Armand Posted December 28, 2007 Share Posted December 28, 2007 (edited) well... i've made a program in AU3 it's quite HUGE now {over 15K lines total} and at the last version after i've made some updates the program is being detected as a virus on some AVs. ie: http://www.virustotal.com/resultado.html?6...23504aeb99561f5i've been wanting to know maybe, if possible, which functions, if there are any specific ones, makes it so that i'll try to use others instead or something like that.... i have over 7000 users now and they are all crying - VIRUS... i'm tired of explaining - AU3 <> VIRUS!!!PS. I've read the Sticky but yet I was wandering if theres a list of functions i should avoid using...[i really dislike the idea of having to contact all of these AV companies and it might take a while...]THANKS IN ADVANCE! Edited December 28, 2007 by Armand [u]My Au3 Scripts:[/u]____________(E)Lephant, A Share download manager (RS/MU etc)Http1.1 Console, The Ez Way!Internet Reconnection Automation Suite & A Macro Recording Tool.SK's Alarm Clock, Playing '.MP3 & .Wav' Files._________________Is GOD a mistake of the Humanity Or the Humanity is a mistake of GOD ?! Link to comment Share on other sites More sharing options...
MadBoy Posted December 28, 2007 Share Posted December 28, 2007 well... i've made a program in AU3 it's quite HUGE now {over 15K lines total} and at the last version after i've made some updates the program is being detected as a virus on some AVs. ie: http://www.virustotal.com/resultado.html?6...23504aeb99561f5 i've been wanting to know maybe, if possible, which functions, if there are any specific ones, makes it so that i'll try to use others instead or something like that.... i have over 7000 users now and they are all crying - VIRUS... i'm tired of explaining - AU3 <> VIRUS!!! PS. I've read the Sticky but yet I was wandering if theres a list of functions i should avoid using... [i really dislike the idea of having to contact all of these AV companies and it might take a while...] THANKS IN ADVANCE! There's no such list. Only way to get it right is to contact those companies again and again. It's realy funny that they can't get it right after so many times My little company: Evotec (PL version: Evotec) Link to comment Share on other sites More sharing options...
rover Posted December 28, 2007 Share Posted December 28, 2007 (edited) As the sticky points out, UPX compression of exe's is one issue. (don't compress your exe's or change to different compressor, It's no guarantee though...) and AV companies tagging the AutoIt engine as a virus the other. (nothing you can do about that, other than formally contacting said companies as outlined in the sticky) Avoiding using functions that may or may not be construed as malicious isn't going to make any difference if the AV engines are basing detection on a signature of AutoIt code once they determine a script sample is malicious. as opposed to a heuristic scan looking for virus/trojan like behaviour. (the list of possible functions would be pretty long....usually its the more blatant behaviours that flag an exe and not delete, regwrite actions etc.) It looks like its the price of using a popular scripting language instead of a programming language. Have a look at this post by SadBunny AV company employee perspective This is an old and ongoing topic, a search on the forum for 'Virus' calls up 2 pages of posts. Edited December 28, 2007 by rover I see fascists... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now