Jump to content

AutoIt3Wrapper.exe identifies as a trojan in McAfee


Tippex
 Share

Recommended Posts

When attempting to install SciTE4AutoIt3.exe latest update (14-8-2008 for "AutoIt v3.2.12.1 and BETA v3.2.13.7") McAfee detects AutoIt3Wrapper.exe as a trojan and quarantines it. I know other AutoIT users with the same problem. I don't know how to report this back to the Scite team to that they can fix the problem or (if false positive) so that they can contact McAfee to get the problem fixed.

Tippex

Link to comment
Share on other sites

  • Developers

As I answered to your report you submitted via the suggestions form: You will have to get with your AV provider as this is a false positive of your AV software.

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

... I don't know how to report this back to the Scite team to that they can fix the problem or (if false positive) so that they can contact McAfee to get the problem fixed. ...

As Jos said, that will be your task. AutoIt and SciTE4AutoIt3 are both free - developed and maintaned by volunteers. You can help yourself and others by using the contact info for McAfee listed in this post :-)

http://www.autoitscript.com/forum/index.php?showtopic=34658

[size="1"][font="Arial"].[u].[/u][/font][/size]

Link to comment
Share on other sites

  • Developers

What happens when you use this version of AutoIt3Wrapper.exe which is compiled without UPX?

http://www.autoitscript.com/autoit3/scite/...oIt3Wrapper.exe

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

What happens when you use this version of AutoIt3Wrapper.exe which is compiled without UPX?

http://www.autoitscript.com/autoit3/scite/...oIt3Wrapper.exe

Jos

My AVG is telling that:

Virus identified Worm/Autoit.DDH

it's on AuoIt3Wrapper.exe

detected on close (during installation).

This hapens today when I tried to sintax chek an au3, in the version I had installed on my PC for about 2-3 weeks.

So I uninstalled AU3, download a new version and during instalation it gave the same message for the wrapper (scite instalation, AU3 instalation was OK).

In AVG is simple to ignore the message, but I'm insecure if the copy I just downloaded from http://www.autoitscript.com/autoit3/scite/...iTE4AutoIt3.exe is ok or not.

edit: ===> I superseded the wrapper with the above link and it worked OK with AVG.

Thanks

Jose

Edited by joseLB
Link to comment
Share on other sites

:) Fixed!!

A.V.E.R.T. Sample Analysis

Issue Number: 4848495

Virus Research Analyst: Patricia Ammirabile

Filename: autoit3wrapper.exe

Detected as Generic.dx in DAT: 5388/5389

Identified: No Virus/Trojan

AVERT Labs, Sao Paulo, SP

You will need to update your McAfee then AutoIt3Wrapper.exe will be left alone!

----- Original Message -----

From: "Virus Research" <Virus_Research@avertlabs.com>

Sent: Tuesday, September 23, 2008 9:35 PM

Subject: RE: Escalated - 4848495: Webimmune

Synopsis -

Our Senior Virus Research Engineers have examined the file in question

and no virus was found.

This detection has been corrected in the current DAT set.

Solution -

Please update your DAT files to correct detection of these files.

Engine and DAT updates are available at:

<http://www.mcafee.com/apps/downloads/security_updates/dat.asp>

Link to comment
Share on other sites

Hi

Any news on this issue? As we can see, there is something strange with scite, as it's related to macafee and avg...

Normally, I would just install AVG and get my own answer to what I'm about to ask you - but I cannot install AVG right now for reasons that I'll not bore you with.

So - update you AVG to the latest AV signatures and contribute to the whole AutoIt community by answering the question that Jos posed in his post above:

What happens when you use this version of AutoIt3Wrapper.exe which is compiled without UPX?

http://www.autoitscript.com/autoit3/scite/...oIt3Wrapper.exe

Jos

If you need help turning off UPX compression, do this:

Start > Programs (All Programs) > AutoIt v3 > Compile Script to .exe

Once that program loads, select "Options" and then - if there is a check by "Use UPX Compress .exe stub" - click once on that option to remove that check.

Now close the window with the title ...

"Aut2Exe v3 - AutoIt Script to EXE Converter"

... and create a new au3 file with only one character in it:

;

Save that file and right-click on it from within the Windows file explorer.

Select "Compile Script" from the context menu.

If you AVG software allows the file to stay around long enough, the file size of your new compiled uncompressed file should be about 515KB using AutoIt v3.2.12.1.

If need be, force a scan with AVG and report your findings in this tread. Does AVG still consider that uncompressed file to be "bad"?

[size="1"][font="Arial"].[u].[/u][/font][/size]

Link to comment
Share on other sites

So - update you AVG to the latest AV signatures and contribute to the whole AutoIt community by answering the question that Jos posed in his post above:

Thanks herewasplato.

With JOS update, AVG does not report virus anymore, as I told 3 posts above.

My worry was, why standard scite was giving alarm on both macafee and AVG. It coud be that some "hacker" could have changed the download scite file in main page? Anyway, it's working ok with JOS link.

Jose

Edited by joseLB
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...