Jump to content

A compiled AU3 being detected as a VIRUS?!


Armand
 Share

Recommended Posts

well... i've made a program in AU3 it's quite HUGE now {over 15K lines total} and at the last version after i've made some updates the program is being detected as a virus on some AVs. ie: http://www.virustotal.com/resultado.html?6...23504aeb99561f5

i've been wanting to know maybe, if possible, which functions, if there are any specific ones, makes it so that i'll try to use others instead or something like that.... i have over 7000 users now and they are all crying - VIRUS... i'm tired of explaining - AU3 <> VIRUS!!!

PS. I've read the Sticky but yet I was wandering if theres a list of functions i should avoid using...

[i really dislike the idea of having to contact all of these AV companies and it might take a while...]

THANKS IN ADVANCE!

Edited by Armand

[u]My Au3 Scripts:[/u]____________(E)Lephant, A Share download manager (RS/MU etc)Http1.1 Console, The Ez Way!Internet Reconnection Automation Suite & A Macro Recording Tool.SK's Alarm Clock, Playing '.MP3 & .Wav' Files._________________Is GOD a mistake of the Humanity Or the Humanity is a mistake of GOD ?!

Link to comment
Share on other sites

well... i've made a program in AU3 it's quite HUGE now {over 15K lines total} and at the last version after i've made some updates the program is being detected as a virus on some AVs. ie: http://www.virustotal.com/resultado.html?6...23504aeb99561f5

i've been wanting to know maybe, if possible, which functions, if there are any specific ones, makes it so that i'll try to use others instead or something like that.... i have over 7000 users now and they are all crying - VIRUS... i'm tired of explaining - AU3 <> VIRUS!!!

PS. I've read the Sticky but yet I was wandering if theres a list of functions i should avoid using...

[i really dislike the idea of having to contact all of these AV companies and it might take a while...]

THANKS IN ADVANCE!

There's no such list. Only way to get it right is to contact those companies again and again. It's realy funny that they can't get it right after so many times :)

My little company: Evotec (PL version: Evotec)

Link to comment
Share on other sites

As the sticky points out, UPX compression of exe's is one issue.

(don't compress your exe's or change to different compressor, It's no guarantee though...)

and AV companies tagging the AutoIt engine as a virus the other.

(nothing you can do about that, other than formally contacting said companies as outlined in the sticky)

Avoiding using functions that may or may not be construed as malicious isn't going to make any difference if

the AV engines are basing detection on a signature of AutoIt code once they determine a script sample is malicious.

as opposed to a heuristic scan looking for virus/trojan like behaviour.

(the list of possible functions would be pretty long....usually its the more blatant behaviours that flag an exe and not delete, regwrite actions etc.)

It looks like its the price of using a popular scripting language

instead of a programming language.

Have a look at this post by SadBunny

AV company employee perspective

This is an old and ongoing topic, a search on the forum for 'Virus'

calls up 2 pages of posts.

Edited by rover

I see fascists...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...