Virus Report

[amcdee]

Hi Guys,

Just a bit of a heads up I've just received the following warning from CA. Been using Autoit for a while now without issuse. Unforuneately its always effecting about of my compiled script.

The Win32/SillyAutorun.AYD was detected in C:\PROGRAM FILES\AUTOIT3\AUT2EXE\AUTOITSC.BIN.

Kindest regards,

Amcdee

[Triblade]

Hmm, is posting this link correct now?

http://www.autoitscript.com/forum/index.php?showtopic=34658

[dbenoit]

Hello,

That is not a good answer my friend. I am heavely using AutoIT for several years now (a great product for sure).

The Virus issue with AutoIT compiled script, is and stays an issue.

I have spend weeks of works to change my code, not to develop et enhance my applications, but just to work around the virus detection issues.

The fasle positive detection is a recuring issue and I think anyone using daily Autoit codes knows this.

For myself with I decided to do, at the end of many different wird experiences is :

1) Do not use UPX compressor at all

2) Do not use Obfuscrator option anymore

3) Avoid each time it is possible the FileInstall command

Doing so, I have eliminate most of the issues, but still I have to fight for time to time with an antiv-rus crappy vendor to request the change a wrong virus list where AutoIt code is detected as a false positive virus.

I have no magic solution for that and I hope this will improve with future AutoIT releases.

Enjoy

Dominique

[Inverted]

How will future Autoit releases fix the "crappy AV vendors" ? (your words)

Just don't use shitty AV products, I never have any problems ! I used to have ESET Smart Security, now I've gotten rid of AV and just use the free Sunbelt Personal firewall.

Also, I doubt the obfuscator has any effect on the false alerts, the script is encrypted anyway. You could try other executable packers, like PeCompact, it's pretty tame.

Edited May 17, 2009 by Inverted

[BrettF]

It has been discussed so many times it gets boring to see all the new threads on it. Report it to them as a false positive. That's all you can do, because you've outlined the rest.

[flame]

We are using compiled scripts on many workstations and servers. False Positives are a great problem for us.

It is not possible to use the whitlist- function of the AV, because folder changes often.

In the next weeks we will setup a testsystem for compiled AutoIt Scripts and other important files.

- the samples will be scanned every hour with the mayor AV-Engines

- if there is a False-Positive, the system will send a report to the AV-Company

We hope to decrease the duration of a False-Positive down to a few hours.

[Richard Robertson]

All AutoIt scripts will show as the same malware. That's because of idiots who write malware in AutoIt and idiots who tag every script as a malware.

[enaiman]

@amcdee

I had the same problem on 14th of May - CA eTrust started to delete my executables because if "found" AutoItSC.bin "infected" with that worm.

I have contacted them the same day, send them the samples they required and got the answer back that the file is clean. By next day (15th) they have released a new signature file which fixed the false warning on AutoItSC.bin.

Don't worry anymore about that from CA.

A piece of advice: even so, don't compress your executables with upx because eTrust might see them "suspicious".