Bluesmaster Posted November 27, 2013 Share Posted November 27, 2013 I discovered the tool "Win32 API Constants" from GaryFrost today, downloaded it and... tada Windows-Defender ( which never protected me from anything ) deleted it immediately. '?do=embed' frameborder='0' data-embedContent>> Virustotal discovers a unusual big bundle of trojans and malware. https://www.virustotal.com/de/file/e07b72f346035626d5ad7157e07c785db038ce681b545999534f4e2109e69d6e/analysis/1381385066/ Im sure this is a wrong diagnosis. But why so hard and why no source is shared. regards My UDF: [topic='156155']_shellExecuteHidden[/topic] Link to comment Share on other sites More sharing options...
Administrators Jon Posted November 27, 2013 Administrators Share Posted November 27, 2013 Google flag this download every week as well. I report it as false every week but they never change it :/ Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/ Link to comment Share on other sites More sharing options...
Administrators Jon Posted November 27, 2013 Administrators Share Posted November 27, 2013 I've unpacked the exe (removed UPX) and it doesn't seem to get flagged anymore. Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/ Link to comment Share on other sites More sharing options...
JohnOne Posted November 27, 2013 Share Posted November 27, 2013 If I were the boss of it, UPX would not even be a standard option, it's just a pain in the arse. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
Moderators Melba23 Posted November 27, 2013 Moderators Share Posted November 27, 2013 JohnOne,The default in the Beta and next release is NOT to use upx - so you could well be the boss and not realise it! M23 mLipok 1 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area Link to comment Share on other sites More sharing options...
Bluesmaster Posted November 27, 2013 Author Share Posted November 27, 2013 That is weird. Maybe one should ask GaryFrost to recompile it. regards My UDF: [topic='156155']_shellExecuteHidden[/topic] Link to comment Share on other sites More sharing options...
JohnOne Posted November 27, 2013 Share Posted November 27, 2013 JohnOne, The default in the Beta and next release is NOT to use upx - so you could well be the boss and not realise it! M23 lol I meant remove the option altogether though, I don't really see the point of it except to have files flagged constantly by the AV plonkers. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
corgano Posted November 27, 2013 Share Posted November 27, 2013 (edited) There is still some point to it, like if want a quick script for an embedded system with limited space, but I know what you're saying. Disabled by default is definately better, the file size isn't that big to start with and there's less false flagging. Makes things easier to share Maybe there's some other compression out there we could use instead? Edited November 27, 2013 by corgano 0x616e2069646561206973206c696b652061206d616e20776974686f7574206120626f64792c20746f206669676874206f6e6520697320746f206e657665722077696e2e2e2e2e Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now