Jump to content

Why My script detected by NOD32 as virus?

TeraBit

By TeraBit,
in AutoIt General Help and Support

 Share

Recommended Posts

Mobius Universalist

Mobius

Posted
Posted (edited)

:mellow: Respect Swift! I thought I had lost her for sure.. :(

Ed::

The binary the op is complaining about is Au3 3.2.4.9,

I could find nothing malicious injected in the interpreter stub either. :)

Why My script classified as virus by NOD32 ? : Cos it is a pretty crap system.

How that sort of viruses can harm system? : a Worms only purpose is to do its damage and thats it, most popular mal is a worm.

Vlad

Edited by Mobius

wtfpl-badge-1.png

Link to comment
Share on other sites
enaiman Universalist

enaiman

Posted
Posted

Two days ago I had my first antivir warning (eTrust ... nothing more to add :mellow: ) when I tried to compile a script; I don't remember the warning but it surprised me. I thought first that an update took place overnight because I haven't had any warnings before.

The next thing to try next was to compile another script (compiled just days before without problems) - and it did compile well. So it was something related to that script in particular.

Then I started eliminating things from the script to see which is responsible for warning ... after 1 hour of tests I found that ... the icon I wanted to use was responsible.

I don't know why it happened because it was an icon extracted from shell32.dll (by Iconator) - Icon 58 (pad). Really strange ... the icon scanned by the same antivirus was found clean.

.. strange things happens sometimes ... :(

SNMP_UDF ... for SNMPv1 and v2c so far, GetBulk and a new example script

wannabe "Unbeatable" Tic-Tac-Toe

Paper-Scissor-Rock ... try to beat it anyway :)

Link to comment
Share on other sites
TeraBit Seeker

TeraBit

Posted
  • Author
Posted

I think that AV classify my script as sort of virus

'cause of it "hostile" behavior in system. It take info about pc , encrypt it and put it in registry.

I'm pretty sure that nod32 don't like that sort of game.

Guys can you tell me what for in Autoit still exist feature which use passwd to "protect" from decompiling?

I heared that this don't help at all if some one want to see your source.

Link to comment
Share on other sites
Mobius Universalist

Mobius

Posted
Posted (edited)

I think that AV classify my script as sort of virus

'cause of it "hostile" behavior in system. It take info about pc , encrypt it and put it in registry.

I'm pretty sure that nod32 don't like that sort of game.

:mellow:Should be your firewall that queries the actions you just mentioned..

One question, Why probe the system for data and then store the encrypted data in the registry???

Just curious no offence intended.

Guys can you tell me what for in Autoit still exist feature which use passwd to "protect" from decompiling?

I heared that this don't help at all if some one want to see your source.

:(Search around the forum dude, you might find what you are looking for. You could upgrade your au3

version and see if the problem persists.

Ed::

Or kick Nod32 into the Trashcan :)

Edited by Mobius

wtfpl-badge-1.png

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...