Sign in to follow this  
Followers 0
autoITnewbie

AutoIT exe detected as virus

18 posts in this topic

Hi,

does anyone have this problem. Most of my script are writen in AutoIT is now being detected as virus by Symantec antivirus with virus def date of 5/30/2007.

what should I do now?

Thanks

A

Share this post


Link to post
Share on other sites



You should be more worried about yourself, theres a bug going around called Autoitoba and when you get it, you code like mad.

Share this post


Link to post
Share on other sites

You should be more worried about yourself, theres a bug going around called Autoitoba and when you get it, you code like mad.

Explain more?

Share this post


Link to post
Share on other sites

Explain more?

AutoItOba: A wasting disease characterized by long hours spent on the AutoIt forums, lack of sleep, and diminished social life. Advanced cases have actually changed their names to things like "Zedna", "SmOke_N", "Psal, etc...

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Too Funny.. lol I am getting the norton eating all my scripts too.. lol

Share this post


Link to post
Share on other sites

Too Funny.. lol I am getting the norton eating all my scripts too.. lol

why doesnt autoit re-do its coding and change the id's? :)...guess its not that easy eh?


[u][font="Century Gothic"]~я α и d γ ĵ . ċ . ѕ қ ϊ и и ε я~- My Programs -auto shutdownSleep funcdisallow programs[/font][/u]

Share this post


Link to post
Share on other sites

Look here

Thank you Zedna, I tried to put the "#Compiler_UseUpx=n" in the script it it still detect as a virus =(

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

Hi,

does anyone have this problem. Most of my script are writen in AutoIT is now being detected as virus by Symantec antivirus with virus def date of 5/30/2007.

what should I do now?

Thanks

A

I have Symantec Antivirus 10 with def dated 5/30/2007 rev 20 and I don't have any problems. Are you sure the problem isn't a virus on your machine? Edited by PaulIA

Auto3Lib: A library of over 1200 functions for AutoIt

Share this post


Link to post
Share on other sites

I have Symantec Antivirus 10 with def dated 5/30/2007 rev 20 and I don't have any problems. Are you sure the problem isn't a virus on your machine?

really? what version of autoit are you using to compile your scripts?

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

really? what version of autoit are you using to compile your scripts?

3.2.4.7

Edit: Just update to 3.2.4.9 and still have no problems.

Edit II: I'm using the default Unicode compiler too, if that makes any difference.

Edited by PaulIA

Auto3Lib: A library of over 1200 functions for AutoIt

Share this post


Link to post
Share on other sites

3.2.4.7

oh, thanks I'll try that. But we got the answer from symantec and they'll fix it

===================================

Security Response is aware of a False Positive in some AutoIT scripts that are detected as MSN.Flooder

http://www.symantec.com/security_response/...-050916-1048-99

Detection has been corrected in RR Seq 69177 and higher and should be available within an hour. Security Response has also made plans to publish a second set of certified definitions today with the corrected detections.

ETA for the second LiveUpdate is 9PM.

Share this post


Link to post
Share on other sites

oh, thanks I'll try that. But we got the answer from symantec and they'll fix it

===================================

Security Response is aware of a False Positive in some AutoIT scripts that are detected as MSN.Flooder

http://www.symantec.com/security_response/...-050916-1048-99

Detection has been corrected in RR Seq 69177 and higher and should be available within an hour. Security Response has also made plans to publish a second set of certified definitions today with the corrected detections.

ETA for the second LiveUpdate is 9PM.

I don't see where they are mentioning AutoIt in the link. Where did you get the info about RR Seq 69177?

Auto3Lib: A library of over 1200 functions for AutoIt

Share this post


Link to post
Share on other sites

I don't see where they are mentioning AutoIt in the link. Where did you get the info about RR Seq 69177?

That's in the message they sent to us since we open a case with them.

Share this post


Link to post
Share on other sites

We have a case open with Symantec for files compiled using v3.2.2.0, which are being flagged as well.

I'm testing the other versions to see which others are affected.

Will keep everyone posted on any progress.


[font="Tahoma"]"Tougher than the toughies and smarter than the smarties"[/font]

Share this post


Link to post
Share on other sites

#17 ·  Posted (edited)

Have been hit by it where i work too.

Already had several scripts removed from my machine.

*EDIT*

Latest BETA appears to fix the issues for me.

Edited by tAKTelapis

Share this post


Link to post
Share on other sites

SAV Defs have been updated to 5/30/2007 rev. 41, which no longer flag v3.2.2.0 EXEs as being infected. :)

I never had a chance to test other versions since that was the only one we used, and have been busy recompiling/redeploying dozens of utilities to thousands of systems. :)


[font="Tahoma"]"Tougher than the toughies and smarter than the smarties"[/font]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0