Valuater Posted June 13, 2006 Posted June 13, 2006 I just recently updated my Beta and Scite 3/4 days ago and since then my virus scan has deleted all my compiled scripts... ( normal... even the older exe's ), however this time it is after the SciTE Updatedefs.exe AVG Antivirus V File Ver 7.1.0.394 6/12/2006 Autoit Beta Ver 3.1.1.126 SciTE Ver 1.69 6/2/2006 *** Updated installer with SciTE v1.69. *** Updated Beta definitions to AutoIt3 v 3.1.1.125. always fun 8)
ConsultingJoe Posted June 13, 2006 Posted June 13, 2006 I just recently updated my Beta and Scite 3/4 days ago and since then my virus scan has deleted all my compiled scripts... ( normal... even the older exe's ), however this time it is after the SciTE Updatedefs.exe AVG Antivirus V File Ver 7.1.0.394 6/12/2006 Autoit Beta Ver 3.1.1.126 SciTE Ver 1.69 always fun 8)wow, I was just talking to a friend about something like this. Does this mean that someone use autoit to write a virus/Trogen and antivirus companies see it to be autoit not the individual exe? Check out ConsultingJoe.com
Moderators SmOke_N Posted June 13, 2006 Moderators Posted June 13, 2006 Sounds like this thread http://www.autoitscript.com/forum/index.ph...ndpost&p=192806 Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.
RazerM Posted June 13, 2006 Posted June 13, 2006 All of your compiled scripts? That must be very annoying! My Programs:AInstall - Create a standalone installer for your programUnit Converter - Converts Length, Area, Volume, Weight, Temperature and Pressure to different unitsBinary Clock - Hours, minutes and seconds have 10 columns each to display timeAutoIt Editor - Code Editor with Syntax Highlighting.Laserix Editor & Player - Create, Edit and Play Laserix LevelsLyric Syncer - Create and use Synchronised Lyrics.Connect 4 - 2 Player Connect 4 Game (Local or Online!, Formatted Chat!!)MD5, SHA-1, SHA-256, Tiger and Whirlpool Hash Finder - Dictionary and Brute Force FindCool Text Client - Create Rendered ImageMy UDF's:GUI Enhance - Enhance your GUIs visually.IDEA File Encryption - Encrypt and decrypt files easily! File Rename - Rename files easilyRC4 Text Encryption - Encrypt text using the RC4 AlgorithmPrime Number - Check if a number is primeString Remove - remove lots of strings at onceProgress Bar - made easySound UDF - Play, Pause, Resume, Seek and Stop.
w0uter Posted June 13, 2006 Posted June 13, 2006 avg sure has this alot. My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll
i542 Posted June 13, 2006 Posted June 13, 2006 avast! says to is no viruses at AutoIt.exe, I checked yesterday whole PC. What is virus name? i542 I can do signature me.
JSThePatriot Posted June 13, 2006 Posted June 13, 2006 (edited) avast! says to is no viruses at AutoIt.exe, I checked yesterday whole PC.What is virus name?i542I use avast! and ClamWin no issues so far.I have had one instance with avast, but it was quickly taken care of and it didnt delete all my files.wow, I was just talking to a friend about something like this. Does this mean that someone use autoit to write a virus/Trogen and antivirus companies see it to be autoit not the individual exe?Yes that is the case. Or they are just blocking the UPX part of an autoit exe.JS Edited June 13, 2006 by JSThePatriot AutoIt Links File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out. ComputerGetInfo UDF's Updated! 11-23-2006 External Links Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)
Nomad Posted June 13, 2006 Posted June 13, 2006 This is why everyone should refuse to help any potential malicious coders.
Nomad Posted June 13, 2006 Posted June 13, 2006 I just finished a full scan of my computer. I also use AVG. I am completely up to date on everything. UpdateDefs.exe was flagged as being a generic trojan horse just like for Valuator. Looks like this could be the beginning of the end...
Moderators SmOke_N Posted June 13, 2006 Moderators Posted June 13, 2006 I just finished a full scan of my computer. I also use AVG. I am completely up to date on everything. UpdateDefs.exe was flagged as being a generic trojan horse just like for Valuator. Looks like this could be the beginning of the end...Pessimism is as non-healthy for a community as actually writing some of those apps that cause this type of stuff. Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.
Developers Jos Posted June 13, 2006 Developers Posted June 13, 2006 Will recompile it with the latest version for the next release...... You can do the same with the au3 file in the Defs subdir if you need to update the files to the latest Beta defs... SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Nomad Posted June 13, 2006 Posted June 13, 2006 Pessimism is as non-healthy for a community as actually writing some of those apps that cause this type of stuff. Then could you tell me what the optimistic side of this would be? Because I don't see it. All I see is that my programs are potentially going to start getting flagged as a virus, and it pisses me off.
Moderators SmOke_N Posted June 13, 2006 Moderators Posted June 13, 2006 (edited) Then could you tell me what the optimistic side of this would be? Because I don't see it. All I see is that my programs are potentially going to start getting flagged as a virus, and it pisses me off. Well, I think you know my standing on those types of issues, I'm none the happier than you. But, If you notice that just a bit after you posted the pessimistic post, that Jdeb had a solution (as I knew he would... is why I posted it... He's always on top of SciTe). I'm just saying that you've posted some good posts/help/scripts, and that tends to have people look up to you, then unbeknownst (<< did I spell that right? ) to you, now you have a forum responsibility you didn't ask for or maybe even want. And when you talk negative like that, some could take it literally. We all can only do "our" part to keep the integrity of AutoIt/SciTe safe from harms way, but that part could have massive results positive or negative. That's all I meant (all I meant, I typed a damn dissertation ).Edit:My grammar sucks! Edited June 13, 2006 by SmOke_N Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.
