topten Posted February 23, 2015 Share Posted February 23, 2015 2. Why the AV doesnt react on Process Hacker - which can kill the av, but gives trojans for a simple application MsgBox.exe? I will try to paraphrase: Why AVs dont react when you start Process Hacker.exe - and at the same time AVs are checking Autoit made exes with a simple content, something like msgbox (0, "", "") and keep saying that it is trojan Is this way more understandable? Link to comment Share on other sites More sharing options...
BrewManNH Posted February 23, 2015 Share Posted February 23, 2015 I would assume it's because Process Hacker is a known piece of software, and being known, AV software knows what it does and doesn't flag it as a virus or malware because of this. Very few of the well known AV software companies would flag an AutoIt script like that as a trojan. Shitty AV software might, or one that has a bad signature file update. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
grisina Posted February 25, 2015 Share Posted February 25, 2015 (edited) However, I would argue that it shouldn't take more than 2 seconds to figure this out. If you know enough to want to disable UPX, you should know it's a compressor therefore a quick look at the options will provide only one with "UPX" and "compress" in the name. Maybe it is mis-named and not implemented right, but I don't think it takes a computer science degree to figure out what it's for if you know enough about UPX to want to disable it in the first place. Edited February 25, 2015 by grisina интериорни врати Link to comment Share on other sites More sharing options...
PixelPixPanreyes Posted February 25, 2015 Share Posted February 25, 2015 Hi! I found out that when creating an AutoIT compiled EXE with the flags /comp 4, more antivirus flag the program as a virus. Link to comment Share on other sites More sharing options...
JohnOne Posted February 26, 2015 Share Posted February 26, 2015 Hi! I found out that when creating an AutoIT compiled EXE with the flags /comp 4, more antivirus flag the program as a virus. As mentioned about a dozen times in this thread. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
Trong Posted March 3, 2015 Share Posted March 3, 2015 Need to remove malicious links: http://api.exip.org/?call=ip >>>>>>>>>>>>>> http://sso.anbtr.com/domain/api.exip.org This domain name redirected to malicious sites! Func _GetIP() Regards, Link to comment Share on other sites More sharing options...
BrewManNH Posted March 3, 2015 Share Posted March 3, 2015 (edited) That site isn't used in the _GetIP function, so I'm not sure what you're referring to. EDIT: Just found it, that site was in the old _GetIP function back in 3.3.10.x but has been gone for over a year. You need to upgrade. Edited March 3, 2015 by BrewManNH If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
Trong Posted March 3, 2015 Share Posted March 3, 2015 Thanks BrewManNH Regards, Link to comment Share on other sites More sharing options...
qwert Posted March 25, 2015 Share Posted March 25, 2015 I just wanted to add this to the heap (of false positives). I've used Microsoft Security Essentials for two years with no detection problems. But one of the definition updates a couple of weeks ago starting flagging an exe here and there. But the latest one (today) halted a compile. I'll look into sending this one in ... but it's discouraging to see them start to cast a wider net. "Severe", they declare ... with no real knowledge of what's in the net. "To a man with a hammer, everything starts to look like a nail." I don't use UPX and I'm on Win7 Pro, using 3.3.12.0 Link to comment Share on other sites More sharing options...
Moderators JLogan3o13 Posted March 25, 2015 Moderators Share Posted March 25, 2015 It is humorous to me that a sticky thread started to give people answers to their questions regarding false positiives, and thus keep them from unecessarily posting every time they see an AV issue with a script, is now 5 pages deep with people doing just that "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum! Link to comment Share on other sites More sharing options...
JohnOne Posted March 25, 2015 Share Posted March 25, 2015 I know what you mean, but 5 pages in 9 years aint so bad. mLipok 1 AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
qwert Posted March 25, 2015 Share Posted March 25, 2015 unnecessarily posting every time they see an AV issue with a script I, for one, don't see it that way at all. AV detection is an evolving situation. Whenever there's a significant development (for me, a change in MSE after 2 years of use), people need to have some way to become aware. This thread—or some other one, if you prefer—should be about AV Issue Awareness. If AU3 is ever going to break out of being looked at as a fringe language, it's going to have to come through wider awareness. And making AV issues and the associated impact known can only help. Again, my opinion. Yours may differ. Link to comment Share on other sites More sharing options...
Developers Jos Posted March 25, 2015 Developers Share Posted March 25, 2015 Again, my opinion. Yours may differ. Correct and also disagree This thread is about informing people what False positives are and where they should go for getting them fixed. The original intent was to avoid the creation of unneeded threads&posts on this topic. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
JohnOne Posted March 26, 2015 Share Posted March 26, 2015 (edited) People are going to post about alerts, no matter what. Better in here I say. EDIT: Also, most of the posts in here are just discussion rather than alert reports. Probably only about a dozen reports. Edited March 26, 2015 by JohnOne AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
harryKumar Posted March 31, 2015 Share Posted March 31, 2015 this is virus scan avast! win32Evogen but 66726565776172656F6E74686973373737 Link to comment Share on other sites More sharing options...
JohnOne Posted March 31, 2015 Share Posted March 31, 2015 Thanks Harry. You're a real trooper. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
harryKumar Posted April 3, 2015 Share Posted April 3, 2015 Simple method to repair infected file: use themida off Resources-Encryption off Resources Compression and use hard settings Note:don't pack upx 66726565776172656F6E74686973373737 Link to comment Share on other sites More sharing options...
ViciousXUSMC Posted May 13, 2015 Share Posted May 13, 2015 Symantec Released this today: Killing all my scripts out in the field and removing them via quarantine. http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2015-050111-5257-99&vid=4294922793I guess I should submit a false positive report but the damage is done pretty fast :/ Link to comment Share on other sites More sharing options...
Developers Jos Posted May 13, 2015 Developers Share Posted May 13, 2015 Symantec Released this today: Killing all my scripts out in the field and removing them via quarantine. http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2015-050111-5257-99&vid=4294922793I guess I should submit a false positive report but the damage is done pretty fast :/ Are you seriously expecting an answer assuming you read the initial post in this thread? SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Moderators JLogan3o13 Posted May 13, 2015 Moderators Share Posted May 13, 2015 I guess I should submit a false positive report but the damage is done pretty fast :/You admit you know what you should do... "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now