AVG Detected virus in exes

[Steve2000]

This morning all my compiled scripts and the compiler were deleted by AVG claiming to have detected the virus I-Worm/Generic AQC !!!HELP!!!

I don't know what to do about this. Do my scripts realy have this virus or is this a false trigger? I've sent lots of my scripts to other people who are going to have the same problem so I need to sort this out fast. Any help will be welcome.

Steve

[Hello Me You]

I'm sure, this is a false trigger. Did you update your virus definitions ?

[Steve2000]

My AVG is set to update automaticaly so there is a good chance that the defs were updated this morning.

What can I do about it though? I can't turn off the virus checker and what do I tell the people that have my scripts?

I'm sure, this is a false trigger. Did you update your virus definitions ?

Steve

[Bert]

Once again the the antivirus folks slam us. You would think they would get this right by now.

[Steve2000]

I'm very worried about this. I've posted a message in the AVG Free forum but I don't know what else I can do. Does anyone have any advice please?

I'm sure that this is going to affect anyone using AVG.

Steve

[setirich]

Arrrrgggghhh....All my customers will get hit when they boot up today...I'm going to be very busy this week.

And AVG is usually so good about not messing stuff up...I guess they have thier moments just like all virus vendors...

Rich

[BigDod]

I'm very worried about this. I've posted a message in the AVG Free forum but I don't know what else I can do. Does anyone have any advice please?

I'm sure that this is going to affect anyone using AVG.

Steve

Instead of just posting on their forum contact them and send them a copy of your script/exe to show them it is a false positive.

[Steve2000]

Instead of just posting on their forum contact them and send them a copy of your script/exe to show them it is a false positive.

I'm not sure I can do this as I'm using the Free version. I don't feel like buying a copy just to tell them that it's no good :-(

Does anyone have a paid licence to AVG?

Steve

[setirich]

BigDod,

It's wiping out all compiled scripts...not touching source. That's a bit more difficult to explain, but yes, we should send in our source & exe compiled from the source with an explanation...a plea...to cease & desist.

Unfortunately, by the time they get around to dealing with it, even if it's in tomorrows update (unlikely), it'll be too late, except for the occaisional user that does not use their machine today, or until they put up their fix.

Even my auto-updaters are going to be dead, as they are on all my test machines...I need to create a push engine for emergencies like this...but it'll be a week or three before I can get out from under this mess...Hmmm...I can't send out anything until they issue the fix...it'll just get wacked again...

I guess as soon as I get the short term solution ready & tested, I might as well create something longer term. ... First I'd better create a little spam warning everyone of this weirdness....and let them know I'm on top of it....

Rich

[Steve2000]

It's wiped out my Aut2exe app too. I can't even recreate my exe's :-(

AutoIT is such a brilliant tool. I had plans to do all sorts of things with it and some products have already gone out with a compiled script in them. Luckily its only about 8 copies but that's bad enough. I had not even considered that something like this could happen.

Please everyone send in your scripts and exes to Grisoft as soon as you can.

Steve

[AceLoc]

Well.. This aint a thing where AutoIT can do something about.

If you really want this to stop.. uninstall AVG and download a "true" or "no" scanner.

[chinoppio]

This morning all my compiled scripts and the compiler were deleted by AVG claiming to have detected the virus I-Worm/Generic AQC !!!HELP!!!

Hi, I have same problem here.

My AVG(Free) detected below .exe as "I-Worm/Generic" too.

\AutoItV3\Aut2Exe\AutoItSC.bin

\AutoItV3\SciTE4AutoIt3\SciteConfig.exe

\AutoItV3\SciTE4AutoIt3\AutoIt3Wrapper\AutoIt3Wrapper.exe

\AutoItV3\SciTE4AutoIt3\defs\UpdateDefs.exe

Fortunately, those are still exist in AVGs "Virus Vault", and You can Restore from there.

(AVG Control Center > Program > Launch Virus Vault)

I hope this is not really Virus problem.

[BigDod]

Well.. This aint a thing where AutoIT can do something about.

If you really want this to stop.. uninstall AVG and download a "true" or "no" scanner.

There is nothing wrong with AVG. If you read other topics on this subject you will see that the same problem sometimes happens with Norton and McAfee.

[this-is-me]

There is nothing wrong with AVG. If you read other topics on this subject you will see that the same problem sometimes happens with Norton and McAfee.

...Except for the fact that it has happened much more often in AVG than Norton...

[Steve2000]

Hi, I have same problem here.

My AVG(Free) detected below .exe as "I-Worm/Generic" too.

\AutoItV3\Aut2Exe\AutoItSC.bin

\AutoItV3\SciTE4AutoIt3\SciteConfig.exe

\AutoItV3\SciTE4AutoIt3\AutoIt3Wrapper\AutoIt3Wrapper.exe

\AutoItV3\SciTE4AutoIt3\defs\UpdateDefs.exe

Fortunately, those are still exist in AVGs "Virus Vault", and You can Restore from there.

(AVG Control Center > Program > Launch Virus Vault)

I hope this is not really Virus problem.

When I restore the files AVG still denies me access to them :-(

Steve

[Steve2000]

I can't get Grisofts online support form to work http://www.grisoft.com/doc/119/lng/ww/tpl/tpl01 It gives me an error

"Sorry for the inconvenience. Unspecified technical error has occurred (server could be busy, etc.) Please try to submit your question again later. Thank you!"

Anyone had any luck reporting this?

Steve

[BigDod]

I have done some tests and it appears that it is only found as a virus when trying to compile via SciTe. If I just bring up the compiler and browse for a script to compile it appears to work fine.

[Dule Barbul]

This morning all my compiled scripts and the compiler were deleted by AVG claiming to have detected the virus I-Worm/Generic AQC !!!HELP!!!

I don't know what to do about this. Do my scripts realy have this virus or is this a false trigger? I've sent lots of my scripts to other people who are going to have the same problem so I need to sort this out fast. Any help will be welcome.

Steve

GRISOFT just fixed the problem with AVG FREE Antivirus false alert with new virus base update 268.13.4/478 released today (17.10.2006 10:45:00)!

[Steve2000]

GRISOFT just fixed the problem with AVG FREE Antivirus false alert with new virus base update 268.13.4/478 released today (17.10.2006 10:45:00)!

That's great to hear. Apart from downloading it, how did you know that the problem was fixed?

Steve

[BitRot]

The problem here is that AVG scanners scan for signatures and currently detect them in the generic portion of a compiled AI-script, being its execution-engine. They probably do not even look at the byte-code that makes up, in a compiled form, your scripts.

So, in short : All compiled scripts are detected as being viri, as they have one thing in common with the virus (that was probably made by a script-kiddie using AI), being the engine.

The AVG-company can probably do a more thorough identity-check, but that could mean that whomever write the virus can, and probably will, change just a few characters/lines in his script, and thereby make the more thorough identity-check fail.

Its a catch-22 situation for the AVG-writes ...