Jump to content

Malwarebytes actively believes AutoIt is malware

FalconFour
 Share

Recommended Posts

FalconFour Seeker

FalconFour

Posted
Posted

I wanted to drop by and point out some goings-on with what is, in my opinion as a PC repair tech, the #1 malware removal solution, Malwarebytes' Anti-Malware, versus false detections of compiled AutoIt scripts. As of the definitions around the beginning of this month, Malwarebytes is now flagging nearly all compiled AutoIt EXEs as "BackDoor.Bifrost".

The worst part about it is, they refuse to change their stance about detecting AutoIt executables as malware/PUPs. I haven't yet gotten a reply to my request for "reconsidering" this decision. It's a pretty bad deal, considering AutoIt is no different from any of the hundreds of other programming languages out there (BTW, congrats on that, AutoIt team! Excellent work on that).

I wanted to bring this to the AutoIt community's attention, see what you all think of it. I'm just one person and it seems like I'm the only person that has a problem with AutoIt being blanketed with the "malware" definition. Maybe the AutoIt team can help the Malwarebytes team with the detection of malware written with AutoIt... instead of just calling it all malware!

Link to comment
Share on other sites
GEOSoft Universalist

GEOSoft

Posted
Posted

How many thousands of times do we have to answer these? Report it as a false positive to MalwareBytes and READ THIS

George

Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.

Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.***

The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number.

Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else.

"Old age and treachery will always overcome youth and skill!"

Link to comment
Share on other sites
FalconFour Seeker

FalconFour

Posted
  • Author
Posted (edited)

How many thousands of times do we have to answer these? Report it as a false positive to MalwareBytes and READ THIS

Maybe if you'd read the topic instead of skimming, you'd not only see that it was already reported, but that Malwarebytes refuses to change their stance on it. Not only that, but I did read that, and Malwarebytes is nowhere to be found in that staggering list of useless AV programs. So it can generally be assumed - also by the fact that Google has next to no information relating to "malwarebytes autoit" - that the current issue, which ONLY STARTED LESS THAN A MONTH AGO, is still undocumented. Also, I'm not reporting that "omg my script is infeacted?!?!?!?", I'm reporting that a commonly used AV program is false-detecting scripts, and something needs to be done to support AutoIt on the MBAM forums.

Slow down, calm down, breathe a bit, then... maybe... go back and read OP?

Edited by FalconFour
Link to comment
Share on other sites
BrettF Universalist

BrettF

Posted
Posted (edited)

Tell them to contact Jon about flagging the compiled scripts properly. He can give them the necessary information. And then tell them they're being stupid and they're retarded developers that don't know what they're doing. Also tell them if they block AutoIt they might as well go and block everything else too... Because thats how stupid their stance is.

EDIT: Actually I'm just going to rip into them.

Edited by BrettF
Vist my blog!UDFs: Opens The Default Mail Client | _LoginBox | Convert Reg to AU3 | BASS.au3 (BASS.dll) (Includes various BASS Libraries) | MultiLang.au3 (Multi-Language GUIs!)Example Scripts: Computer Info Telnet Server | "Secure" HTTP Server (Based on Manadar's Server)Software: AAMP- Advanced AutoIt Media Player | WorldCam | AYTU - Youtube Uploader Tutorials: Learning to Script with AutoIt V3Projects (Hardware + AutoIt): ArduinoUseful Links: AutoIt 1-2-3 | The AutoIt Downloads Section: | SciTE4AutoIt3 Full Version!
Link to comment
Share on other sites
FuryCell Universalist

FuryCell

Posted
Posted

hahahaha

'Malwarebytes' i thought is was Malware..

pfff .. don't use malwarebytes anymore.. problem solved

The problem is for developers who release their software to the public. I have several programs on softpedia and if they download it and see it as malware it might scare them off.

HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.
Link to comment
Share on other sites
FalconFour Seeker

FalconFour

Posted
  • Author
Posted

hahahaha

'Malwarebytes' i thought is was Malware..

pfff .. don't use malwarebytes anymore.. problem solved

MBAM is actually the best software we've used. There are others, sure, but MBAM is very clean, efficient, and gets the job 100% done, at least 95% of the time. If MBAM runs, the system comes out the other side clean. So we use MBAM. It just gets to be a pain in the rear when MBAM keeps flagging my notification program - an AutoIt program that beeps the PC speaker when the scan completes - as malware itself.

@BrettF: Thanks! Glad to see I'm not the only one :D

Link to comment
Share on other sites
BrettF Universalist

BrettF

Posted
Posted

Everyone on here. Go tell them they're wrong and need to reconsider the detection.

Vist my blog!UDFs: Opens The Default Mail Client | _LoginBox | Convert Reg to AU3 | BASS.au3 (BASS.dll) (Includes various BASS Libraries) | MultiLang.au3 (Multi-Language GUIs!)Example Scripts: Computer Info Telnet Server | "Secure" HTTP Server (Based on Manadar's Server)Software: AAMP- Advanced AutoIt Media Player | WorldCam | AYTU - Youtube Uploader Tutorials: Learning to Script with AutoIt V3Projects (Hardware + AutoIt): ArduinoUseful Links: AutoIt 1-2-3 | The AutoIt Downloads Section: | SciTE4AutoIt3 Full Version!
Link to comment
Share on other sites
MvGulik Universalist

MvGulik

Posted
Posted (edited)
whatever Edited by MvGulik

"Straight_and_Crooked_Thinking" : A "classic guide to ferreting out untruths, half-truths, and other distortions of facts in political and social discussions."
"The Secrets of Quantum Physics" : New and excellent 2 part documentary on Quantum Physics by Jim Al-Khalili. (Dec 2014)

"Believing what you know ain't so" ...

Knock Knock ...
 

Link to comment
Share on other sites
JRowe Universalist

JRowe

Posted
Posted

If you compile the script with the default AutoIt icon it flags it as BackDoor.Bifrost. If you compile it with any other icon it's clean.

From what that conversation said, it looks like they just flag the AutoIt icon. Gee, what a foolproof method of malware detection, wow. I am humbled by their superior intelligence and discernment. I wish to someday become as wise and powerful in the ways of anti malware.

[center]However, like ninjas, cyber warriors operate in silence.AutoIt Chat Engine (+Chatbot) , Link Grammar for AutoIt , Simple Speech RecognitionArtificial Neural Networks UDF , Bayesian Networks UDF , Pattern Matching UDFTransparent PNG GUI Elements , Au3Irrlicht 2Advanced Mouse Events MonitorGrammar Database GeneratorTransitions & Tweening UDFPoker Hand Evaluator[/center]

Link to comment
Share on other sites
jchd Universalist

jchd

Posted
Posted

They seem to have listen somehow and be hopefully relaxing or waiving the FP flagging.

Flagging a static icon for BackDoor.Bifrost is what I'd call a skizophrenic overlook: much over, not much look.

That speaks by itself for the serious of their product.

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites
BrettF Universalist

BrettF

Posted
Posted

Results!

For now the false positive seems to have be gone... :D

Vist my blog!UDFs: Opens The Default Mail Client | _LoginBox | Convert Reg to AU3 | BASS.au3 (BASS.dll) (Includes various BASS Libraries) | MultiLang.au3 (Multi-Language GUIs!)Example Scripts: Computer Info Telnet Server | "Secure" HTTP Server (Based on Manadar's Server)Software: AAMP- Advanced AutoIt Media Player | WorldCam | AYTU - Youtube Uploader Tutorials: Learning to Script with AutoIt V3Projects (Hardware + AutoIt): ArduinoUseful Links: AutoIt 1-2-3 | The AutoIt Downloads Section: | SciTE4AutoIt3 Full Version!
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...