Sign in to follow this  
Followers 0
Andreas Bräu

Startpage-JR virus alert

25 posts in this topic

Hi people,

since this morning i have a strange problem using compiled autoit-scripts with the default icon. Everytime i want to compile the script mcAfee pops up with a virus alert "Startpage-JR". If I use another icon than the default one, there are no problems.

Does anyone know this problem too?

Andi

Share this post


Link to post
Share on other sites



Hey, I have the same problem (see next topic), but I didn't know that it had something to do with the icon... How do you change the icon *before* compiling?

Thanks,

Fran Varona

Share this post


Link to post
Share on other sites

use %program files%\AutoIt3\Aut2Exe\Aut2Exe.exe, there you can give some options to compile your script...

Andi

Share this post


Link to post
Share on other sites

Hi people,

since this morning i have a strange problem using compiled autoit-scripts with the default icon. Everytime i want to compile the script mcAfee pops up with a virus alert "Startpage-JR". If I use another icon than the default one, there are no problems.

Does anyone know this problem too?

Andi

or you just get a better virusscanner.

Share this post


Link to post
Share on other sites

Ok, I have tested it and if you use a custom icon, then McAfee doesn't detect the exe file as a virus. Incredible!!

At least, I have a solution...

Share this post


Link to post
Share on other sites

thank you for your answer...but i have no chance because McAfee was bought by our university, so I have to use it...

Share this post


Link to post
Share on other sites

Use the BETA

Share this post


Link to post
Share on other sites

I always replace the upx.exe file in my installations with a dummy exe which does nothing and I have never touch wood had any virus scanner pick out an AutoIT file as a virus. I'm not bothered about the little bit of extra size in my compiled scripts

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

I always replace the upx.exe file in my installations with a dummy exe which does nothing and I have never touch wood had any virus scanner pick out an AutoIT file as a virus. I'm not bothered about the little bit of extra size in my compiled scripts

I have rarely lost a compiled executable UPXed. The blind blame game just continues without thought. Virus makers use UPX but so does the 95 percent or so of other users so in the short term in saying it is a solution is weak. The option now is that a different packer can be used to make a different signiture for the common bin file used which is the more suitable solution, but on the odd chance,so can the virus makers. Edited by MHz

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

McAfee released a dat yesterday 4865 that started to delete my scripts. Not good at all. Roll back your dats to 4864. I have a call in with McAfee and they are looking into it.

Short term solution.

I will post back the results when McAfee gives me feed back.

Wayne

Edited by wkeeter

Share this post


Link to post
Share on other sites

I have rarely lost a compiled executable UPXed. The blind blame game just continues without thought. Virus makers use UPX but so does the 95 percent or so of other users so in the short term in saying it is a solution is weak. The option now is that a different packer can be used to make a different signiture for the common bin file used which is the more suitable solution, but on the odd chance,so can the virus makers.

Well it seems to me that most of the idiots who try to write viruses with AutoIT are compiling them with the UPX packager, so it is the lame way in which the anti Virus software is detecting them, by not using the UPX packager so far mine have not been detected as a virus.

I can however tell you that someone else in our office had the issue of scripts being deleted and when he remade them without the UPX he had no problem.

So I do not think that I am playing the blind blame game as you put it.

Share this post


Link to post
Share on other sites

So I do not think that I am playing the blind blame game as you put it.

My particular AV being used does not complain, so you tell me the difference.

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

Starting 10/03/2006, I also had the problem with McAfee detecting 'Startpage-JR' and deleting the AutoIT exe's. Recompiles fail. Turned off McAfee and turned on AVG Free Edition and the trojan isn't detected. Following SmOke_N's recommendaton to use the latest beta release, I was able to return to McAfee and execute the compiles without any problem.

Edited by dj9866

Share this post


Link to post
Share on other sites

Just to confirm:

http://vil.nai.com/vil/content/v_140658.htm

I am in contact with McAfee and AVERT now to try and resolve the issue; I'm not sure McAfee Gold support has that type of clout tho'.


Please correct me if I am wrong in any of my posts. I like learning from my mistakes too.

Share this post


Link to post
Share on other sites

Hey i use mecafee and i have the latest beta version and i dont have any problems


"Its not about the 30 inch 1080p display, or the SLI 8800 ultras, or the DDR3 memory. It's about when you turn on your PC, does it return the favor?"Math is like sex. Sure, it may give some practical results, but that is not why we do it

Share this post


Link to post
Share on other sites

Update!!

Ok today at 10:30am Mcafee has sent me an extra.dat file that resolved this issue with dat version 4865.

My scripts are no longer being deleted.

I guess you should contact them for this file.

Wayne

Share this post


Link to post
Share on other sites

#17 ·  Posted (edited)

Update!!

Ok today at 10:30am Mcafee has sent me an extra.dat file that resolved this issue with dat version 4865.

My scripts are no longer being deleted.

I guess you should contact them for this file.

Wayne

Would you be able to tell us anything else about the extra.dat so we can specifically request it when we call them?..

I sent them several compiled scripts they can "pick apart"

the website you can submit .exe's to is www.webimmune.net

Just create an account, and click submit a file. In there under Virus Name enter 'StartPage-JR Trojan-FALSE DETECTION'

The more people submit scripts (with out your domain passwords :lmao: ) the quicker the problem will get resolved in a future dat release.

Edited by ZipleR

Share this post


Link to post
Share on other sites

As I have made a submission to webimmune Analysis ID: 2566204 I have now found that newly released dats today 4866 no longer detect this as a virus.

Share this post


Link to post
Share on other sites

#19 ·  Posted (edited)

As I have made a submission to webimmune Analysis ID: 2566204 I have now found that newly released dats today 4866 no longer detect this as a virus.

Just got off the phone with them. You are Correct. 4866 fixes the problem.

Apparently if there is an extra.dat those all get included in the next .dat release

Edited by ZipleR

Share this post


Link to post
Share on other sites

how do i get the new dats?


"Its not about the 30 inch 1080p display, or the SLI 8800 ultras, or the DDR3 memory. It's about when you turn on your PC, does it return the favor?"Math is like sex. Sure, it may give some practical results, but that is not why we do it

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0