Jump to content

Obfuscator Temp File?

anonimous

By anonimous
in AutoIt General Help and Support

 Share

Recommended Posts

anonimous Seeker

anonimous

Posted
Posted (edited)

After obfuscating, compiling and running the file, Avira suddenly detects a HTML script virus which I think is a false positive. Could it be a temp file created when the obfuscated script is decrypted?

The file is detected in 'C:\Documents and Settings\username\Local Settings\Temp\qihaihs'(random 7 letter filename with no extension)

Virus Total scan result: https://www.virustotal.com/analisis/1673155c5512211571ebd0aca880cca19a847dd50c1c7d06def28123be7b3f1e-1260696481

Does it happen to anyone else?

I managed to capture one before it was deleted by running a script to kill the process before it can delete the temp file. I monitored the files using Sysinternals's FileMon.

Edited by anonimous
  • Developers
Jos Universalist

Jos

Posted
  • Developers
Posted (edited)

This is the table file created at Obfuscation time and included in the obfuscated exe. Doubt this file is marked as a virus.

Pretty sure you got yourself a false positive.

Talk to your AV provider.

Jos

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.  :)

anonimous Seeker

anonimous

Posted
  • Author
Posted

This is the table file created at Obfuscation time and included in the obfuscated exe. Doubt this file is marked as a virus.

Pretty sure you got yourself a false positive.

Talk to your AV provider.

Jos

Oh I didn't realise it was the exact table that was generated when obfuscating the script. I thought it was temp file generated when running the script. Thanks for the info!

Xenobiologist Universalist

Xenobiologist

Posted
Posted

Hi,

I had recently a similar problem with obfuscator and McAfee. (I reported the false positive)

Mega

Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

anonimous Seeker

anonimous

Posted
  • Author
Posted

Hi,

I had recently a similar problem with obfuscator and McAfee. (I reported the false positive)

Mega

Has McAfee fixed the problem? Because in the Virus Total result above, McAfee also is detecting the table file as a virus.

Xenobiologist Universalist

Xenobiologist

Posted
Posted

Hi,

till Friday the don't.

I'll check my laptop tomorrow, cause it is the one for business. On my private PC I do not use McAfee.

Mega

Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

TomCat Wayfarer

TomCat

Posted
Posted

false positive

http://virscan.org/report/cb94cf26d999cf41270fef06383f3d80.html

http://virusscan.jotti.org/de/scanresult/661a60a2953c5680671ff5ba9a2397cf93819830

but it suxx -.-

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...