Sign in to follow this  
Followers 0
Christian Blackburn

AVG AntiVirus Identifying SciTe4AutoIt3.exe as a Trojan Virus

28 posts in this topic

Hi Gang,

I'm hoping the file is fine and that AVG has just detected a false positive, but it is reporting the most recent SciTe4AutoIt (2006/06/02) as a trojan virus. Is anyone else's virus scanner (different brands) reporting the same problem? My AVG is totally up to date as of (2006/06/05 a few minutes ago). We may need to contact AVG if this is a false positive. So far I am not able to observe any anomalies, but will need to research the resultant behavior of the Downloader.Zlob.ANW virus.

Posted Image

Thanks,

Christian Blackburn


Thanks,Christian BlackburnHTTP://www.RawSeattle.org

Share this post


Link to post
Share on other sites



Can you please stop posting in the Bug Reports forum? This should be in the SciTE4AutoIt thread. Most of your other posts belong in other forums as well.

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Avast is happy with the latest SciTe4AutoIt.

Perhaps you may want to try an Online Virus Scan to verify doubt.

This is not the 1st false-positive, and I can assure you that it will not be the last. AV programs are not accurate enough with detections for absolute valid virii recognition.

It does pay to rule out doubt, just incase it is a virus on your system.

Edited by MHz

Share this post


Link to post
Share on other sites

It does pay to rule out doubt, just incase it is a virus on your system.

Hi MHZ,

Thanks for adding Avast. I am aware that AV programs frequently return false positve detections. I trust you guys, but like you said it never hurts to make sure and besides someone needs to contact AVG and get them straightened out. I'll try to find some contact info for them.

Thanks Again,

Christian Blackburn


Thanks,Christian BlackburnHTTP://www.RawSeattle.org

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Hi Gang,

Okay I wrote Grisoft (makers of AVG) and we'll see what happens:

Sales Support Form 
 Name
Christian Blackburn 

E-mail
Christian.Blackburn@Yahoo.com 

Are you currently using AVG?
FREE 
Choose Your Topic
General product information 

Choose Product Type
AVG SoHo Edition 

Enter your question

Dear Sales Staff,
 
 I'm sorry to be sending this here, but your program has generated a false positive on an open-source application and the only way it seems I can tell you about that is by having a serial number and frankly I don't and am disinclined to buy a scanner that false positives so easily. Please let your technicians know about this file
 http://www.autoitscript.com/cgi-bin/getfile.pl?../autoit3/scite/download/SciTe4AutoIt3.exe
 
 Thanks,
 Christian Blackburn
 Christian.Blackburn@Yahoo.com

Cheers,

Christian Blackburn

Edited by Christian Blackburn

Thanks,Christian BlackburnHTTP://www.RawSeattle.org

Share this post


Link to post
Share on other sites

Hi Gang,

Okay I wrote Grisoft (makers of AVG) and we'll see what happens:

Sales Support Form 
 Name
Christian Blackburn 

E-mail
Christian.Blackburn@Yahoo.com 

Are you currently using AVG?
FREE 
Choose Your Topic
General product information 

Choose Product Type
AVG SoHo Edition 

Enter your question

Dear Sales Staff,
 
 I'm sorry to be sending this here, but your program has generated a false positive on an open-source application and the only way it seems I can tell you about that is by having a serial number and frankly I don't and am disinclined to buy a scanner that false positives so easily. Please let your technicians know about this file
 http://www.autoitscript.com/cgi-bin/getfile.pl?../autoit3/scite/download/SciTe4AutoIt3.exe
 
 Thanks,
 Christian Blackburn
 Christian.Blackburn@Yahoo.com

Cheers,

Christian Blackburn

maybe your version is a virus. maybe you have a boot virus that copied it self to the exe it has been know to happen

Share this post


Link to post
Share on other sites

maybe your version is a virus. maybe you have a boot virus that copied it self to the exe it has been know to happen

Either way, AVG needs to now about it... If AVG was(is) protecting his system and did not catch (and notify him of) that boot virus... then AVG has a problem that they need to know about and fix.

I've stopped installing AVG on systems that I "support" in favor of avast.


[size="1"][font="Arial"].[u].[/u][/font][/size]

Share this post


Link to post
Share on other sites

I am running AVG Pro and the latest Beta AutoIt and have no problems.



Get Beta versions Here Get latest SciTE editor Here AutoIt 1-2-3 by Valuater - A great starting point.

Time you enjoyed wasting is not wasted time ......T.S. Elliot
Suspense is worse than disappointment................Robert Burns
God help the man who won't help himself, because no-one else will...........My Grandmother

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

...My AVG is totally up to date as of (2006/06/05 a few minutes ago)...

It would help if you would state the version of the signature file being used in the manner used by AVG...[Edit: because they sometimes release more than one update per day.] [bring up the control center and then select Information on the menu bar, then select About AVG Free] in any case, the problem seems to be fixed.

