Avast did it again!

[Buckw1]

Todays Avast signature files causes a false positive when running .au3 files from the SciTe editor. Once detected autoit is locked out.

Adding the Autoit folder to the exclusions list will solve the issue till Avast fixes their mistake.

4/1/2007 7:23:24 PM SYSTEM 1732 Sign of "Win32:Sohanad-I [Wrm]" has been found in "C:\Program Files\AutoIt3\SciTE\AutoIt3Wrapper\AutoIt3Wrapper.exe" file.

4/1/2007 7:28:29 PM SYSTEM 1732 Sign of "Win32:Sohanad-I [Wrm]" has been found in "C:\Program Files\AutoIt3\SciTE\AutoIt3Wrapper\AutoIt3Wrapper.exe" file.

4/1/2007 10:02:51 PM Don 1732 Sign of "Win32:Sohanad-I [Wrm]" has been found in "C:\Program Files\AutoIt3\SciTE\AutoIt3Wrapper\AutoIt3Wrapper.exe" file.

[sleek]

I have exactly the same problem here with identical warnings

right after avast! updated itself. Reading the forums here, it

appeared to be a problem with the UPX packer.

I found that if you open this file, C:\AutoIt3\Aut2Exe\Aut2Exe.exe

and click on "Compression" at the top and uncheck the option

which says "UPX Compress .exe stub", the scripts you compile

will no longer trigger the virus warning.

Before doing this, half my compiled scripts were setting off

avast!. I deleted my scripts folder, recompiled and found that

avast! no longer had a problem with any of them.

Turning off UPX made the files somewhat larger but its

a small price to pay to solve this problem.

[Maxtreeme]

Well one solution is what sleek mentioned, to turn off the compression, but then the executables won't be compressed....

[GEOSoft]

Well one solution is what sleek mentioned, to turn off the compression, but then the executables won't be compressed....

On a small script the difference is hardly notiable anyway. Besides actually gain a very minute bit of speed it the exe is not compressed. You could also compile and then run the exe through a different exe packer, it doesn't have to be UPX

[jvanegmond]

I have the latest Avast!, AutoIt Release and Beta.. No virus warnings.

[Paulie]

I'm getting the false positive too.

Before i saw the thread, I moved them all to chest

Stupid Win32.Sohanad.I Virus.

[jvanegmond]

lol, if the original author of the virus is reading this.. You're dumb.

I read what it does, and it isn't any good by far.. http://www.pspl.com/virus_info/worms/sohanadi.htm

[The Kandie Man]

Hmm, it appears the links that the worm sends out are all to a website registered by a Michael Seligman.

http://whois.domaintools.com/thecoolpics.com

[NELyon]

CURSE YOU MICHAEL SELIGMAN!

I haven't had any problems with False Positives.

[PartyPooper]

And they've done it again today . The latest update reports a false positive of the AutoIt3Wrapper.exe. Shot off an email to them so hopefully a fix will be coming out soonish.

[Michel Claveau]

+1

also, send e-mail.

[Draygoes]

I noticed that the worm spreads through messenger, blocks taskmanager, and uses svhost to do its derty work but what I cant figure out is exactly why some one would go through so much trouble to create a virus that edits reg, forces copys of itself, and can con users into downloading more of itself, but all the dammage they make it do is to block taskmanager and change your startup page. Really, I would call it a minor anoyance at the very most. I would think it would be easy to get rid of.

Where do virus creators get off anyways? Whats the point? I think its no more than childness's and I can compair it to some gangs that ive heard of that spend all there time throwing rocks through windows.

These people need to grow up and get a life and stop codeing virus's because all its going to do is land them in prisen.

[WolfWorld]

Also Same Problems

[jvanegmond]

Suddenly, my Avast! is giving me the same issues..

That's it! I'm switching.

[James]

Issues too. Darn

[Zedna]

Hey just disable resident shield for time till they fix it.

[James]

I was just going to suggest that. While testing scripts, disable the standard tests.

[FuryCell]

I was affected this morning. I tried to run a script and Avast detected AutoIt3Wrapper as Malware.

[JustinReno]

lol, i just was thinking, Its weird, I have avast! and nothing is happening..Then I looked down at my taskbar, there was a big x right over the avast! icon..i forgot to turn it back on! So, i did, then just to see what would happen, I scanned my AutoitV3 Program files folder.

Things it Found:

1.C:\Program Files\AutoIt3\SciTE\AutoIt3Wrapper\AutoIt3Wrapper.exe

2.C:\Program Files\AutoIt3\SciTE\AutoIt3Wrapper\AutoIt3Wrapper_GUI.exe

3.C:\Program Files\AutoIt3\SciTE\Defs\UpdateDefs.exe

4.C:\Program Files\AutoIt3\SciTE\SciteConfig.exe

I never knew i had over 4000 files in my Autoit Program Files dir

And I looked Autoit up on Avast! Forums, and they had 29 topics about it!

Edited September 2, 2007 by JustinReno

[Josbe]

I have Avast! in some machines with AutoIt and not problems.

The danger that I think is: A virus infecting these files and we think that it's a false positive (A possibility nothing else).

Maybe sounds like a paranoia, but I would check/reinstall these files. Or compare the size with this file. Just an idea.