NinerSevenTango Posted July 20, 2006 Share Posted July 20, 2006 AVG Antivirus free edition reports finding Trojan Horse Generic.XVJ in AutoItSC.bin. This file is located on my machine at C:\Program Files\AutoIt3\beta\Aut2Exe, which I installed on 4/6/06. The file attributes show the file at 387KB, installed 4/6/06. Is this a false positive, or did one slip by? The machine gets scanned regularly, so either something infected the file, or a new definition was added recently by AVG that causes the file to be flagged. I hope this is not old news, I scanned the forum lightly for any indication of this, and finding none, I registered on the forum here to make this post. Please forgive me if this has been resolved a long time ago and I'm coming across as a clueless newbie. My machine only gets used by me (no teenagers in the house), and it is quite rare for anything to show up on a scan. It's protected by a router, Kerio, AVG, Spybot resident, and a few other measures. --97T-- Link to comment Share on other sites More sharing options...
MHz Posted July 20, 2006 Share Posted July 20, 2006 It could be possible for a virus to infect a file, so I would uninstall AutoIt3, then reinstall it. If AVG still finds a virus inside AutoItSC.bin, then you would have a False Positive. Upon a False Positive, report it to AVG. They also do have a forum to discuss problems. Link to comment Share on other sites More sharing options...
Valuater Posted July 20, 2006 Share Posted July 20, 2006 I just checked the entire AVG Forum for a "bin" problem/question there were only questions releated to the AVG bin files ????... are ".bin" files scanned...???? 8) Link to comment Share on other sites More sharing options...
MHz Posted July 20, 2006 Share Posted July 20, 2006 ????... are ".bin" files scanned...????Absolutely. Link to comment Share on other sites More sharing options...
ivan Posted July 20, 2006 Share Posted July 20, 2006 (edited) @NinerSevenTango does the scan report any of your compiled files? If i'm right, that's what trojans do. IVAN Edited July 20, 2006 by ivan Think out of the boxGrabber: Yet another WinInfo tool_CSVLib (still alpha)Dynamic html in au3 Link to comment Share on other sites More sharing options...
Zedna Posted July 20, 2006 Share Posted July 20, 2006 (edited) Virs database from 19.7. (or 20.7.?) really identifies AutoIt EXE's as viruses.I disabled resident shield until they release new correct definition files.You may also add exception directories to resident shield options instead of disabling it.EDIT: AVG has false positive viruses in AutoIt EXE§s already, search "AVG" in this forum and you will see ... Edited July 20, 2006 by Zedna Resources UDF  ResourcesEx UDF  AutoIt Forum Search Link to comment Share on other sites More sharing options...
NinerSevenTango Posted July 21, 2006 Author Share Posted July 21, 2006 Thanks all, that's about what I expected to find. I'll drop a note to AVG. --97T-- Link to comment Share on other sites More sharing options...
Valuater Posted July 21, 2006 Share Posted July 21, 2006 Thanks all, that's about what I expected to find.I'll drop a note to AVG.--97T--I am a little tired of these false - positives and took action with AVGhttp://forum.grisoft.cz/freeforum/read.php...3,backpage=,sv=I will try to keep-up with any future problems by reporting them immediately with AVGCould someone else take the responsibility to reply to false positives with thier respective Anti-VirusThanksValuater8) Link to comment Share on other sites More sharing options...
1of10 Posted July 22, 2006 Share Posted July 22, 2006 AVG isn't the only anti-virus package that's picking up AutoIt v3 compiled scripts as infected. I use AntiVir, and it's recently -- over the past couple of months -- started picking up more and more AutoIt v3 compiled scripts as all sorts of infectious malware on my system.The big "WTF!?" on the subject was when the on-access scanner picked up a compiled script I had completed no more than a week previous...From the sound of things, I should use the built-in feature to package the quarantined files and send them off to Avira -- the company -- for analysis, so they can correct their databases. (FYI, I watch all aspects of my system like a hawk. It's a rare treat when a REAL piece of malware gets past my scrutiny! Is it still hiddensoft.com for the compiled.html information that references anti-virus software authors? Or is that now via autoitscript.com? (Has the compiler front-end/wrapper been updated to add the correct URL to the compiled scripts resources information, if it has changed?)URLs for the interested:[ http://www.free-av.com/ | http://www.antivir.de/ ] [right][img]style_emoticons/autoit/robot.gif[/img]One of TenSecondary Adjunct of Unimatrix Z03[/right] Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now