Tripredacus Posted June 1, 2016 Share Posted June 1, 2016 Today, MSSE marked one of my applications as Trojan:Win32/Zelrune.C!cl. algiuxas and mLipok 2 Twitter | MSFN | VGCollect Link to comment Share on other sites More sharing options...
BrewManNH Posted June 1, 2016 Share Posted June 1, 2016 @giangnguyen I don't think you'd get much response from them, they haven't released an update to the software in about 4 years. They've only updated the virus definitions recently. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
AutoBert Posted June 1, 2016 Share Posted June 1, 2016 Post the link to analysis of https://virustotal.com/ Link to comment Share on other sites More sharing options...
giangnguyen Posted June 2, 2016 Share Posted June 2, 2016 source: MsgBox(1,"","hi") compiled by right click+compile for x86 https://virustotal.com/en/file/2922e3bf83b2bc1dd19ab42748ef24e0fbf27a9dbc8696825cf86b11547deeee/analysis/1464834505/ Uh oh, found some more. Not sure if that is by AutoIt though. But they don't have twister on VT, I used majyx scanner. Here is the twister detection: https://scan.majyx.net/scans/result/f1feb3a899de723057ac539d0ddc3b3f841bc8ce As you can see, it is detected as W32.HackKMS.L.yvrm Link to comment Share on other sites More sharing options...
AutoBert Posted June 2, 2016 Share Posted June 2, 2016 Have a look in signature from @BetaLeaf he has a tool for reporting false/positive. Link to comment Share on other sites More sharing options...
EmilyLove Posted June 2, 2016 Share Posted June 2, 2016 Awesome, people noticed me! Lol no but thanks for mentioning my tool. Makes me feel accomplished. Tools in the signature below. jcmackie 1 Link to comment Share on other sites More sharing options...
giangnguyen Posted June 8, 2016 Share Posted June 8, 2016 additional thing: if u pack with UPX it detects as AutoIt Packed. Link to comment Share on other sites More sharing options...
Mobius Posted June 10, 2016 Share Posted June 10, 2016 On 02/06/2016 at 3:34 AM, giangnguyen said: source: MsgBox(1,"","hi") compiled by right click+compile for x86 https://virustotal.com/en/file/2922e3bf83b2bc1dd19ab42748ef24e0fbf27a9dbc8696825cf86b11547deeee/analysis/1464834505/ Uh oh, found some more. Not sure if that is by AutoIt though. But they don't have twister on VT, I used majyx scanner. Here is the twister detection: https://scan.majyx.net/scans/result/f1feb3a899de723057ac539d0ddc3b3f841bc8ce As you can see, it is detected as W32.HackKMS.L.yvrm giangnguyen, Not sure how long you've been around autoit but 3/56 flags from VT is nothing to worry about, or any other similar site that uses the "many fools in a room" logic to formulate an opinion. Link to comment Share on other sites More sharing options...
giangnguyen Posted June 10, 2016 Share Posted June 10, 2016 8 hours ago, Mobius said: giangnguyen, Not sure how long you've been around autoit but 3/56 flags from VT is nothing to worry about, or any other similar site that uses the "many fools in a room" logic to formulate an opinion. I know 3/56 is not much, I know, but I prefer to have my clean files not detected by AVs. Link to comment Share on other sites More sharing options...
Administrators Jon Posted June 10, 2016 Administrators Share Posted June 10, 2016 The main AutoIt3.exe rarely gets flagged (sometimes on each new version). So if I were writing public software I'd play it safe and distribute AutoIt3.exe and compile the script as .a3x. Least chance of flagging. Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/ Link to comment Share on other sites More sharing options...
yennhikorea Posted June 20, 2016 Share Posted June 20, 2016 (edited) uninstall the autoit. fix isue registry with ccleaner. restart computer. install agains. HOT nhất năm 2016 với dịch vụ thiết kế web giá rẻ của IUL, khi bạn thiết kế web hà nội sẽ được tặng ngay một khóa học hướng dẫn các bán hàng trên facebook hoặc bán hàng trực tuyến hay sử dụng các dịch vụ web khác của chúng tôi ví dụ như: thiết kế web du lịch khách sạn, thiết kế web công ty, thiết kế web trọn gói giá rẻ, thiết kế web theo yêu cầu, thiet ke web responsive, thiết kế website bất động sản nhà đất,.. Chương trình khuyến mãi sẽ kết thức vào ngày 20/10/2016 vì thế các bạn hãy nhanh tay tham gia trường trình để nhận thưởng nhé. Edited October 19, 2016 by yennhikorea Công ty thiết kế web bán hàng online trực tuyến giá rẻ miễn phí Link to comment Share on other sites More sharing options...
Trong Posted June 20, 2016 Share Posted June 20, 2016 5 minutes ago, yennhikorea said: uninstall the autoit. fix isue registry with ccleaner. restart computer. install agains. you are trying to say something? nói cái L gì thế ? Regards, Link to comment Share on other sites More sharing options...
water Posted June 20, 2016 Share Posted June 20, 2016 Trong, what do you try to say? My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki Link to comment Share on other sites More sharing options...