Developers Jos Posted June 13, 2006 Developers Posted June 13, 2006 Then could you tell me what the optimistic side of this would be? Because I don't see it. All I see is that my programs are potentially going to start getting flagged as a virus, and it pisses me off. One lesson I've learned over time is to try not to worry/"get frustrated"/"get mad" about stuff that is out of your control and not really personal to you. Just work around it and move on .... Its not always simple but in this case its part of today's IT world were we have ppl that find pleasure to screw others with their weird ideas put into programs. You could have some respect for the early virus writers since they were REAL programmer. These days is so simple with all the macro languages, that any scriptkiddy, just relieved from his diapers, can write one... SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Nomad Posted June 13, 2006 Posted June 13, 2006 Yeah, you guys are right. I just really enjoy using AutoIt and so I take things a little too personally sometimes. I'll try to keep the negativity to a minimum about these issues. Thanks for the adjustment. Nomad
slightly_abnormal Posted June 13, 2006 Posted June 13, 2006 (edited) ewido tried this a month ago, i have norton but never any problem, except some c++ files . i hardly ever compile scripts anyways, but ewido goes crazy when i scan my computer especially with vb files, the trick is to password protect the files, or put them in exclude lists.. or not scan as much as you should it's rediculous to blacklist autoit since most viruses are made in vb/c#/asm.. might as well blacklist anything that moves.. Edited June 13, 2006 by slightly_abnormal
herewasplato Posted June 14, 2006 Posted June 14, 2006 This is why everyone should refuse to help any potential malicious coders. I see that a bit later in this thread you had an "adjustment"... that's probably best for your blood pressure. :-) I wanted to make sure that you took note of the post where JSThePatriot mentions, "Or they are just blocking the UPX part of an autoit exe". As I understand it, AVG (and a few other AV companies) find a virus/trojan/whatever that was packed with UPX... then they mark all files touched by this tool regardless of what the actual script does. So, you could have a compiled script with just one line: Sleep(111) and when compiled, it would be marked as bad. [i've actually done that.] I've spent some time in the AVG forums (before I abandoned AVG in favor of avast). I cannot be sure, but it seems that whenever AVG finds any bad file that was packed with UPX - it marks all files packed with that version of UPX. In other words, a file written in a "language" other than AutoIt, but packed with UPX can trigger false positives for all AutoIt files. http://forum.grisoft.cz/freeforum/read.php...24757#msg-24757 http://forum.grisoft.cz/freeforum/read.php...70252#msg-70252 If you jump thru all of the hoops that AVG requires for submitting a "false positive" then they will respond quickly... but, if my assumptions stated above are correct, then they way that they mark files as bad is - well - bad. None of this is directed at you per se - it is just that you mentioned "malicious coders" and I wanted you (and others) to see that even if you cleaned the entire forum of all code - good and bad - this problem will still happen until AVG changes its detection methods. Caveat to all of the above - I could be wrong about AVG's detection method... I did not get an answer from them when I posed this question to them directly some time back. Perhaps they don't discuss such things with parties unkown to them. [size="1"][font="Arial"].[u].[/u][/font][/size]
Nomad Posted June 14, 2006 Posted June 14, 2006 I see that a bit later in this thread you had an "adjustment"... that's probably best for your blood pressure. :-) I wanted to make sure that you took note of the post where JSThePatriot mentions, "Or they are just blocking the UPX part of an autoit exe". As I understand it, AVG (and a few other AV companies) find a virus/trojan/whatever that was packed with UPX... then they mark all files touched by this tool regardless of what the actual script does. So, you could have a compiled script with just one line: Sleep(111) and when compiled, it would be marked as bad. [i've actually done that.] I've spent some time in the AVG forums (before I abandoned AVG in favor of avast). I cannot be sure, but it seems that whenever AVG finds any bad file that was packed with UPX - it marks all files packed with that version of UPX. In other words, a file written in a "language" other than AutoIt, but packed with UPX can trigger false positives for all AutoIt files. http://forum.grisoft.cz/freeforum/read.php...24757#msg-24757 http://forum.grisoft.cz/freeforum/read.php...70252#msg-70252 If you jump thru all of the hoops that AVG requires for submitting a "false positive" then they will respond quickly... but, if my assumptions stated above are correct, then they way that they mark files as bad is - well - bad. None of this is directed at you per se - it is just that you mentioned "malicious coders" and I wanted you (and others) to see that even if you cleaned the entire forum of all code - good and bad - this problem will still happen until AVG changes its detection methods. Caveat to all of the above - I could be wrong about AVG's detection method... I did not get an answer from them when I posed this question to them directly some time back. Perhaps they don't discuss such things with parties unkown to them. Sorry, I've been offline. I'm not saying that you are wrong, but I have a question in regards to your post. The file that has been detected as a trojan was installed by SciTe. So it's been there since my last SciTe update. If it were packed with UPX and that's why it's being flagged, then why wouldn't it have flagged a false positive at the first scan I did after a fresh install instead of waiting until now? This is a serious question, I'd really like to know. Nomad
Seagul Posted June 14, 2006 Posted June 14, 2006 From what ive noticed its in the exe compiler of scite.
Developers Jos Posted June 14, 2006 Developers Posted June 14, 2006 (edited) From what ive noticed its in the exe compiler of scite. there is no "Exe compiler" in SciTE... SciTE is an Editor that is used as a shell around the available utilities. If you mean aut2exe.exe, that comes with the AutoIt3 installer ..... Edited June 14, 2006 by JdeB SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now