Jump to content

Why My script detected by NOD32 as virus?


TeraBit
 Share

Recommended Posts

When I checked my script by NOD32 antivirus then I received this warning:

ScriptName.exe » AUTOIT » script.au3 - Possibly modified Win32/Autoit.EI worm.

But when I submit this script to Kaspersky Online antivirus center then It didn't see virus inside.

Why My script classified as virus by NOD32 ?

How that sort of viruses can harm system?

Link to comment
Share on other sites

Should I use alternative packer to avoid this antivirus fake warning detection?

I think you can compile without UPX.

If you use Compile script to .exe , in Compression menu, you will find this option.

Try it and then tell us if is a change or not.

When the words fail... music speaks.

Link to comment
Share on other sites

Should I use alternative packer to avoid this antivirus fake warning detection?

Kind of depends what sort of packer you chose, Pm me if you want to know more.

Mostly false positives given by Av's that cannot keep up with current trends.

Edited by Mobius

wtfpl-badge-1.png

Link to comment
Share on other sites

@Mobius

Hi :mellow:

@TeraBit

Send NOD an email ... to create a real virusscanner..

How to reduce false positives

- Don't use a beta version of AutoIt

- Don't use filepackers

- Don't use hotkeys in a script

- Don't use _IsPressed in a script

- Don't use autodownloads in a script

Edited by Emiel Wieldraaijer

Best regards,Emiel Wieldraaijer

Link to comment
Share on other sites

I have tried to pack my script.exe file with themida packer and now NOD32 don't detect my program as virus!

Hacker's favorite method.

Isn't it? :(

:mellow: But at what cost to the size of the packed binary?

I mean ::

Unpacked size =

Packed size =

Edited by Mobius

wtfpl-badge-1.png

Link to comment
Share on other sites

I have tried to pack my script.exe file with themida packer and now NOD32 don't detect my program as virus!

Hacker's favorite method.

Isn't it? :(

Try to scan with another antivirus, not surprise you to be detected as a virus by different antivirus. :mellow:

When the words fail... music speaks.

Link to comment
Share on other sites

Unpacked size = 784 KB

Packed size = 1,76 MB

Why the size of Packed file exceeds many times over the Unpacked size?

OUCH Dude, that is a considerable increase in filesize for something that

is not going to protect your source at all.

Uber packers such as Themida and Armadillo and many others offer additional

header tricks, that are designed to Protect at all costs, against the many

tools that are out there to probe a binary.

Such packers are designed for major, often corporate applications, or for people

that do not care about the overall binary size. You might want to play around

with various settings to possibly trim this down a bit but don't get your hopes up.

Ed

Like Emiel said, Packers are really optional unless you wish to embed

sensitive data in the resource table, and require a packer to protect this

Edited by Mobius

wtfpl-badge-1.png

Link to comment
Share on other sites

@Mobius

Hi :mellow:

@TeraBit

Send NOD an email ... to create a real virusscanner..

How to reduce false positives

- Don't use a beta version of AutoIt

- Don't use filepackers

- Don't use hotkeys in a script

- Don't use _IsPressed in a script

- Don't use autodownloads in a script

- Don't use AutoIt
Enjoy the complexity.Feel the power of simplicity.
Link to comment
Share on other sites

I use it to avoid immediate deletion by my favorite antivirus

Then why pack at all, that is what I was asking really.

If you do not care about filesize then why bother packing,

unless like I said, you wish to protect images and other data

used by your program.

Edited by Mobius

wtfpl-badge-1.png

Link to comment
Share on other sites

hhh - sad but true ... :(

So a couple of Av company's aren't up to scratch on current events (Won't mention NOD32 :mellow: )

And you guys advocate not using AutoIt at all because of THIS!!!!

You are not releasing a commercial app anyway so get over yourself.

Dammit, Lost me big green Lazer.....Has anyone seen it?

Edited by Mobius

wtfpl-badge-1.png

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...