Jump to content

Why My script detected by NOD32 as virus?

TeraBit

By TeraBit
in AutoIt General Help and Support

 Share

Recommended Posts

TeraBit Seeker

TeraBit

Posted
Posted

When I checked my script by NOD32 antivirus then I received this warning:

ScriptName.exe » AUTOIT » script.au3 - Possibly modified Win32/Autoit.EI worm.

But when I submit this script to Kaspersky Online antivirus center then It didn't see virus inside.

Why My script classified as virus by NOD32 ?

How that sort of viruses can harm system?

Andreik Universalist

Andreik

Posted
Posted

Should I use alternative packer to avoid this antivirus fake warning detection?

I think you can compile without UPX.

If you use Compile script to .exe , in Compression menu, you will find this option.

Try it and then tell us if is a change or not.

Mobius Universalist

Mobius

Posted
Posted (edited)

Should I use alternative packer to avoid this antivirus fake warning detection?

Kind of depends what sort of packer you chose, Pm me if you want to know more.

Mostly false positives given by Av's that cannot keep up with current trends.

Edited by Mobius

wtfpl-badge-1.png

Emiel Wieldraaijer Universalist

Emiel Wieldraaijer

Posted
Posted (edited)

@Mobius

Hi :mellow:

@TeraBit

Send NOD an email ... to create a real virusscanner..

How to reduce false positives

- Don't use a beta version of AutoIt

- Don't use filepackers

- Don't use hotkeys in a script

- Don't use _IsPressed in a script

- Don't use autodownloads in a script

Edited by Emiel Wieldraaijer

Best regards,Emiel Wieldraaijer

TeraBit Seeker

TeraBit

Posted
  • Author
Posted

I have tried to pack my script.exe file with themida packer and now NOD32 don't detect my program as virus!

Hacker's favorite method.

Isn't it? :mellow:

Mobius Universalist

Mobius

Posted
Posted (edited)

I have tried to pack my script.exe file with themida packer and now NOD32 don't detect my program as virus!

Hacker's favorite method.

Isn't it? :(

:mellow: But at what cost to the size of the packed binary?

I mean ::

Unpacked size =

Packed size =

Edited by Mobius

wtfpl-badge-1.png

Andreik Universalist

Andreik

Posted
Posted

I have tried to pack my script.exe file with themida packer and now NOD32 don't detect my program as virus!

Hacker's favorite method.

Isn't it? :(

Try to scan with another antivirus, not surprise you to be detected as a virus by different antivirus. :mellow:

Mobius Universalist

Mobius

Posted
Posted (edited)

Unpacked size = 784 KB

Packed size = 1,76 MB

Why the size of Packed file exceeds many times over the Unpacked size?

OUCH Dude, that is a considerable increase in filesize for something that

is not going to protect your source at all.

Uber packers such as Themida and Armadillo and many others offer additional

header tricks, that are designed to Protect at all costs, against the many

tools that are out there to probe a binary.

Such packers are designed for major, often corporate applications, or for people

that do not care about the overall binary size. You might want to play around

with various settings to possibly trim this down a bit but don't get your hopes up.

Ed

Like Emiel said, Packers are really optional unless you wish to embed

sensitive data in the resource table, and require a packer to protect this

Edited by Mobius

wtfpl-badge-1.png

Cw2K1 Wayfarer

Cw2K1

Posted
Posted

@Mobius

Hi :mellow:

@TeraBit

Send NOD an email ... to create a real virusscanner..

How to reduce false positives

- Don't use a beta version of AutoIt

- Don't use filepackers

- Don't use hotkeys in a script

- Don't use _IsPressed in a script

- Don't use autodownloads in a script

- Don't use AutoIt
Enjoy the complexity.Feel the power of simplicity.
TeraBit Seeker

TeraBit

Posted
  • Author
Posted

And you are using a Packer FOR???? :mellow:

Ed:

Protecting images and other data used by your binary?

I use it to avoid immediate deletion by my favorite antivirus

Mobius Universalist

Mobius

Posted
Posted (edited)

I use it to avoid immediate deletion by my favorite antivirus

Then why pack at all, that is what I was asking really.

If you do not care about filesize then why bother packing,

unless like I said, you wish to protect images and other data

used by your program.

Edited by Mobius

wtfpl-badge-1.png

Mobius Universalist

Mobius

Posted
Posted (edited)

hhh - sad but true ... :(

So a couple of Av company's aren't up to scratch on current events (Won't mention NOD32 :mellow: )

And you guys advocate not using AutoIt at all because of THIS!!!!

You are not releasing a commercial app anyway so get over yourself.

Dammit, Lost me big green Lazer.....Has anyone seen it?

Edited by Mobius

wtfpl-badge-1.png

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...