Sign in to follow this  
Followers 0
SpookMeister

Has AVG updated it's patterns yet?

9 posts in this topic

#1 ·  Posted (edited)

A few days ago an AVG update started detecting some compiled exe's I hade give to friends as trojans. Does anyone know if this false positive issue has been corrected by a newer pattern/engine from them yet?

Edited by SpookMeister

[u]Helpful tips:[/u]If you want better answers to your questions, take the time to reproduce your issue in a small "stand alone" example script whenever possible. Also, make sure you tell us 1) what you tried, 2) what you expected to happen, and 3) what happened instead.[u]Useful links:[/u]BrettF's update to LxP's "How to AutoIt" pdfValuater's Autoit 1-2-3 Download page for the latest versions of Autoit and SciTE[quote]<glyph> For example - if you came in here asking "how do I use a jackhammer" we might ask "why do you need to use a jackhammer"<glyph> If the answer to the latter question is "to knock my grandmother's head off to let out the evil spirits that gave her cancer", then maybe the problem is actually unrelated to jackhammers[/quote]

Share this post


Link to post
Share on other sites



Hi,

what about sending your friend the apps again and let him test? :whistle:

So long,

Mega

PS: Normally the AV are very fast ...


Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

On this issue, I'm rather nervous lately as I'm going to distribute a commercial application made with Autoit in the coming weeks and Monday is the test day with the bosses...

uhhh!.... I'm aware of the AVG false positive issue, but I haven't even installed it to check if it reports a trojan or virus of any sort.

If anyone is aware on how the subject stands at the moment (August 2006) I'd really appreciate it if you could let me know about it.

I'm not concerned with whether my pc is infected or not as I trust implicitly the AutoIt team, but I'm concerned about how the exe will perform on the test and how it will do with end users...

Valuater provided a worrying news, and I'm frankly shitting my pants, forgive the lingo. I'm also on the verge of sending Grissoft a frigging note to let them know that Autoit is like any other language, just that, and by itself it does not constitute a virus. I'm sure they're not going to write off all applications made with a given language, say C++ because they can't tell a normal exe from a virus.

Before I do send them the note (again, I did so over a year ago, or so), I'd be really happy if someone could throw me an information lifeline...

Forgot to say thanks in advance!

IVAN

Edited by ivan

Share this post


Link to post
Share on other sites

You're going to distribute an application without testing it in a simulated situation that is as close as possible to the live environment you are deploying it on? :whistle:

I strongly suggest you download and install the latest AVG and try your application with it hovering in the background and see what happens. If it has problems, promptly send the problem code to AVG so they can update their signature if it is a false positive - don't whine here as the AutoIT people can't do anything about false positives in third party products.

Make sure that if AVG fix a problem that your customers have the latest signature pattern, otherwise you will certainly look very unprofessional as their anti-virus comes up with alerts.

Share this post


Link to post
Share on other sites

Even though I run my own testing lab, I don't even allow untested application 'I' have written into its open environment. At least make notes in an included 'readme' file about known problems with AVG, and possible solution to the issue.

As of last night (08/07/06), AVG 7.1.405 did list AutoIT and AutoITX as possible spy-ware. I have not tested it against any AutoIT script yet.

Share this post


Link to post
Share on other sites

Unfortunately, due to the ease-of-use of autoit and its availability, its a great utility for a$$holes to write viruses with.

One way to get around the problem is to compile the script with options and change the various compression settings. Certain compression settings allow antivirus programs to read the exe correctly and not give it false positives. Try messing around with that and see what you can do.

If there is a massive problem, autoit is also partially open source, recompiling a modified version of the source code would prevent your autoit exe from being detected as a virus with the main-stream autoit executables.

Hope that helps


"So man has sown the wind and reaped the world. Perhaps in the next few hours there will no remembrance of the past and no hope for the future that might have been." & _"All the works of man will be consumed in the great fire after which he was created." & _"And if there is a future for man, insensitive as he is, proud and defiant in his pursuit of power, let him resolve to live it lovingly, for he knows well how to do so." & _"Then he may say once more, 'Truly the light is sweet, and what a pleasant thing it is for the eyes to see the sun.'" - The Day the Earth Caught Fire

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

From: technicalsupport@grisoft.com

Show/Hide all the To recipientsTo: valuater

Subject: Re: G#0601502313 - Fwd: ... Any news yet?

