followers 0
EBak

McAfee virus detection

26 posts in this topic

Hi,

Since the update of Mcafee on 3 March 2006 all my executables that I did create with AutoIt are detected as a virus/Joke. Is anyone else has this problem and what can I do about it?

regards,

Emile

Share this post


Link to post
Share on other sites



Hi,

Since the update of Mcafee on 3 March 2006 all my executables that I did create with AutoIt are detected as a virus/Joke. Is anyone else has this problem and what can I do about it?

regards,

Emile

write Mcafee about it. ANd tell them to change their attitude towards autoit. Only way i guess. If you search for 'antivirus' in this forum you will get lots of posts like that.

My little company: Evotec (PL version: Evotec)

Share this post


Link to post
Share on other sites

Hi,

Since the update of Mcafee on 3 March 2006 all my executables that I did create with AutoIt are detected as a virus/Joke. Is anyone else has this problem and what can I do about it?

regards,

Emile

I agree with MadBoy you should write to McAfee.

I was just curious to understand with which version of AutoIt the executables were produced. :o

Share this post


Link to post
Share on other sites

I did a quick check on my scripts folder. It did not find any viruses.

The virus definitions are of 7th March.

Posted Image

Share this post


Link to post
Share on other sites

Hi,

Since the update of Mcafee on 3 March 2006 all my executables that I did create with AutoIt are detected as a virus/Joke. Is anyone else has this problem and what can I do about it?

regards,

Emile

Post an example so we can check to see if other virus scanners also note it as a virus.

Share this post


Link to post
Share on other sites

Post an example so we can check to see if other virus scanners also note it as a virus.

don't forget to describe which which release of AutoIT they were produced. Thanks :o

Share this post


Link to post
Share on other sites

Or you could stop using McAfee Antivirus and try another.

I use AVG Professional.

:o

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

Thanx for all the answers. The problem is fixed for now, by getting a new update of McAfee or the newest beta version of AutoIT. I updated both the programs at the same time, so I am not sure which one is responsible for it. Hopefully it stays like this. I only lost all backup executables, but i can still compile them with the newest AutoIt version if I need them.

Share this post


Link to post
Share on other sites

Hi,

Since the update of Mcafee on 3 March 2006 all my executables that I did create with AutoIt are detected as a virus/Joke. Is anyone else has this problem and what can I do about it?

regards,

Emile

Yep, I get that even with some of my .au3 files.


[quote] Gilbertson's Law: Nothing is foolproof to a sufficiently talented fool.Sandro Alvares: Flaxcrack is please not noob! i can report you is stop stupid. The Post[/quote]I made this: FWD & MD5PWD()

Share this post


Link to post
Share on other sites

Yep, I get that even with some of my .au3 files.

when you say .au3 you mean compiled .au3 !!!

I cannot understand and antivirus detecting a virus in a pure text file.

Share this post


Link to post
Share on other sites

when you say .au3 you mean compiled .au3 !!!

I cannot understand and antivirus detecting a virus in a pure text file.

Nope...just on the .au3 file itself. The next time McAfee picks it up i'll paste the message in here.


[quote] Gilbertson's Law: Nothing is foolproof to a sufficiently talented fool.Sandro Alvares: Flaxcrack is please not noob! i can report you is stop stupid. The Post[/quote]I made this: FWD & MD5PWD()

Share this post


Link to post
Share on other sites

Nope...just on the .au3 file itself. The next time McAfee picks it up i'll paste the message in here.

Whoah that's something very new for me!!!

I wait :)

Share this post


Link to post
Share on other sites

when you say .au3 you mean compiled .au3 !!!

I cannot understand and antivirus detecting a virus in a pure text file.

try saving this as a text file.. your av should pick it up..

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Share this post


Link to post
Share on other sites

try saving this as a text file.. your av should pick it up..

