JSThePatriot

Are my AutoIt EXEs really infected?

168 posts in this topic

#61 ·  Posted (edited)

It seems that some AV Company's have this problem again - here is a link for a test using the one line 'MsgBox(0, "Tutorial", "Hello World!")' that I created and uploaded a few days ago after I found that one of my real programs was stopped from running by someone's AV product:

https://www.virustotal.com/en/file/f8592a4cfc2c4bc6e20bc73e72c9dff7b2d459a6141454a7881604e576701c0e/analysis/1422175811/

That is a mere 4 flags which is nothing to be honest.

Also to applications that flag a product based on its makeup rather than its actions it doesn't matter what the content of your script is.

Edited by Mobius

Share this post


Link to post
Share on other sites



Today I found that the Microsoft Security Essentials flagged one of my programs and the SCiTE AutoIt Wrapper when I compiled another one.

This is new and it gave a dialogue box asking me to upload both to Microsoft.

Ugh! Well, it's probably a one time thing, but is there something that can be done to help Microsoft not flag the official components of AutoIt at the very least?

Share this post


Link to post
Share on other sites

Upload the files to Microsoft and tell them it's a false positive.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

coffeeturtle,

You mean something like the "This is a third-party compiled AutoIt script" string that is in every compiled executable? :huh:

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

 but is there something that can be done to help Microsoft not flag the official components of AutoIt at the very least?

The AutoIt3Wrapper.exe is simply an AutoIt3 script maintained by me as is the whole SciTE4AutoIt3 installer and all its tools and that doesn't make it an official AutoIt3 component. ;)


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

I will never comprehend why people see this sticky thread, with the same question asked over and over, and the same answers given over and over, and then post the same question again - thinking somehow if they ask it the answer will change...


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

The reason is in >this other thread, that or pretty close.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

infected.png


Regards,
 

Share this post


Link to post
Share on other sites

Was there a question or a point to that post?


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Was there a question or a point to that post?

 

Not a question.
Simply is the real.

 


Regards,
 

Share this post


Link to post
Share on other sites

 

Not a question.
Simply is the real.

 

 

and again... What is the point of stating this here?

Do you seriously think this contributes to anything?

( :think: Wondering if you will understand the subtle message in these 2 questions...)

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

and again... What is the point of stating this here?

Do you seriously think this contributes to anything?

( :think: Wondering if you will understand the subtle message in these 2 questions...)

Jos

1, My English is not good.

2, I'm stupid. :alien:

3, I'm sorry, that "truth" is not "if" I have not contributed anything.

4, Please do "not need" or "necessary" to care about each of my words.

5, I will try to improve ourselves and not spam the forum again.

6, If you feel bothered please just do everything that you want. Everywhere there are rules.

With Best Regards,, thank you has contributed to the development of the AutoIt.

I'm sorry : 


Regards,
 

Share this post


Link to post
Share on other sites

#73 ·  Posted (edited)

Hey.
Do not despair, I also had a rough start, and I'm still not lightly write in a foreign , little known, language (yes I mean ENGLISH).
 
edit:
Cheer up, it will be better.
 
mLipok
Edited by mLipok
1 person likes this

Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 - BETA * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Best coding practices * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2017-06-04

Share this post


Link to post
Share on other sites

Don't Avast do a language pack for your native tongue Trong?

Share this post


Link to post
Share on other sites

#75 ·  Posted (edited)

1, My English is not good.

2, I'm stupid. :alien:

3, I'm sorry, that "truth" is not "if" I have not contributed anything.

4, Please do "not need" or "necessary" to care about each of my words.

5, I will try to improve ourselves and not spam the forum again.

6, If you feel bothered please just do everything that you want. Everywhere there are rules.

With Best Regards,, thank you has contributed to the development of the AutoIt.

I'm sorry : 

I understand that you struggle with English, but that was not my message to you!

There is no need to apologise for your English and practice will make it better, but that will take effort.

There was also no intent from me to call you stupid or anything... It is just that it should be clear after going through this thread (even with Google Translate), that we don't need people posting here that they found another mistake by a AV company.

Jos

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

I understand that you struggle with English, but that was not my message to you!

There is no need to apologise for your English and practice will make it better, but that will take effort.

There was also no intent from me to call you stupid or anything... It is just that it should be clear after going through this thread (even with Google Translate), that we don't need people posting here that they found another mistake by a AV company.

Jos

I can understand without Google Translate.

 

Don't Avast do a language pack for your native tongue Trong?

image.png

AV with my native language.


Regards,
 

Share this post


Link to post
Share on other sites

At least they can do some things right then eh ;)

Thankyou for taking the steps necessary for ensuring your image was localized.

1 person likes this

Share this post


Link to post
Share on other sites

topten,

Can we at least whitelist the Autoit3.exe?

No, and for the same reason that Jon no longer digitally signs it - it can be used to run scripts over which would be classed as malware. :)

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

1. Can we at least whitelist the Autoit3.exe?

https://www.virustotal.com/ru/file/8465f3fcbccce3ea12495edbb0bd09c3b066e3df891613ce3180f9bb38b37b01/analysis/

 

2. Why the AV doesnt react on Process Hacker - which can kill the av, but gives trojans for a simple application MsgBox.exe?

That only triggered on one AV vendor, one that probably no one has ever heard of. Wouldn't trust them anyways, they're English is terrible and they look extremely unprofessional.

No idea what you're trying to say in #2.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now