Date: Sun, 6 Aug 2006 1:00 PM

Dear Sir/Madam,

Thank you for your email.

I have tested the file you have sent with the latest virus database and the file

is not detected as a virus anymore. Please update your AVG virus database to the

latest one.

- open AVG Control Center

- right-click on the Update Manager component

- select Update from the context menu

- select update from the Internet

Thank you for cooperation.

Best regards,

David Rohlik

AVG Technical Support

website: http://www.grisoft.com

mailto: technicalsupport@grisoft.com

On Sun, 06 Aug 2006 15:39:12 -0400 you wrote:

>

> -----Original Message-----

> From: valuater@aol.com

> To: virus@grisoft.com

> Cc: Valuater@aol.com

> Sent: Fri, 21 Jul 2006 2:22 PM

>

******* Notice the "anymore" word???

8)

Edited by Valuater

NEWHeader1.png

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

AVG latest update ( today/yesturday )

You guys need to check for false positives with Autoit in your database....PLEASE!!!! see attached... password = "Valuater" YOU ARE HURTING US!!!!! Service load: 0% 100% File: AutoitSC.bin Status: INFECTED/MALWARE MD5 b5cf0582f8a01dcdc1fd81eb1fe9e158 Packers detected: - Scanner results AntiVir Found nothingArcaVir Found nothingAvast Found nothingAVG Antivirus Found Generic2.RW BitDefender Found nothingClamAV Found nothingDr.Web Found nothingF-Prot Antivirus Found nothingFortinet Found nothingKaspersky Anti-Virus Found nothingNOD32 Found nothingNorman Virus Control Found nothingUNA Found nothingVirusBuster Found nothingVBA32 Found nothing

Sincerely,

Valuater

I am going to stay on them like....

White on Rice!!

8)

Edited by Valuater

NEWHeader1.png

Share this post


Link to post
Share on other sites

latest reply.....

Dear Valuater,

According to the problem with false detection on your applications we would like

to ask you for cooperation. To avoid the false alarm detection the future you

can send us the latest version of the compiled application before releasing - it

will allow us test the file and update the virus definitions.

Please send us these files in the password protected ZIP or RAR archive

virus@grisoft.com and write the archive password into mail.

If there are more files, kindly pack them all to one archive.

Another solution is to provide us any efficient algorithm able to detect if the

file has been compiled by the Autoit, this will avoid the further false

detections.

The file you send us will be removed from the AVG virus definistions.

Thank you for your understanding and cooperation.

Best regards,

Ondrej Novotny

AVG Technical Support

website: http://www.grisoft.com

mailto: technicalsupport@grisoft.com

>

>You guys need to check for false positives with Autoit in your

>database....PLEASE!!!!

>

>see attached... password = "Valuater"

>

>YOU ARE HURTING US!!!!!

>

> Service load: 0% 100% File: AutoitSC.bin Status:

>INFECTED/MALWARE

>MD5 b5cf0582f8a01dcdc1fd81eb1fe9e158 Packers detected:

>-

>Scanner results

>AntiVir

>Found nothing

>ArcaVir

>Found nothing

>Avast

>Found nothing

>AVG Antivirus

>Found Generic2.RW

>BitDefender

>Found nothing

>ClamAV

>Found nothing

>Dr.Web

>Found nothing

>F-Prot Antivirus

>Found nothing

>Fortinet

>Found nothing

>Kaspersky Anti-Virus

>Found nothing

>NOD32

>Found nothing

>Norman Virus Control

>Found nothing

>UNA

>Found nothing

>VirusBuster

>Found nothing

>VBA32

>Found nothing

>

>

>

>Sincerely,

>Valuater

>

>

8)


NEWHeader1.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0