R.Sanderson Posted April 23, 2007 Share Posted April 23, 2007 (edited) Ad-Aware now detects active Auto-It scripts as WIN32.Trojandropper or something similar to this. I am not 100% sure that it is 100% of Auto-It scripts, but I tested it on a few scripts.Does anyone know a way to protect a file from Ad-Aware, or some way to convince Ad-Aware that Auto-It is ok, without actually going in and excluding the folder the script is in?Here is one that it didn't like (thanks, ChrisL, by the way):expandcollapse popup$wbemFlagReturnImmediately = 0x10 $wbemFlagForwardOnly = 0x20 $colItems = "" $strComputer = "localhost" $Output="" $Output = $Output & "Computer: " & $strComputer & @CRLF $Output = $Output & "==========================================" & @CRLF $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration ", "WQL", _ $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) then For $objItem In $colItems $Output = $Output & "ArpAlwaysSourceRoute: " & $objItem.ArpAlwaysSourceRoute & @CRLF $Output = $Output & "ArpUseEtherSNAP: " & $objItem.ArpUseEtherSNAP & @CRLF $Output = $Output & "Caption: " & $objItem.Caption & @CRLF $Output = $Output & "DatabasePath: " & $objItem.DatabasePath & @CRLF $Output = $Output & "DeadGWDetectEnabled: " & $objItem.DeadGWDetectEnabled & @CRLF $strDefaultIPGateway = $objItem.DefaultIPGateway(0) $Output = $Output & "DefaultIPGateway: " & $strDefaultIPGateway & @CRLF $Output = $Output & "DefaultTOS: " & $objItem.DefaultTOS & @CRLF $Output = $Output & "DefaultTTL: " & $objItem.DefaultTTL & @CRLF $Output = $Output & "Description: " & $objItem.Description & @CRLF $Output = $Output & "DHCPEnabled: " & $objItem.DHCPEnabled & @CRLF $Output = $Output & "DHCPLeaseExpires: " & WMIDateStringToDate($objItem.DHCPLeaseExpires) & @CRLF $Output = $Output & "DHCPLeaseObtained: " & WMIDateStringToDate($objItem.DHCPLeaseObtained) & @CRLF $Output = $Output & "DHCPServer: " & $objItem.DHCPServer & @CRLF $Output = $Output & "DNSDomain: " & $objItem.DNSDomain & @CRLF $strDNSDomainSuffixSearchOrder = $objItem.DNSDomainSuffixSearchOrder(0) $Output = $Output & "DNSDomainSuffixSearchOrder: " & $strDNSDomainSuffixSearchOrder & @CRLF $Output = $Output & "DNSEnabledForWINSResolution: " & $objItem.DNSEnabledForWINSResolution & @CRLF $Output = $Output & "DNSHostName: " & $objItem.DNSHostName & @CRLF $strDNSServerSearchOrder = $objItem.DNSServerSearchOrder(0) $Output = $Output & "DNSServerSearchOrder: " & $strDNSServerSearchOrder & @CRLF $Output = $Output & "DomainDNSRegistrationEnabled: " & $objItem.DomainDNSRegistrationEnabled & @CRLF $Output = $Output & "ForwardBufferMemory: " & $objItem.ForwardBufferMemory & @CRLF $Output = $Output & "FullDNSRegistrationEnabled: " & $objItem.FullDNSRegistrationEnabled & @CRLF $strGatewayCostMetric = $objItem.GatewayCostMetric(0) $Output = $Output & "GatewayCostMetric: " & $strGatewayCostMetric & @CRLF $Output = $Output & "IGMPLevel: " & $objItem.IGMPLevel & @CRLF $Output = $Output & "Index: " & $objItem.Index & @CRLF $strIPAddress = $objItem.IPAddress(0) $Output = $Output & "IPAddress: " & $strIPAddress & @CRLF $Output = $Output & "IPConnectionMetric: " & $objItem.IPConnectionMetric & @CRLF $Output = $Output & "IPEnabled: " & $objItem.IPEnabled & @CRLF $Output = $Output & "IPFilterSecurityEnabled: " & $objItem.IPFilterSecurityEnabled & @CRLF $Output = $Output & "IPPortSecurityEnabled: " & $objItem.IPPortSecurityEnabled & @CRLF $strIPSecPermitIPProtocols = $objItem.IPSecPermitIPProtocols(0) $Output = $Output & "IPSecPermitIPProtocols: " & $strIPSecPermitIPProtocols & @CRLF $strIPSecPermitTCPPorts = $objItem.IPSecPermitTCPPorts(0) $Output = $Output & "IPSecPermitTCPPorts: " & $strIPSecPermitTCPPorts & @CRLF $strIPSecPermitUDPPorts = $objItem.IPSecPermitUDPPorts(0) $Output = $Output & "IPSecPermitUDPPorts: " & $strIPSecPermitUDPPorts & @CRLF $strIPSubnet = $objItem.IPSubnet(0) $Output = $Output & "IPSubnet: " & $strIPSubnet & @CRLF $Output = $Output & "IPUseZeroBroadcast: " & $objItem.IPUseZeroBroadcast & @CRLF $Output = $Output & "IPXAddress: " & $objItem.IPXAddress & @CRLF $Output = $Output & "IPXEnabled: " & $objItem.IPXEnabled & @CRLF $strIPXFrameType = $objItem.IPXFrameType(0) $Output = $Output & "IPXFrameType: " & $strIPXFrameType & @CRLF $Output = $Output & "IPXMediaType: " & $objItem.IPXMediaType & @CRLF $strIPXNetworkNumber = $objItem.IPXNetworkNumber(0) $Output = $Output & "IPXNetworkNumber: " & $strIPXNetworkNumber & @CRLF $Output = $Output & "IPXVirtualNetNumber: " & $objItem.IPXVirtualNetNumber & @CRLF $Output = $Output & "KeepAliveInterval: " & $objItem.KeepAliveInterval & @CRLF $Output = $Output & "KeepAliveTime: " & $objItem.KeepAliveTime & @CRLF $Output = $Output & "MACAddress: " & $objItem.MACAddress & @CRLF $Output = $Output & "MTU: " & $objItem.MTU & @CRLF $Output = $Output & "NumForwardPackets: " & $objItem.NumForwardPackets & @CRLF $Output = $Output & "PMTUBHDetectEnabled: " & $objItem.PMTUBHDetectEnabled & @CRLF $Output = $Output & "PMTUDiscoveryEnabled: " & $objItem.PMTUDiscoveryEnabled & @CRLF $Output = $Output & "ServiceName: " & $objItem.ServiceName & @CRLF $Output = $Output & "SettingID: " & $objItem.SettingID & @CRLF $Output = $Output & "TcpipNetbiosOptions: " & $objItem.TcpipNetbiosOptions & @CRLF $Output = $Output & "TcpMaxConnectRetransmissions: " & $objItem.TcpMaxConnectRetransmissions & @CRLF $Output = $Output & "TcpMaxDataRetransmissions: " & $objItem.TcpMaxDataRetransmissions & @CRLF $Output = $Output & "TcpNumConnections: " & $objItem.TcpNumConnections & @CRLF $Output = $Output & "TcpUseRFC1122UrgentPointer: " & $objItem.TcpUseRFC1122UrgentPointer & @CRLF $Output = $Output & "TcpWindowSize: " & $objItem.TcpWindowSize & @CRLF $Output = $Output & "WINSEnableLMHostsLookup: " & $objItem.WINSEnableLMHostsLookup & @CRLF $Output = $Output & "WINSHostLookupFile: " & $objItem.WINSHostLookupFile & @CRLF $Output = $Output & "WINSPrimaryServer: " & $objItem.WINSPrimaryServer & @CRLF $Output = $Output & "WINSScopeID: " & $objItem.WINSScopeID & @CRLF $Output = $Output & "WINSSecondaryServer: " & $objItem.WINSSecondaryServer & @CRLF if Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop $Output="" Next Else Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_NetworkAdapterConfiguration" ) Endif Func WMIDateStringToDate($dtmDate) Return (StringMid($dtmDate, 5, 2) & "/" & _ StringMid($dtmDate, 7, 2) & "/" & StringLeft($dtmDate, 4) _ & " " & StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate,13, 2)) EndFunc Edited April 23, 2007 by R.Sanderson Link to comment Share on other sites More sharing options...