Trong Posted June 21, 2016 Share Posted June 21, 2016 I'm asked, I do not say! Regards, Link to comment Share on other sites More sharing options...
EmilyLove Posted June 21, 2016 Share Posted June 21, 2016 On 6/20/2016 at 11:36 AM, yennhikorea said: uninstall the autoit. fix isue registry with ccleaner. restart computer. install agains. That's not going to fix the detection of issue. It is probably a combination of the unpacking of the autoit engine on execution and certain functions in your script. Link to comment Share on other sites More sharing options...
EmilyLove Posted June 23, 2016 Share Posted June 23, 2016 (edited) Hey guys. Want to help improve False Positive Reporter? If you see any emails that aren't on the list below, please Private Message me so I can add it to the list. Spoiler support.is@cmclab.net samples@digital-defender.com sample@preventon.com support-tech@returnil.com malwaresample@herdprotect.com info@chicalogic.com submit@antiy.com avlnetwork@antiy.com virus@arcabit.com v3sos@ahnlab.com virus@avast.com virus@avira.com virus_submission@bitdefender.com samples@bluepointsecurity.com malwaresubmit@avlab.comodo.com vms@drweb.com malware@emcosoftware.com submit@emsisoft.com virus@esafe.com samples@escanav.com submitvirus@fortinet.com research@spy-emergency.com viruslab@f-prot.com labs@fsb-antivirus.com vsamples@f-secure.com samples@ikarus.at submit@samples.immunet.com newvirus@kaspersky.com support@jiangmin.com research@lavasoft.com virus_research@avertlabs.com virus@micropoint.com.cn avsubmit@submit.microsoft.com virus@nanoav.ru samples@eset.com support@noralabs.com support@norman.com virus_info@inca.co.kr virus@pandasecurity.com psafe@psafe.com kefu@360.cn support@rubus.co.in newvirus@s-cop.com samples@sophos.com detections@spybot.info vlab@srnmicro.com avsubmit@symantec.com virus@hacksoft.com.pe virus@thirtyseven4.com cainfo@ca.com submit@trojanhunter.com support@simplysup.com virus@filseclab.com malware-cruncher@sunbelt-software.com viruslab@hauri.co.kr newvirus@anti-virus.by virus@zillya.com huangruimin@kingsoft.com support@aegislab.com viruslab@quickheal.com trojans@agnitum.com bav@baidu.com bkav@bkav.com.vn samples@mysecuritywin.com falsepositive@reasoncoresecurity.com virus_research_gateway@avertlabs.com Edited June 23, 2016 by BetaLeaf masvil 1 Link to comment Share on other sites More sharing options...
Guest Posted August 9, 2017 Share Posted August 9, 2017 (edited) According to my tests: Some AVs will flag the exe file as virus if it does not have icon file #AutoIt3Wrapper_Res_Description= if this is empty then some AVs will flag the file as virus If this is not empty then some AVs + other AVs will flag the file as virus.. I guess it happens if the name is something that AVs know as virus Need to delete from the #AutoIt3Wrapper_Res_Description , #AutoIt3Wrapper_Res_Comment= Any string that telling the AVs what the file is. And need to leave #AutoIt3Wrapper_Res_Description= With some string. otherwise some AVs will detect it as virus.. So I wrote string that is the program version.. Edited August 9, 2017 by Guest Link to comment Share on other sites More sharing options...
Skysnake Posted August 11, 2017 Share Posted August 11, 2017 @BetaLeaf, maybe remove this one from your list? PSafe (PSafe) Aug 10, 10:09 -03 Hello Team, We don't support Windows anymore, our AV for Windows platform was discontinued. Thank you for your contact and if you have any questions, feel free to reach me. Best regards, Thomas Skysnake EmilyLove 1 Skysnake Why is the snake in the sky? Link to comment Share on other sites More sharing options...
EmilyLove Posted August 17, 2017 Share Posted August 17, 2017 (edited) On 8/11/2017 at 8:44 AM, Skysnake said: @BetaLeaf, maybe remove this one from your list? PSafe (PSafe) Aug 10, 10:09 -03 Hello Team, We don't support Windows anymore, our AV for Windows platform was discontinued. Thank you for your contact and if you have any questions, feel free to reach me. Best regards, Thomas Skysnake Thanks for reporting in. It has been fixed. In the future, please submit an issue on GitHub. https://github.com/BetaLeaf/False-Positive-Reporter/releases/tag/1.3.2 Changelog: Removed PSafe from the list of Anti-Virus Vendors. Anti-Virus Vendor list and Banned Extensions list will now automatically update from this repository. You can now configure FPR.exe by simply double clicking on FPR.exe. Config FPR.exe removed (See above.) Update FPR.exe now updates FPR.exe to the latest version, instead of only updating the Anti-Virus Vendor list. Edited August 17, 2017 by BetaLeaf Since the list is now automatically updated on the repository, you can update it yourself and submit a pull request. Link to comment Share on other sites More sharing options...
BrewManNH Posted August 17, 2017 Share Posted August 17, 2017 Just don't trust that the information on VirusTotal is accurate for any purposes. http://www.csoonline.com/article/3216765/security/heres-why-the-scanners-on-virustotal-flagged-hello-world-as-harmful.html If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now