Trojan Horse In AutoIT3?

[NinerSevenTango]

AVG Antivirus free edition reports finding Trojan Horse Generic.XVJ in AutoItSC.bin.

This file is located on my machine at C:\Program Files\AutoIt3\beta\Aut2Exe, which I installed on 4/6/06.

The file attributes show the file at 387KB, installed 4/6/06.

Is this a false positive, or did one slip by? The machine gets scanned regularly, so either something infected the file, or a new definition was added recently by AVG that causes the file to be flagged.

I hope this is not old news, I scanned the forum lightly for any indication of this, and finding none, I registered on the forum here to make this post. Please forgive me if this has been resolved a long time ago and I'm coming across as a clueless newbie.

My machine only gets used by me (no teenagers in the house), and it is quite rare for anything to show up on a scan. It's protected by a router, Kerio, AVG, Spybot resident, and a few other measures.

--97T--

[MHz]

It could be possible for a virus to infect a file, so I would uninstall AutoIt3, then reinstall it. If AVG still finds a virus inside AutoItSC.bin, then you would have a False Positive.

Upon a False Positive, report it to AVG. They also do have a forum to discuss problems.

[Valuater]

I just checked the entire AVG Forum for a "bin" problem/question

there were only questions releated to the AVG bin files

????... are ".bin" files scanned...????

8)

[MHz]

????... are ".bin" files scanned...????

Absolutely.

[ivan]

@NinerSevenTango

does the scan report any of your compiled files? If i'm right, that's what trojans do.

IVAN

Edited July 20, 2006 by ivan

[Zedna]

Virs database from 19.7. (or 20.7.?) really identifies AutoIt EXE's as viruses.

I disabled resident shield until they release new correct definition files.

You may also add exception directories to resident shield options instead of disabling it.

EDIT: AVG has false positive viruses in AutoIt EXE§s already, search "AVG" in this forum and you will see ...

Edited July 20, 2006 by Zedna

[NinerSevenTango]

Thanks all, that's about what I expected to find.

I'll drop a note to AVG.

--97T--

[Valuater]

Thanks all, that's about what I expected to find.

I'll drop a note to AVG.

--97T--

I am a little tired of these false - positives and took action with AVG

http://forum.grisoft.cz/freeforum/read.php...3,backpage=,sv=

I will try to keep-up with any future problems by reporting them immediately with AVG

Could someone else take the responsibility to reply to false positives with thier respective Anti-Virus

Thanks

Valuater

8)

[1of10]

AVG isn't the only anti-virus package that's picking up AutoIt v3 compiled scripts as infected. I use AntiVir, and it's recently -- over the past couple of months -- started picking up more and more AutoIt v3 compiled scripts as all sorts of infectious malware on my system.

The big "WTF!?" on the subject was when the on-access scanner picked up a compiled script I had completed no more than a week previous...

From the sound of things, I should use the built-in feature to package the quarantined files and send them off to Avira -- the company -- for analysis, so they can correct their databases. (FYI, I watch all aspects of my system like a hawk. It's a rare treat when a REAL piece of malware gets past my scrutiny!

Is it still hiddensoft.com for the compiled.html information that references anti-virus software authors? Or is that now via autoitscript.com? (Has the compiler front-end/wrapper been updated to add the correct URL to the compiled scripts resources information, if it has changed?)

URLs for the interested:

[ http://www.free-av.com/ | http://www.antivir.de/ ]