TeraBit Posted November 9, 2008 Share Posted November 9, 2008 When I checked my script by NOD32 antivirus then I received this warning:ScriptName.exe » AUTOIT » script.au3 - Possibly modified Win32/Autoit.EI worm.But when I submit this script to Kaspersky Online antivirus center then It didn't see virus inside. Why My script classified as virus by NOD32 ?How that sort of viruses can harm system? Link to comment Share on other sites More sharing options...
TehWhale Posted November 9, 2008 Share Posted November 9, 2008 This has been gone over a million times. Use the search feature of this forums. Link to comment Share on other sites More sharing options...
Andreik Posted November 9, 2008 Share Posted November 9, 2008 http://www.autoitscript.com/forum/index.ph...st&p=253367 When the words fail... music speaks. Link to comment Share on other sites More sharing options...
TeraBit Posted November 9, 2008 Author Share Posted November 9, 2008 Should I use alternative packer to avoid this antivirus fake warning detection? Link to comment Share on other sites More sharing options...
Andreik Posted November 9, 2008 Share Posted November 9, 2008 Should I use alternative packer to avoid this antivirus fake warning detection?I think you can compile without UPX.If you use Compile script to .exe , in Compression menu, you will find this option.Try it and then tell us if is a change or not. When the words fail... music speaks. Link to comment Share on other sites More sharing options...
Mobius Posted November 9, 2008 Share Posted November 9, 2008 (edited) Should I use alternative packer to avoid this antivirus fake warning detection?Kind of depends what sort of packer you chose, Pm me if you want to know more.Mostly false positives given by Av's that cannot keep up with current trends. Edited November 9, 2008 by Mobius Link to comment Share on other sites More sharing options...
trancexx Posted November 9, 2008 Share Posted November 9, 2008 http://www.autoitscript.com/forum/index.ph...st&p=253367That's for viruses and NOD32 warned for worm. This link:http://www.autoitscript.com/forum/index.ph...st&p=253367... no wait, that's the same one. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Mobius Posted November 9, 2008 Share Posted November 9, 2008 (edited) http://www.autoitscript.com/forum/index.ph...st&p=253367... no wait, that's the same one. trancexx, master at work. @EmielRespect++ Edited November 11, 2008 by Mobius Link to comment Share on other sites More sharing options...
Emiel Wieldraaijer Posted November 9, 2008 Share Posted November 9, 2008 (edited) @Mobius Hi @TeraBit Send NOD an email ... to create a real virusscanner.. How to reduce false positives - Don't use a beta version of AutoIt - Don't use filepackers - Don't use hotkeys in a script - Don't use _IsPressed in a script - Don't use autodownloads in a script Edited November 9, 2008 by Emiel Wieldraaijer Best regards,Emiel Wieldraaijer Link to comment Share on other sites More sharing options...
TeraBit Posted November 9, 2008 Author Share Posted November 9, 2008 I have tried to pack my script.exe file with themida packer and now NOD32 don't detect my program as virus! Hacker's favorite method. Isn't it? Link to comment Share on other sites More sharing options...
Mobius Posted November 9, 2008 Share Posted November 9, 2008 (edited) I have tried to pack my script.exe file with themida packer and now NOD32 don't detect my program as virus! Hacker's favorite method.Isn't it? But at what cost to the size of the packed binary?I mean ::Unpacked size =Packed size = Edited November 9, 2008 by Mobius Link to comment Share on other sites More sharing options...
TeraBit Posted November 9, 2008 Author Share Posted November 9, 2008 Unpacked size = 784 KB Packed size = 1,76 MB Why the size of Packed file exceeds many times over the Unpacked size? Link to comment Share on other sites More sharing options...
Andreik Posted November 9, 2008 Share Posted November 9, 2008 I have tried to pack my script.exe file with themida packer and now NOD32 don't detect my program as virus! Hacker's favorite method.Isn't it? Try to scan with another antivirus, not surprise you to be detected as a virus by different antivirus. When the words fail... music speaks. Link to comment Share on other sites More sharing options...
Mobius Posted November 9, 2008 Share Posted November 9, 2008 (edited) Unpacked size = 784 KBPacked size = 1,76 MBWhy the size of Packed file exceeds many times over the Unpacked size?OUCH Dude, that is a considerable increase in filesize for something thatis not going to protect your source at all.Uber packers such as Themida and Armadillo and many others offer additionalheader tricks, that are designed to Protect at all costs, against the manytools that are out there to probe a binary.Such packers are designed for major, often corporate applications, or for peoplethat do not care about the overall binary size. You might want to play aroundwith various settings to possibly trim this down a bit but don't get your hopes up.EdLike Emiel said, Packers are really optional unless you wish to embedsensitive data in the resource table, and require a packer to protect this Edited November 9, 2008 by Mobius Link to comment Share on other sites More sharing options...
Cw2K1 Posted November 9, 2008 Share Posted November 9, 2008 @MobiusHi @TeraBitSend NOD an email ... to create a real virusscanner..How to reduce false positives- Don't use a beta version of AutoIt- Don't use filepackers- Don't use hotkeys in a script- Don't use _IsPressed in a script- Don't use autodownloads in a script- Don't use AutoIt Enjoy the complexity.Feel the power of simplicity. Link to comment Share on other sites More sharing options...
TeraBit Posted November 9, 2008 Author Share Posted November 9, 2008 I think it is not big increase in size for ours fast pc and it is acceptable for me =) Link to comment Share on other sites More sharing options...
TeraBit Posted November 9, 2008 Author Share Posted November 9, 2008 And you are using a Packer FOR???? Ed:Protecting images and other data used by your binary?I use it to avoid immediate deletion by my favorite antivirus Link to comment Share on other sites More sharing options...
Mobius Posted November 9, 2008 Share Posted November 9, 2008 (edited) I use it to avoid immediate deletion by my favorite antivirusThen why pack at all, that is what I was asking really.If you do not care about filesize then why bother packing,unless like I said, you wish to protect images and other dataused by your program. Edited November 11, 2008 by Mobius Link to comment Share on other sites More sharing options...
Armand Posted November 9, 2008 Share Posted November 9, 2008 - Don't use AutoIthhh - sad but true ... [u]My Au3 Scripts:[/u]____________(E)Lephant, A Share download manager (RS/MU etc)Http1.1 Console, The Ez Way!Internet Reconnection Automation Suite & A Macro Recording Tool.SK's Alarm Clock, Playing '.MP3 & .Wav' Files._________________Is GOD a mistake of the Humanity Or the Humanity is a mistake of GOD ?! Link to comment Share on other sites More sharing options...
Mobius Posted November 9, 2008 Share Posted November 9, 2008 (edited) hhh - sad but true ... So a couple of Av company's aren't up to scratch on current events (Won't mention NOD32 )And you guys advocate not using AutoIt at all because of THIS!!!!You are not releasing a commercial app anyway so get over yourself.Dammit, Lost me big green Lazer.....Has anyone seen it? Edited November 9, 2008 by Mobius Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now