I downloaded and installed avg71free_394a757.exe

Updated the sig file to 268.8.2/357

(06 June 2006 12:20 PM) [Date format is my own :-)]

Scanned the copy of SciTe4AutoIt3.exe that I already had [downloaded/installed late yesterday]... no virus reported.

Downloaded a fresh copy of SciTe4AutoIt3.exe... no virus reported during the download.

Scanned this folder structure "C:\Program Files\AutoIt3\SciTE"... no virus reported.

Suggest that you update the sig file and try again.

At least AVG seems to be responsive.

FYI - Symantec AntiVirus 10.1.0.386 Corp. edition has no problem with any of these files.

Edited by herewasplato

[size="1"][font="Arial"].[u].[/u][/font][/size]

Share this post


Link to post
Share on other sites

I am running AVG Pro and the latest Beta AutoIt and have no problems.

Hi Bigdod,

Please make sure you have the most recent SciTe4AutoIT dates 2006/06/02. That's where the problem appears to be.

Thanks,

Christian Blackburn


Thanks,Christian BlackburnHTTP://www.RawSeattle.org

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

Is it one of the included AutoIt3 scripts that has the false positive ?

If so do you have any idea which one ?

Hi JdeB,

That's a good question it's tripping about Uninst.exe and SciTe4AutoIt.exe, not any .au3 files. I should also note that SciTe is the only set of programs/files my AV is bitching about. I presumably downloaded the same copy of SciTe as the rest of you. Because I got it off of HiddenSoft.com. It's possible some rogue individual put a bad copy up for a few minutes and only a few, but I find that scenario unlikely.

Cheers,

Christian Blackburn

Edited by Christian Blackburn

Thanks,Christian BlackburnHTTP://www.RawSeattle.org

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

It would help if you would state the version of the signature file being used in the manner used by AVG...[Edit: because they sometimes release more than one update per day.

Hi Plato,

(3): 268.8.2/356

(4): 6/5/2006 2:30:00 PM

I see an update available as of today, so I will update momentarily, but I think it's important to record which version we're false pos'ing on so we can add it to our documentation. Thanks for the NAV addition. It looks like we're using almost the same sigs, you're one build newer. If it doesn't go away with the updated sigs, which at this point I don't think it will I'll yank those files immediatley.

Thanks,

Christian Blackburn

Edited by Christian Blackburn

Thanks,Christian BlackburnHTTP://www.RawSeattle.org

Share this post


Link to post
Share on other sites

Hi Bigdod,

Please make sure you have the most recent SciTe4AutoIT dates 2006/06/02. That's where the problem appears to be.

Thanks,

Christian Blackburn

I have the very latest of everything and still have no problem.


Get Beta versions Here Get latest SciTE editor Here AutoIt 1-2-3 by Valuater - A great starting point.

Time you enjoyed wasting is not wasted time ......T.S. Elliot
Suspense is worse than disappointment................Robert Burns
God help the man who won't help himself, because no-one else will...........My Grandmother

Share this post


Link to post
Share on other sites

Hi JdeB,

That's a good question it's tripping about Uninst.exe and SciTe4AutoIt.exe, not any .au3 files. I should also note that SciTe is the only set of programs/files my AV is bitching about. I presumably downloaded the same copy of AVG as the rest of you. Because I got it off of HiddenSoft.com. It's possible some rogue individual put a bad copy up for a few minutes and only a few, but I find that scenario unlikely.

Cheers,

Christian Blackburn

SciTe4AutoIt.exe and Uninst.exe are standard exe's that are generated by NSIS installer.....

I meant compiled Scripts like Tidy/AutoIt3Wrapper/codewizzard/csnippet/sciteconfig/guibuilder/updatedefs.


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

I have AVG and the latest Scite editor, I just downloaded for a re-install a couple weeks ago. I have no problems with it showing as a virus.

Nomad :D


Share this post


Link to post
Share on other sites

Hi Gang,

Good news, I installed the most recent signatures and now everything is coming up roses. Since Plato had one build newer than I we know the very last build where we're false positiving. So that needs to go into the release notes or something.

This could go somewhere:

If you have AVG AntiVirus with signatures version 268.8.2/356 (2006/06/05) or older, it's likely you'll get a false positive virus listing for SciTe4AutoIt, please update your signatures as the problem will go away.

Cheers,

Christian Blackburn


Thanks,Christian BlackburnHTTP://www.RawSeattle.org

Share this post


Link to post
Share on other sites

Why bothering documenting it? People not smart enough to keep their signatures updated are in general not going to be smart enough to read the documentation explaining why they are getting a false positive.

Share this post


Link to post
Share on other sites

...the latest Scite editor, I just downloaded for a re-install a couple weeks ago...

...but the latest SciTe4AutoIt3 came out 02 June 2006 (4 days ago)

[size="1"][font="Arial"].[u].[/u][/font][/size]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0