AutoIt and Malware: Difference between revisions

Revision as of 15:58, 15 January 2013

If you have been using AutoIt for any length of time you will know that it is a great and powerful scripting language. As with all powerful languages there comes a downside: virus creation by those with malicious intent. AutoIt has no viruses installed on your system, and if a script you have created has been marked as a virus (and you're not malicious) then this is a false positive. They found a set of instructions in an AutoIt EXE out there somewhere, took the general signature of the file, and now all AutoIt EXE's are flagged (or most of them). This can be due to several reasons:

  * AutoIt is packed with UPX. UPX is an open source software compression packer. It is used with many viruses (to make them smaller).
  * Malicious scripter got the AutoIt script engine recognized as a virus.

There are more ways your executable could be marked; this topic covers only the most common causes. If you encounter a false positive, in which your script is erroneously recognized as a virus, please alert the offending AV company immediately so the matter can be resolved. Best practice would be to include your source code along with a compiled exe, allowing the AV company to independantly verify your report. This process may take up to 24 hours depending on the AV company, but will be resolved much more quickly if you provide source code.

AntiVir
- Website
- Contact

Avast!
- Website
- Contact

McAfee
- Website
- Contact

Symantec (Norton)
- Website
- Contact

AVG
- Website
- Contact (It says sales or other ?'s I assume this will work)

ClamWin
- Website
- Contact

ClamAV
- Website
- Contact (I would only contact the ones with "virusdb maintainer or virus submission management")

BitDefender
- Website
- Contact

ZoneLabs
- Website
- Contact

Norman
- Website
- Contact

eSafe
- Website
- Contact (login required)

A-Squared
- Website
- Contact

Revision as of 15:58, 15 January 2013 (view source) JLogan3o13 (talk \| contribs) mNo edit summary ← Older edit		Revision as of 15:58, 15 January 2013 (view source) JLogan3o13 (talk \| contribs) mNo edit summary Newer edit →
Line 1:		Line 1:
	If you have been using AutoIt for any length of time you will know that it is a great and powerful scripting language. As with all powerful languages there comes a downside: virus creation by those ~~With~~ malicious intent. AutoIt has no viruses installed on your system, and if a script you have created has been marked as a virus (and you're not malicious) then this is a [http://www.pcguide.com/care/data/virus/scanFalse-c.html false positive]. They found a set of instructions in an AutoIt EXE out there somewhere, took the general signature of the file, and now all AutoIt EXE's are flagged (or most of them). This can be due to several reasons:		If you have been using AutoIt for any length of time you will know that it is a great and powerful scripting language. As with all powerful languages there comes a downside: virus creation by those with malicious intent. AutoIt has no viruses installed on your system, and if a script you have created has been marked as a virus (and you're not malicious) then this is a [http://www.pcguide.com/care/data/virus/scanFalse-c.html false positive]. They found a set of instructions in an AutoIt EXE out there somewhere, took the general signature of the file, and now all AutoIt EXE's are flagged (or most of them). This can be due to several reasons:

	* AutoIt is packed with UPX. UPX is an open source software compression packer. It is used with many viruses (to make them smaller).		* AutoIt is packed with UPX. UPX is an open source software compression packer. It is used with many viruses (to make them smaller).

AutoIt and Malware: Difference between revisions

Revision as of 15:58, 15 January 2013

Navigation menu