yutt Posted September 18, 2006 Share Posted September 18, 2006 (edited) I know this has happened in the past. Is there anything we can do about it? Any application I make with AutoIT is being detected as "infected by Trojan-Downloader.Win32.Agent.axn" by Kaspersky. It's ridiculous, as even a completely blank compiled script is detected as this trojan. I've contacted Kaspersky, but somehow don't think that will help much. Edited September 18, 2006 by yutt It is a waste of energy to be angry with a man who behaves badly, just as it is to be angry with a car that won't go. - Bertrand Russell Link to comment Share on other sites More sharing options...
jpm Posted September 18, 2006 Share Posted September 18, 2006 I know this has happened in the past. Is there anything we can do about it? Any application I make with AutoIT is being detected as "infected by Trojan-Downloader.Win32.Agent.axn" by Kaspersky.It's ridiculous, as even a completely blank compiled script is detected as this trojan. I've contacted Kaspersky, but somehow don't think that will help much.If you compile with the official release 3.2.0.1 the .exe is signed so Kaspersky should trust. At least that what we design to have less false alarms. Link to comment Share on other sites More sharing options...
yutt Posted September 18, 2006 Author Share Posted September 18, 2006 If you compile with the official release 3.2.0.1 the .exe is signed so Kaspersky should trust. At least that what we design to have less false alarms. I'll try that out right now, thanks. It is a waste of energy to be angry with a man who behaves badly, just as it is to be angry with a car that won't go. - Bertrand Russell Link to comment Share on other sites More sharing options...
yutt Posted September 18, 2006 Author Share Posted September 18, 2006 No luck. Even a completely blank compiled script is being detected as infected with the trojan. You can test yourself here:http://www.kaspersky.com/scanforvirusRather annoying, as I am uploading my application to a public site and many are suspicious to use it after someone detected the trojan. It is a waste of energy to be angry with a man who behaves badly, just as it is to be angry with a car that won't go. - Bertrand Russell Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted September 18, 2006 Moderators Share Posted September 18, 2006 No luck. Even a completely blank compiled script is being detected as infected with the trojan. You can test yourself here:http://www.kaspersky.com/scanforvirusRather annoying, as I am uploading my application to a public site and many are suspicious to use it after someone detected the trojan. Compiled a script with 3.2.1.3 Kaspersky File ScannerYou're clean!Kaspersky Anti-Virus has not detected any viruses at this time in the file you submitted.However, only a fully-functional antivirus solution with regularly updated virus definitions can ensure comprehensive protection against malware. If you do not have an antivirus solution installed, you may wish to consider purchasing one today. * Download a trial version of Kaspersky Anti-Virus * Purchase Kaspersky Anti-Virus in our E-Store * Purchase Kaspersky Anti-Virus from a certified partner Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
jpm Posted September 18, 2006 Share Posted September 18, 2006 Compiled a script with 3.2.1.3What is not so funny is the 3.2.1.3 is not signed. Link to comment Share on other sites More sharing options...
yutt Posted September 18, 2006 Author Share Posted September 18, 2006 Beta worked, thanks very much guys. It is a waste of energy to be angry with a man who behaves badly, just as it is to be angry with a car that won't go. - Bertrand Russell Link to comment Share on other sites More sharing options...
MrChris Posted September 18, 2006 Share Posted September 18, 2006 DOH! Link to comment Share on other sites More sharing options...
Developers Jos Posted September 18, 2006 Developers Share Posted September 18, 2006 What is not so funny is the 3.2.1.3 is not signed. JP, thinking about your remark: what would the signing do for the AV companies ?I thought the signing only makes the check for legitimate binaries possible, but when AV companies make their AV kernel test for a portion of the Binary in stead of the actual script portion, this is the result.I don't think the AutoitSC.bin is signed at all .... SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
jpm Posted September 18, 2006 Share Posted September 18, 2006 JP, thinking about your remark: what would the signing do for the AV companies ?I thought the signing only makes the check for legitimate binaries possible, but when AV companies make their AV kernel test for a portion of the Binary in stead of the actual script portion, this is the result.I don't think the AutoitSC.bin is signed at all ....My answer was derived from what JON tell me. I have to admit that I cannot understand how AutoItSC.bin can be signed and the resulting compiled .exe can be signed.So I hope JON can clarify what he did to have less or none false alarm. Link to comment Share on other sites More sharing options...
Developers Jos Posted September 18, 2006 Developers Share Posted September 18, 2006 My answer was derived from what JON tell me. I have to admit that I cannot understand how AutoItSC.bin can be signed and the resulting compiled .exe can be signed.So I hope JON can clarify what he did to have less or none false alarm. As far as I know he made it easier for the AV companies to detect which portion of the EXE is the Runtime module and which portion the "script" to enable them to recognise malicious scripts .... SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Administrators Jon Posted September 24, 2006 Administrators Share Posted September 24, 2006 As far as I know he made it easier for the AV companies to detect which portion of the EXE is the Runtime module and which portion the "script" to enable them to recognise malicious scripts ....Yeah, the script portion of the .exe is wrapped by unique tags which in theory make it easy to find the script portion and write AV signatures for that...not that we've noticed.The two other things were not compressing autoit3.exe (to make it more different from UPX compiled scripts) and adding a legitimate digital signature. The signature is more for XP SP2 and Vista where you get nasty "omg are you sure you want to run this unsigned installer??" messages and also it gives a better description in things like Windows Defender - not really anything to do with AV.AutoItSC.bin is indeed NOT signed by us as compiled scripts would then be signed which would be crazy. Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/ Link to comment Share on other sites More sharing options...