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Exactly what I was thinking :)http://www.eicar.org/anti_virus_test_file.htm

Anyway, it seems that Friday was a particularly bad day for McAfee virus definitions. :mellow:


Use Mozilla | Take a look at My Disorganized AutoIt stuff | Very very old: AutoBuilder 11 Jan 2005 prototype I need to update my sig!

Share this post


Link to post
Share on other sites

Norton antivirus picks that up as EICAR TEST STRING, why does it think it is a virus?


My Programs:AInstall - Create a standalone installer for your programUnit Converter - Converts Length, Area, Volume, Weight, Temperature and Pressure to different unitsBinary Clock - Hours, minutes and seconds have 10 columns each to display timeAutoIt Editor - Code Editor with Syntax Highlighting.Laserix Editor & Player - Create, Edit and Play Laserix LevelsLyric Syncer - Create and use Synchronised Lyrics.Connect 4 - 2 Player Connect 4 Game (Local or Online!, Formatted Chat!!)MD5, SHA-1, SHA-256, Tiger and Whirlpool Hash Finder - Dictionary and Brute Force FindCool Text Client - Create Rendered ImageMy UDF's:GUI Enhance - Enhance your GUIs visually.IDEA File Encryption - Encrypt and decrypt files easily! File Rename - Rename files easilyRC4 Text Encryption - Encrypt text using the RC4 AlgorithmPrime Number - Check if a number is primeString Remove - remove lots of strings at onceProgress Bar - made easySound UDF - Play, Pause, Resume, Seek and Stop.

Share this post


Link to post
Share on other sites

Post an example so we can check to see if other virus scanners also note it as a virus.

AVG also returns with a virus report for autoit, however not just on what I have compiled but also for the autoit executable itself. I actually had to turn off autoprotect to get it to stop poping up warning messages on my server. I thought it was a bad install of AVG professional guess not eh?

Also after reading these posts I installed autoit on my norton corp edition protected server, and it also says it's a virus BUT windowsonecare and ms defender do not, and Avast! doesn't either. with norton I just created an exclusion, and wrote AVG about it not being a virus and the fact that thier exclusion doesn't stop the stupid popup warnings every 5 seconds.

`Mitch

Share this post


Link to post
Share on other sites

AVG also returns with a virus report for autoit, however not just on what I have compiled but also for the autoit executable itself. I actually had to turn off autoprotect to get it to stop poping up warning messages on my server. I thought it was a bad install of AVG professional guess not eh?

Also after reading these posts I installed autoit on my norton corp edition protected server, and it also says it's a virus BUT windowsonecare and ms defender do not, and Avast! doesn't either. with norton I just created an exclusion, and wrote AVG about it not being a virus and the fact that thier exclusion doesn't stop the stupid popup warnings every 5 seconds.

`Mitch

I can agree an antivirus can give in this specific case a lase alarm if your machine is not infected on the autoit executable or a compiled script which is build from the same code.

But giving and alarm on an script itself (.au3) which is a text file is beyond my comprehension except this test file that Mc Afee distribute to check if their code is detecting something.

As usual I have no answer of which version of autoit produce this 'false" alarm.

The best is to forward your file to your antivirus provider and have them correct their detectection algorithm/signature.

Share this post


Link to post
Share on other sites

These false positives are positively annoying.

Could we make a common thread, title it "My anti-virus just called AutoIT badware" or something similar, sticky it, and move all these posts that keep cropping up on a daily/weekly basis into them? This would be an ongoing, long and sad reflection on the quality of anti-virus signature algorithms. Noobies could (possibly) see it before starting their own thread.

I've had widely deployed compiled scripts disappear overnight on more than one occasion - one of the hazards of using a popular product that has too much power I suppose. Where anti-virus vendors are lazy to differentiate between valid nasties and the common non-infested runtime, having a common thread will document that on an ongoing basis.

(Could be worse - it could be McAfee reporting and deleting Excel.exe like happened last Friday I suppose)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0