TehWhale Posted November 9, 2008 Share Posted November 9, 2008 FOUND IT! Link to comment Share on other sites More sharing options...
Mobius Posted November 9, 2008 Share Posted November 9, 2008 (edited) Respect Swift! I thought I had lost her for sure.. Ed::The binary the op is complaining about is Au3 3.2.4.9,I could find nothing malicious injected in the interpreter stub either. Why My script classified as virus by NOD32 ? : Cos it is a pretty crap system.How that sort of viruses can harm system? : a Worms only purpose is to do its damage and thats it, most popular mal is a worm.Vlad Edited November 12, 2008 by Mobius Link to comment Share on other sites More sharing options...
Glyph Posted November 10, 2008 Share Posted November 10, 2008 Why don't you submit your source to the AV company so they can un-flag it? tolle indicium Link to comment Share on other sites More sharing options...
enaiman Posted November 10, 2008 Share Posted November 10, 2008 Two days ago I had my first antivir warning (eTrust ... nothing more to add ) when I tried to compile a script; I don't remember the warning but it surprised me. I thought first that an update took place overnight because I haven't had any warnings before.The next thing to try next was to compile another script (compiled just days before without problems) - and it did compile well. So it was something related to that script in particular.Then I started eliminating things from the script to see which is responsible for warning ... after 1 hour of tests I found that ... the icon I wanted to use was responsible.I don't know why it happened because it was an icon extracted from shell32.dll (by Iconator) - Icon 58 (pad). Really strange ... the icon scanned by the same antivirus was found clean... strange things happens sometimes ... SNMP_UDF ... for SNMPv1 and v2c so far, GetBulk and a new example script wannabe "Unbeatable" Tic-Tac-Toe Paper-Scissor-Rock ... try to beat it anyway :) Link to comment Share on other sites More sharing options...
TehWhale Posted November 10, 2008 Share Posted November 10, 2008 AVG always detects anything HAVING to do with AutoIt. I just got tired of it. *Click* Uninstalled. Link to comment Share on other sites More sharing options...
TeraBit Posted November 10, 2008 Author Share Posted November 10, 2008 I think that AV classify my script as sort of virus 'cause of it "hostile" behavior in system. It take info about pc , encrypt it and put it in registry. I'm pretty sure that nod32 don't like that sort of game. Guys can you tell me what for in Autoit still exist feature which use passwd to "protect" from decompiling? I heared that this don't help at all if some one want to see your source. Link to comment Share on other sites More sharing options...
Mobius Posted November 10, 2008 Share Posted November 10, 2008 (edited) I think that AV classify my script as sort of virus'cause of it "hostile" behavior in system. It take info about pc , encrypt it and put it in registry.I'm pretty sure that nod32 don't like that sort of game. Should be your firewall that queries the actions you just mentioned..One question, Why probe the system for data and then store the encrypted data in the registry???Just curious no offence intended.Guys can you tell me what for in Autoit still exist feature which use passwd to "protect" from decompiling?I heared that this don't help at all if some one want to see your source. Search around the forum dude, you might find what you are looking for. You could upgrade your au3version and see if the problem persists.Ed::Or kick Nod32 into the Trashcan Edited November 11, 2008 by Mobius Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now