Valuater Posted September 24, 2006 Share Posted September 24, 2006 I for one would LOVE to have this AV problem cleared-up once and for all I have taken-on AVG, and reporting to them immediately any False positives.. But there are two many AV programs that could HURT US - BEFORE they update their respective data files All previous programs are either deleted or place in a "vault" and most users wont touch that area.... its killing Autoit in reality thanks for the efforts guys! 8) Link to comment Share on other sites More sharing options...
The Kandie Man Posted September 24, 2006 Share Posted September 24, 2006 You guys should compile a slightly different release of autoit for people who are serious about autoit and have proven themselves worthy of using such a program. This version would not be open to the public and only certain members of the forum would be able to access it once they have proven themselves to be trustworthy individuals. The compiled version would be a slightly different release and the antivirus scanners shouldn't detect them as viruses. This would work so long as the trustworthy individuals didn't write viruses themselves, which IMO, would be highly unlikely. At this point, any person with an internet connection has the ability to write a malicious script with autoit. This is similar to the problem you guys faced with having autoit completely open source; people were stealing it and using it in their own programs without giving you credit. This seems to be a similar problem because people are stealing you script engine to do their malicious bidding. I don't know, just thought i would throw this out in the open. The Kandie Man "So man has sown the wind and reaped the world. Perhaps in the next few hours there will no remembrance of the past and no hope for the future that might have been." & _"All the works of man will be consumed in the great fire after which he was created." & _"And if there is a future for man, insensitive as he is, proud and defiant in his pursuit of power, let him resolve to live it lovingly, for he knows well how to do so." & _"Then he may say once more, 'Truly the light is sweet, and what a pleasant thing it is for the eyes to see the sun.'" - The Day the Earth Caught Fire Link to comment Share on other sites More sharing options...
xcal Posted September 24, 2006 Share Posted September 24, 2006 Making an elitist branch of Autoit doesn't sound that good on paper. How To Ask Questions The Smart Way Link to comment Share on other sites More sharing options...
Confuzzled Posted September 24, 2006 Share Posted September 24, 2006 AutoIT Pro, AutoIT Lite, and AutoIT VE (virus edition)? Link to comment Share on other sites More sharing options...
The Kandie Man Posted September 24, 2006 Share Posted September 24, 2006 I don't know, just thought i would throw this out in the open. "So man has sown the wind and reaped the world. Perhaps in the next few hours there will no remembrance of the past and no hope for the future that might have been." & _"All the works of man will be consumed in the great fire after which he was created." & _"And if there is a future for man, insensitive as he is, proud and defiant in his pursuit of power, let him resolve to live it lovingly, for he knows well how to do so." & _"Then he may say once more, 'Truly the light is sweet, and what a pleasant thing it is for the eyes to see the sun.'" - The Day the Earth Caught Fire Link to comment Share on other sites More sharing options...
Zedna Posted September 24, 2006 Share Posted September 24, 2006 I disabled AVG resident shield until they release new correct definition files.You may also add exception directories to resident shield options instead of disabling it.Look at other threads about that:http://www.autoitscript.com/forum/index.ph...st&p=210483http://www.autoitscript.com/forum/index.ph...st&p=217339 Resources UDF ResourcesEx UDF AutoIt Forum Search Link to comment Share on other sites More sharing options...
Zedna Posted September 24, 2006 Share Posted September 24, 2006 You guys should compile a slightly different release of autoit for people who are serious about autoit and have proven themselves worthy of using such a program. This version would not be open to the public and only certain members of the forum would be able to access it once they have proven themselves to be trustworthy individuals. The compiled version would be a slightly different release and the antivirus scanners shouldn't detect them as viruses. This would work so long as the trustworthy individuals didn't write viruses themselves, which IMO, would be highly unlikely. At this point, any person with an internet connection has the ability to write a malicious script with autoit. This is similar to the problem you guys faced with having autoit completely open source; people were stealing it and using it in their own programs without giving you credit. This seems to be a similar problem because people are stealing you script engine to do their malicious bidding.I don't know, just thought i would throw this out in the open.The Kandie ManKandie Man are you kidding?Absolutely nonsense! Resources UDF ResourcesEx UDF AutoIt Forum Search Link to comment Share on other sites More sharing options...
AzKay Posted September 24, 2006 Share Posted September 24, 2006 Kandie Man are you kidding?Absolutely nonsense! # MY LOVE FOR YOU... IS LIKE A TRUCK- # Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now