Jump to content

McAfee detecting AutoIt as virus

seanhart

By seanhart,
in AutoIt General Help and Support

 Share

Recommended Posts

seanhart Seeker

seanhart

Posted
Posted

Just a quick notice that McAfee AntiVirus with DAT files version 5180 (Dec 7) are detecting script compiled with AutoIt 3.2.2.0 as being infected with the YahLover.worm virus.

I have opened a support ticket with McAfee and will provide an update when I have one.

Link to comment
Share on other sites
seanhart Seeker

seanhart

Posted
  • Author
Posted

For those of us using AutoIt in our day to day jobs it's good to share information like this that could affect what we're doing. As soon as I started having these problems I checked the forums first to see if there was a known issue, and I'm glad to see others benefiting from this post.

In any case, McAfee has now released an "emergency update" and specifically referenced AutoIt compiled scripts as the reason why. It's good to see it recognized as a legitimate program by one of the leading anti-virus vendors.

McAfee mentions the false detection of AutoIt here: http://vil.nai.com/vil/content/v_140628.htm

Link to comment
Share on other sites
BrettF Universalist

BrettF

Posted
Posted

Lets all calm down... And read this: http://www.autoitscript.com/forum/index.php?showtopic=34658

Vist my blog!UDFs: Opens The Default Mail Client | _LoginBox | Convert Reg to AU3 | BASS.au3 (BASS.dll) (Includes various BASS Libraries) | MultiLang.au3 (Multi-Language GUIs!)Example Scripts: Computer Info Telnet Server | "Secure" HTTP Server (Based on Manadar's Server)Software: AAMP- Advanced AutoIt Media Player | WorldCam | AYTU - Youtube Uploader Tutorials: Learning to Script with AutoIt V3Projects (Hardware + AutoIt): ArduinoUseful Links: AutoIt 1-2-3 | The AutoIt Downloads Section: | SciTE4AutoIt3 Full Version!
Link to comment
Share on other sites
PsaltyDS Universalist

PsaltyDS

Posted
Posted (edited)

I just finished working with McAfee support and doing testing, and they have confirmed the issue and said they will release the new DAT files (5181) today.

Thanks for posting that, seanhart.

@JustinReno: I disagree with you. A post of "McAffee says my script is infected... what do I do?!" is clearly not needed, but the calm example of doing exactly what's needed by seanhart is refreshing. Note that the sticky "Are my AutoIt EXEs really infected?" is locked, so the details of the resolution of this particular false positive could not be posted there.

I would personally like to see an open sticky where people could log doing exactly what you are supposed to do, and the results they get. This would build a community running history of:

AutoIt version

AV Software and version

DAT file version

Details of false positive report

When reported to AV Co.

Response from AV Co.

In this particular example, it documents an incident that reflects well on McAffee. They received a report of a false positive, took it seriously, and replied in a prompt manner. Kudos to them.

:)

Edited by PsaltyDS
Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
BrettF Universalist

BrettF

Posted
Posted

Thanks for posting that, seanhart.

@JustinReno: I disagree with you. A post of "McAffee says my script is infected... what do I do?!" is clearly not needed, but the calm example of doing exactly what's needed by seanhart is refreshing. Note that the sticky "Are my AutoIt EXEs really infected?" is locked, so the details of the resolution of this particular false positive could not be posted there.

I would personally like to see an open sticky where people could log doing exactly what you are supposed to do, and the results they get. This would build a community running history of:

AutoIt version

AV Software and version

DAT file version

Details of false positive report

When reported to AV Co.

Response from AV Co.

In this particular example, it documents an incident that reflects well on McAffee. They received a report of a false positive, took it seriously, and replied in a prompt manner. Kudos to them.

:)

I like you idea. Does anyone think there is a chance of this happening?
Vist my blog!UDFs: Opens The Default Mail Client | _LoginBox | Convert Reg to AU3 | BASS.au3 (BASS.dll) (Includes various BASS Libraries) | MultiLang.au3 (Multi-Language GUIs!)Example Scripts: Computer Info Telnet Server | "Secure" HTTP Server (Based on Manadar's Server)Software: AAMP- Advanced AutoIt Media Player | WorldCam | AYTU - Youtube Uploader Tutorials: Learning to Script with AutoIt V3Projects (Hardware + AutoIt): ArduinoUseful Links: AutoIt 1-2-3 | The AutoIt Downloads Section: | SciTE4AutoIt3 Full Version!
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...