slaughter Posted January 11, 2010 Posted January 11, 2010 some of my scripts AVira detects as virus No. Name Type Danger Description Detection added 1. TR/Dropper.Gen2 Trojan 12 Oct 2009 see here 2. TR/Dropper.Gen Trojan 19 Jun 2007 see here what to do? A lot users a using some my apps so im in a truble In progress: Windows Server bruteforce GUARD Admin Tools (Remote client control) Bypasing firewall Old stuff: [font="Verdana;"]MD5 Auto Update Calendar XP SS multi usser server & client Autoit Remote Control (ARC)[/font]
Mobius Posted January 11, 2010 Posted January 11, 2010 Take a look at this thread Are my AutoIt EXE's really infected?, The gist of it is "Report the false positive to your Av vendor".Are you using any types of packers/protectors, or are you using an older build of AutoIt3?
tingtong Posted January 13, 2010 Posted January 13, 2010 My Autoit exe file also treat as TR/Dropper.gen trojan. I had sent it to Avira for more then two days but still no action, it keep alert as trojan. Avira never update their definition. My customers don't want to run my program now and wait for solution. Which version of Script to Exe will solve this problem? I tried the latest one but still same.
Mobius Posted January 13, 2010 Posted January 13, 2010 (edited) Avira never update their definition.It would appear that they do else you would not find yourself in this predicament. Or perhaps.... Just passed an up to date executable through VT, and nothings changed really since the last time I checked all this. 3 Flags by the same vendors for the same shit, but no flags for the vendor you mention. (what a surprise) expandcollapse popupFile Yo.exe received on 2010.01.13 13:05:50 (UTC) Result: 3/41 (7.32%) Antivirus_______Version_____Last_Update_____Result a-squared_______4.5.0.48____2010.01.13______Trojan.Win32.Dropper!A2 AhnLab-V3_______5.0.0.2_____2010.01.12______- AntiVir_________7.9.1.134___2010.01.13______- Antiy-AVL_______2.0.3.7_____2010.01.12______- Authentium______5.2.0.5_____2010.01.12______- Avast___________4.8.1351.0__2010.01.12______- AVG_____________9.0.0.725___2010.01.13______- BitDefender_____7.2_________2010.01.13______- CAT-QuickHeal___10.00_______2010.01.13______- ClamAV__________0.94.1______2010.01.13______- Comodo__________3568________2010.01.13______- DrWeb___________5.0.1.12222_2010.01.13______- eSafe___________7.0.17.0____2010.01.13______- eTrust-Vet______35.2.7234___2010.01.13______- F-Prot__________4.5.1.85____2010.01.12______- F-Secure________9.0.15370.0_2010.01.13______- Fortinet________4.0.14.0____2010.01.13______- GData___________19__________2010.01.13______- Ikarus__________T3.1.1.80.0_2010.01.13______- Jiangmin________13.0.900____2010.01.13______- K7AntiVirus_____7.10.944____2010.01.11______- Kaspersky_______7.0.0.125___2010.01.13______- McAfee__________5859________2010.01.12______- McAfee+Artemis__5859________2010.01.12______- McAfee-GW-Edit__6.8.5_______2010.01.13______Heuristic.BehavesLike.Win32.Spyware.J Microsoft_______1.5302______2010.01.13______- NOD32___________4766________2010.01.13______- Norman__________6.04.03_____2010.01.13______- nProtect________2009.1.8.0__2010.01.13______- Panda___________10.0.2.2____2010.01.12______- PCTools_________7.0.3.5_____2010.01.13______- Prevx___________3.0_________2010.01.13______Medium_Risk_Malware Rising__________22.30.02.06_2010.01.13______- Sophos__________4.49.0______2010.01.13______- Sunbelt_________3.2.1858.2__2010.01.13______- Symantec________20091.2.0.41_2010.01.13_____- TheHacker_______6.5.0.3.148_2010.01.13______- TrendMicro______9.120.0.1004_2010.01.13_____- VBA32___________3.12.12.1____2010.01.13_____- ViRobot_________2010.1.13.2134_2010.01.13___- VirusBuster_____5.0.21.0_____2010.01.12_____- Additional information File size: 637666 bytes MD5...: 0ce9cc4b6d9193ea6eccbe78df9e8f62 SHA1..: 5ca61dd7fa023a08e9e617dc8b7b43cb276e390d SHA256: 42c310dc9c4beb27e8809de2c9f35cec75b3e2b44a882dc264d031be3d451aa2 ssdeep: 12288:aZjMLf11MmPQeRXEHYYS3gA0FJO1t3C6Qox:aafIiy4NwdL0Qox PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x18150 timedatestamp.....: 0x4b2a6d7c (Thu Dec 17 17:42:20 2009) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x817db 0x81800 6.60 65da5cf25d2638a9e0501ad857d0c520 .rdata 0x83000 0xd7b4 0xd800 4.93 cec745f0a27fdfa71b4a6a5257882a33 .data 0x91000 0x16f18 0x3200 4.12 e2b7c410ea360050a2f1fa394d4c33fc .rsrc 0xa8000 0x9298 0x9400 5.53 4dee82f3369c5ddfd373ee228111876f ( 16 imports ) > WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > VERSION.dll: VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW > WINMM.dll: timeGetTime, waveOutSetVolume, mciSendStringW > COMCTL32.dll: ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_Create, InitCommonControlsEx, ImageList_ReplaceIcon > MPR.dll: WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW > WININET.dll: InternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable > PSAPI.DLL: EnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules > USERENV.dll: CreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW > KERNEL32.dll: WaitForSingleObject, HeapFree, GetProcessHeap, HeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, ReadFile, SetFilePointer, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, CreateThread, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, CompareStringA, InterlockedIncrement, InterlockedDecrement, WriteFile, GetStdHandle, CreatePipe, InterlockedExchange, EnterCriticalSection, TerminateThread, LeaveCriticalSection, DeleteCriticalSection, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, VirtualAlloc, LoadLibraryExW, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, LoadLibraryA, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, FreeLibrary, InitializeCriticalSection, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetProcAddress, LoadLibraryW, GetStartupInfoW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameA, InitializeCriticalSectionAndSpinCount, HeapReAlloc, HeapCreate, RtlUnwind, GetConsoleCP, GetConsoleMode, SetHandleCount, GetFileType, GetStartupInfoA, FlushFileBuffers, SetStdHandle, LCMapStringW, LCMapStringA, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, SizeofResource, SetEnvironmentVariableA > USER32.dll: CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, AdjustWindowRectEx, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, UnregisterHotKey, SetKeyboardState, GetKeyboardState, GetKeyState, keybd_event, VkKeyScanA, GetKeyboardLayoutNameA, CharUpperW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, GetMenuItemID, PeekMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, CharLowerBuffW, MonitorFromRect, LoadImageW, GetAsyncKeyState, CreateIconFromResourceEx, InvalidateRect > GDI32.dll: DeleteObject, GetObjectW, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, LineTo, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, GetDeviceCaps, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, SetViewportOrgEx > COMDLG32.dll: GetSaveFileNameW, GetOpenFileNameW > ADVAPI32.dll: RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, InitiateSystemShutdownExW, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, SetSecurityDescriptorDacl, CopySid, LogonUserW, GetTokenInformation, GetSecurityDescriptorDacl, GetAce, AddAce, GetAclInformation > SHELL32.dll: DragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish > ole32.dll: OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, StringFromCLSID, IIDFromString, StringFromIID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=398D5C51E286E573BAA0098CF34FCB009A1EC2EF' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=398D5C51E286E573BAA0098CF34FCB009A1EC2EF</a> sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: original name: n/a internal name: n/a file version.: 3, 3, 2, 0 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned pdftt Edited January 13, 2010 by Mobius
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now