Jump to content

Virus inside beta version

drakar

By drakar
in AutoIt General Help and Support

 Share

Recommended Posts

drakar Seeker

drakar

Posted
Posted

Posted Image

I use Auto-it beat version (autoit-v3.1.1.83-beta-Setup.exe) to create an exe and Virusscan Mcafee detect a Trojan virus in compile exe file.

Can you help me ?

/dev/null Universalist

/dev/null

Posted
Posted (edited)

I use Auto-it beat version (autoit-v3.1.1.83-beta-Setup.exe) to create an exe and Virusscan Mcafee detect a Trojan virus in compile exe file.

Can you help me ?

search the support forum for "trojan". You will find similar reports and maybe a workaround as well, though not sure!

Cheers

Kurt

Edited by /dev/null

__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

jpm Universalist

jpm

Posted
Posted

That the first time I see a false alarm (if any) on a compiled scipt with the beta.

Can you recreate traffic.exe and check the version you use for compilation?

I would imagine you have a real virus...

jpm Universalist

jpm

Posted
Posted

can McAfee user verify this compile script.

just rename suppress the .txt extension.

it was compiled with the next beta I am building.

normaly identical to .84

Thanks B)

PaulDG Seeker

PaulDG

Posted
Posted (edited)

Mcafee VS Pro Version v7.03.6000 (Last Version 7) With todays update(4611) passes this file with no problems.

Edited by PaulGX
drakar Seeker

drakar

Posted
  • Author
Posted (edited)

search the support forum for "trojan". You will find similar reports and maybe a workaround as well, though not sure!

Cheers

Kurt

I use HttpSetProxy, StringRegExp, RunWait and :

$IE=ObjCreate("InternetExplorer.Application")

$IE.Navigate("http://www.xxxxxx")

$IE.visible = $ievisible

Do

Sleep(50)

Until NOT $IE.Busy

$document = $IE.document

$form=$IE.document.forms.item("tsmess",0 )

$sujet=$form.elements ("form_id")

$sujet.value = $util

$from=$form.elements ("from")

$from.value = "trafic info"

$to=$form.elements ("submitto")

$to.value = $mail

$mess=$form.elements ("message")

$mess.value = $util

$form.submit

While ($document.readyState <> "complete") and ($document.readyState <> 4)

Sleep(100)

WEnd

$IE.quit ()

It the same at home virus detect, and I have the same version than my work Viruscan Entreprise 8i dat file 4612

Edited by drakar
drakar Seeker

drakar

Posted
  • Author
Posted

I use HttpSetProxy, StringRegExp, RunWait and :

$IE=ObjCreate("InternetExplorer.Application")

$IE.Navigate("http://www.xxxxxx")

$IE.visible = $ievisible

Do

Sleep(50)

Until NOT $IE.Busy

$document = $IE.document

$form=$IE.document.forms.item("tsmess",0 )

$sujet=$form.elements ("form_id")

$sujet.value = $util

$from=$form.elements ("from")

$from.value = "trafic info"

$to=$form.elements ("submitto")

$to.value = $mail

$mess=$form.elements ("message")

$mess.value = $util

$form.submit

While ($document.readyState <> "complete") and ($document.readyState <> 4)

Sleep(100)

WEnd

$IE.quit ()

It the same at home virus detect, and I have the same version than my work Viruscan Entreprise 8i

Try my script you can see :

trafic.exe.txt

drakar Seeker

drakar

Posted
  • Author
Posted

That the first time I see a false alarm (if any) on a compiled scipt with the beta.

Can you recreate traffic.exe and check the version you use for compilation?

I would imagine you have a real virus...

I can't create an exe, virus detect immediatly a virus. I test my computer and no virus found, only auto-it exe

drakar Seeker

drakar

Posted
  • Author
Posted

I can't create an exe, virus detect immediatly a virus. I test my computer and no virus found, only auto-it exe

It works correctly with the 3.1.1.66 beta I can compile script without problem....

jpm Universalist

jpm

Posted
Posted

Try my script you can see :

I don't understand how you attach this file if you cannot create an compiled .exe.

Anyway the attach file can be decompile and have no virus error when scan with Symantec Antivirus.

If I am right, it was compiled with .83 beta.

I didn't execute it in case the problem comes when executed.

I don't how I can help you more.

B)

drakar Seeker

drakar

Posted
  • Author
Posted

I don't understand how you attach this file if you cannot create an compiled .exe.

Anyway the attach file can be decompile and have no virus error when scan with Symantec Antivirus.

If I am right, it was compiled with .83 beta.

I didn't execute it in case the problem comes when executed.

I don't how I can help you more.

B)

I create this file when viruscan is inactive

marimba Seeker

marimba

Posted
Posted

Have the same problem. Any compiled script (one line is enough) produces Trojan with 3.1.1.84 and down to 3.1.1.78.

Not problem with 3.1.1.0 and 3.1.1.70

The same happens with Mcafee 8.0.0 4611 and 7.0.3 4611

/dev/null Universalist

/dev/null

Posted
Posted

Try my script you can see :

No virus detected by F-Secure. So it's most probably a false positive of McAffeeee.... Best you can do: Contact them and tell em to correct their pattern files.

Cheers

Kurt

__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

herewasplato Universalist

herewasplato

Posted
Posted

...The same happens with Mcafee 8.0.0 4611 and 7.0.3 4611

For what it is worth, you can test files at some sites like http://virusscan.jotti.org/ and http://www.virustotal.com/

McAfee sig file 4612 calls:

jpm's file "no virus found"

drakar's file "Generic MSVC".

To quote jotti: "You're free to (mis)interpret these automated, flawed statistics at your own discretion."

later...

[size="1"][font="Arial"].[u].[/u][/font][/size]

jpm Universalist

jpm

Posted
Posted

For what it is worth, you can test files at some sites like http://virusscan.jotti.org/ and http://www.virustotal.com/

McAfee sig file 4612 calls:

jpm's file "no virus found"

drakar's file "Generic MSVC".

To quote jotti: "You're free to (mis)interpret these automated, flawed statistics at your own discretion."

later...

my was generated with a pre version of 3.1.1.85 so the signature change and the antivirus does not recognize this new object so no FALSE ALARM B)
Neil Seeker

Neil

Posted
Posted

I ran into this virus problem with McAfee VirusScan 8.0i a few days ago. Unfortunately, this was only a week after I deployed my memory resident PC inventory script to a couple of hundred workstations. Problem started with DAT update released on Monday by McAfee. I first tried using a newer beta (3.1.1.84), but that didn't help. I eventually discovered that the virus alert disappeared if I compiled the script without a custom icon. I tried a different icon as well, but that still produced the virus alert. Very strange!

Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...