jpm Posted April 23, 2007 Share Posted April 23, 2007 Ad-Aware now detects active Auto-It scripts as WIN32.Trojandropper or something similar to this. I am not 100% sure that it is 100% of Auto-It scripts, but I tested it on a few scripts. Does anyone know a way to protect a file from Ad-Aware, or some way to convince Ad-Aware that Auto-It is ok, without actually going in and excluding the folder the script is in? Here is one that it didn't like (thanks, ChrisL, by the way): expandcollapse popup$wbemFlagReturnImmediately = 0x10 $wbemFlagForwardOnly = 0x20 $colItems = "" $strComputer = "localhost" $Output="" $Output = $Output & "Computer: " & $strComputer & @CRLF $Output = $Output & "==========================================" & @CRLF $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration ", "WQL", _ $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) then For $objItem In $colItems $Output = $Output & "ArpAlwaysSourceRoute: " & $objItem.ArpAlwaysSourceRoute & @CRLF $Output = $Output & "ArpUseEtherSNAP: " & $objItem.ArpUseEtherSNAP & @CRLF $Output = $Output & "Caption: " & $objItem.Caption & @CRLF $Output = $Output & "DatabasePath: " & $objItem.DatabasePath & @CRLF $Output = $Output & "DeadGWDetectEnabled: " & $objItem.DeadGWDetectEnabled & @CRLF $strDefaultIPGateway = $objItem.DefaultIPGateway(0) $Output = $Output & "DefaultIPGateway: " & $strDefaultIPGateway & @CRLF $Output = $Output & "DefaultTOS: " & $objItem.DefaultTOS & @CRLF $Output = $Output & "DefaultTTL: " & $objItem.DefaultTTL & @CRLF $Output = $Output & "Description: " & $objItem.Description & @CRLF $Output = $Output & "DHCPEnabled: " & $objItem.DHCPEnabled & @CRLF $Output = $Output & "DHCPLeaseExpires: " & WMIDateStringToDate($objItem.DHCPLeaseExpires) & @CRLF $Output = $Output & "DHCPLeaseObtained: " & WMIDateStringToDate($objItem.DHCPLeaseObtained) & @CRLF $Output = $Output & "DHCPServer: " & $objItem.DHCPServer & @CRLF $Output = $Output & "DNSDomain: " & $objItem.DNSDomain & @CRLF $strDNSDomainSuffixSearchOrder = $objItem.DNSDomainSuffixSearchOrder(0) $Output = $Output & "DNSDomainSuffixSearchOrder: " & $strDNSDomainSuffixSearchOrder & @CRLF $Output = $Output & "DNSEnabledForWINSResolution: " & $objItem.DNSEnabledForWINSResolution & @CRLF $Output = $Output & "DNSHostName: " & $objItem.DNSHostName & @CRLF $strDNSServerSearchOrder = $objItem.DNSServerSearchOrder(0) $Output = $Output & "DNSServerSearchOrder: " & $strDNSServerSearchOrder & @CRLF $Output = $Output & "DomainDNSRegistrationEnabled: " & $objItem.DomainDNSRegistrationEnabled & @CRLF $Output = $Output & "ForwardBufferMemory: " & $objItem.ForwardBufferMemory & @CRLF $Output = $Output & "FullDNSRegistrationEnabled: " & $objItem.FullDNSRegistrationEnabled & @CRLF $strGatewayCostMetric = $objItem.GatewayCostMetric(0) $Output = $Output & "GatewayCostMetric: " & $strGatewayCostMetric & @CRLF $Output = $Output & "IGMPLevel: " & $objItem.IGMPLevel & @CRLF $Output = $Output & "Index: " & $objItem.Index & @CRLF $strIPAddress = $objItem.IPAddress(0) $Output = $Output & "IPAddress: " & $strIPAddress & @CRLF $Output = $Output & "IPConnectionMetric: " & $objItem.IPConnectionMetric & @CRLF $Output = $Output & "IPEnabled: " & $objItem.IPEnabled & @CRLF $Output = $Output & "IPFilterSecurityEnabled: " & $objItem.IPFilterSecurityEnabled & @CRLF $Output = $Output & "IPPortSecurityEnabled: " & $objItem.IPPortSecurityEnabled & @CRLF $strIPSecPermitIPProtocols = $objItem.IPSecPermitIPProtocols(0) $Output = $Output & "IPSecPermitIPProtocols: " & $strIPSecPermitIPProtocols & @CRLF $strIPSecPermitTCPPorts = $objItem.IPSecPermitTCPPorts(0) $Output = $Output & "IPSecPermitTCPPorts: " & $strIPSecPermitTCPPorts & @CRLF $strIPSecPermitUDPPorts = $objItem.IPSecPermitUDPPorts(0) $Output = $Output & "IPSecPermitUDPPorts: " & $strIPSecPermitUDPPorts & @CRLF $strIPSubnet = $objItem.IPSubnet(0) $Output = $Output & "IPSubnet: " & $strIPSubnet & @CRLF $Output = $Output & "IPUseZeroBroadcast: " & $objItem.IPUseZeroBroadcast & @CRLF $Output = $Output & "IPXAddress: " & $objItem.IPXAddress & @CRLF $Output = $Output & "IPXEnabled: " & $objItem.IPXEnabled & @CRLF $strIPXFrameType = $objItem.IPXFrameType(0) $Output = $Output & "IPXFrameType: " & $strIPXFrameType & @CRLF $Output = $Output & "IPXMediaType: " & $objItem.IPXMediaType & @CRLF $strIPXNetworkNumber = $objItem.IPXNetworkNumber(0) $Output = $Output & "IPXNetworkNumber: " & $strIPXNetworkNumber & @CRLF $Output = $Output & "IPXVirtualNetNumber: " & $objItem.IPXVirtualNetNumber & @CRLF $Output = $Output & "KeepAliveInterval: " & $objItem.KeepAliveInterval & @CRLF $Output = $Output & "KeepAliveTime: " & $objItem.KeepAliveTime & @CRLF $Output = $Output & "MACAddress: " & $objItem.MACAddress & @CRLF $Output = $Output & "MTU: " & $objItem.MTU & @CRLF $Output = $Output & "NumForwardPackets: " & $objItem.NumForwardPackets & @CRLF $Output = $Output & "PMTUBHDetectEnabled: " & $objItem.PMTUBHDetectEnabled & @CRLF $Output = $Output & "PMTUDiscoveryEnabled: " & $objItem.PMTUDiscoveryEnabled & @CRLF $Output = $Output & "ServiceName: " & $objItem.ServiceName & @CRLF $Output = $Output & "SettingID: " & $objItem.SettingID & @CRLF $Output = $Output & "TcpipNetbiosOptions: " & $objItem.TcpipNetbiosOptions & @CRLF $Output = $Output & "TcpMaxConnectRetransmissions: " & $objItem.TcpMaxConnectRetransmissions & @CRLF $Output = $Output & "TcpMaxDataRetransmissions: " & $objItem.TcpMaxDataRetransmissions & @CRLF $Output = $Output & "TcpNumConnections: " & $objItem.TcpNumConnections & @CRLF $Output = $Output & "TcpUseRFC1122UrgentPointer: " & $objItem.TcpUseRFC1122UrgentPointer & @CRLF $Output = $Output & "TcpWindowSize: " & $objItem.TcpWindowSize & @CRLF $Output = $Output & "WINSEnableLMHostsLookup: " & $objItem.WINSEnableLMHostsLookup & @CRLF $Output = $Output & "WINSHostLookupFile: " & $objItem.WINSHostLookupFile & @CRLF $Output = $Output & "WINSPrimaryServer: " & $objItem.WINSPrimaryServer & @CRLF $Output = $Output & "WINSScopeID: " & $objItem.WINSScopeID & @CRLF $Output = $Output & "WINSSecondaryServer: " & $objItem.WINSSecondaryServer & @CRLF if Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop $Output="" Next Else Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_NetworkAdapterConfiguration" ) Endif Func WMIDateStringToDate($dtmDate) Return (StringMid($dtmDate, 5, 2) & "/" & _ StringMid($dtmDate, 7, 2) & "/" & StringLeft($dtmDate, 4) _ & " " & StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate,13, 2)) EndFuncthat's more a support question than a report Link to comment Share on other sites More sharing options...
BillLuvsU Posted April 23, 2007 Share Posted April 23, 2007 Ad-Aware now detects active Auto-It scripts as WIN32.Trojandropper or something similar to this.You have struck an arrow of deepest sorrow and dread to the very epicenter of my soul. [center][/center]Working on the next big thing.Currently Playing: Halo 4, League of LegendsXBL GT: iRememberYhslaw Link to comment Share on other sites More sharing options...
evilertoaster Posted April 23, 2007 Share Posted April 23, 2007 http://www.autoitscript.com/forum/index.php?showtopic=34658Esentially the same deal as adware/viruses/trojens ect all fall under the same general catagory of 'bad things' Link to comment Share on other sites More sharing options...
R.Sanderson Posted April 23, 2007 Author Share Posted April 23, 2007 I just wanted to bring this to everyone's attention, as Ad-Aware JUST started doing this. As of last week, it was fine with every script I threw at it, but now it deletes them. Whether this is something that can be fixed on this end, or a fault on Lavasoft's part, or maybe working-as-intended, I just wanted everyone to be aware that their scripts may be deleted if they don't check their Ad-Aware reports. Link to comment Share on other sites More sharing options...
Confuzzled Posted April 25, 2007 Share Posted April 25, 2007 Did you report your file to AdAware/Lavasoft for them to check if it is a false positive? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now