ViciousXUSMC Posted May 13, 2015 Share Posted May 13, 2015 I have it fixed on my side, added an exception for that particular scan.I was more or less posting for informational purposes of others that there is a new release so they can have a heads up. For long term I am actually thinking of using a unqie file extension for my scripts and adding a extension exception so that any new false positives will not effect us. Link to comment Share on other sites More sharing options...
Mobius Posted May 13, 2015 Share Posted May 13, 2015 Hey ViciousXUSMC two replies not bad Seriously guys you know you could stem all the repetition (by both posters and responders) by simply locking the thread. Link to comment Share on other sites More sharing options...
Developers Jos Posted May 13, 2015 Developers Share Posted May 13, 2015 Hey ViciousXUSMC two replies not bad Seriously guys you know you could stem all the repetition (by both posters and responders) by simply locking the thread. Agree, but let's then also agree that this logic would apply to way too many threads, so that ain't happening unless they spin out of control. Jos Mobius 1 SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
topten Posted May 14, 2015 Share Posted May 14, 2015 For long term I am actually thinking of using a unqie file extension for my scripts and adding a extension exception so that any new false positives will not effect us. It is quite an interesting approach ViciousXUSMCCould you please give an example how would you do that? Link to comment Share on other sites More sharing options...
ViciousXUSMC Posted May 14, 2015 Share Posted May 14, 2015 Firstly sorry if I somehow posted in a thread I should not have. I figured we would have a community thread to post notices of new false positives for other users to get a heads up, this thread was the first to come up in a search.Second topten.All I did was go to HKLM\SOFTWARE\Classes\.exe and look at what registry keys .exe uses to be executed.I then created my own key with my extension to tell Windows that .XXX is basically executed same as an .exe so that way a user would not get a "how should I open this file" dialog.Rename any of my compiled AutoIT.exes to my new file extension.In the corporate virus software control center add an exception to allow .XXX to run without being flagged as a virus.This was the most "proactive" fix for me as it fixes it now and going forward with little risk.The original short term fix was to just add the particular "virus" to the whitelist but then down the road a new one could come up and cause trouble all over again. Regards, Link to comment Share on other sites More sharing options...
Developers Jos Posted May 14, 2015 Developers Share Posted May 14, 2015 This is a pretty clever workaround with the only "limited" risk that a potential thread will read the registry and copy itself to this set extension which then also isn't AV scanned any more.The real nice thing about it is that all your distributed script executables won't be all wiped in one go when the AV company has a FU in the definition updates.Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Skysnake Posted May 15, 2015 Share Posted May 15, 2015 (edited) and now for something completely different:from the beta unzipped with 7zip to au3betaESET NOD32 Antivirus detected Autoit3Help.exea variant of Win32/Injecto.ANNX trojanPlease note that ESET never complains about AutoIt EXEs. This is something new. Edited May 15, 2015 by Skysnake Skysnake Why is the snake in the sky? Link to comment Share on other sites More sharing options...
Neutro Posted May 15, 2015 Share Posted May 15, 2015 Symantec Released this today: Killing all my scripts out in the field and removing them via quarantine. http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2015-050111-5257-99&vid=4294922793I guess I should submit a false positive report but the damage is done pretty fast :/ I had exactly the same problem today with one of my script.Seems like it's a bad Symantec definitions update. I will report this to them and hopefully they will fix it. Identify active network connections and change DNS server - Easily export Windows network settings Clean temporary files from Windows users profiles directories - List Active Directory Groups members Export content of an Outlook mailbox to a PST file - File patch manager - IRC chat connect example Thanks again for your help Water! Link to comment Share on other sites More sharing options...
Developers Jos Posted May 15, 2015 Developers Share Posted May 15, 2015 Autoit3Help.exe is an C++ compiled program so is indeed not related to False positives regularly seen with the compiled scripts.Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Neutro Posted May 15, 2015 Share Posted May 15, 2015 (edited) I had exactly the same problem today with one of my script.Seems like it's a bad Symantec definitions update. I will report this to them and hopefully they will fix it.Case 08763017 opened at Symantec Support with my company account.Will give update here when they answer me! Edited May 15, 2015 by Neutro Identify active network connections and change DNS server - Easily export Windows network settings Clean temporary files from Windows users profiles directories - List Active Directory Groups members Export content of an Outlook mailbox to a PST file - File patch manager - IRC chat connect example Thanks again for your help Water! Link to comment Share on other sites More sharing options...
GoravG Posted May 17, 2015 Share Posted May 17, 2015 My autoIt v3.3.8.1 compile script exe file is virus infected I am new, i am not programmer..... Sorry my bad English...... Link to comment Share on other sites More sharing options...
Moderators Melba23 Posted May 17, 2015 Moderators Share Posted May 17, 2015 GoravG,This whole thread tells you that is NOT the case - although it seems you have not bothered to read any of it before posting.M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area Link to comment Share on other sites More sharing options...
Neutro Posted May 18, 2015 Share Posted May 18, 2015 Case 08763017 opened at Symantec Support with my company account.Will give update here when they answer me!Symantec asked me to fill a false positive report, which i did giving my source code, the compiled exe and a link to autoit website.Currently waiting for an answer. Identify active network connections and change DNS server - Easily export Windows network settings Clean temporary files from Windows users profiles directories - List Active Directory Groups members Export content of an Outlook mailbox to a PST file - File patch manager - IRC chat connect example Thanks again for your help Water! Link to comment Share on other sites More sharing options...
Neutro Posted May 19, 2015 Share Posted May 19, 2015 Symantec answer:In relation to submission xxxxx.Upon further analysis and investigation we have verified your submission and as such this detection will be removed from our products.The updated detection will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.htmlPlease note that whitelisting can take up to 24 hours to take effect.Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.If you are a software vendor, why not take part in our whitelisting program?To participate in this program, please complete the following form: https://submit.symantec.com/whitelistSincerely,Symantec Security Responsehttp://securityresponse.symantec.comSo it should be OK for the next virus definitions Identify active network connections and change DNS server - Easily export Windows network settings Clean temporary files from Windows users profiles directories - List Active Directory Groups members Export content of an Outlook mailbox to a PST file - File patch manager - IRC chat connect example Thanks again for your help Water! Link to comment Share on other sites More sharing options...
SCare Posted May 26, 2015 Share Posted May 26, 2015 You don't understand the problem at all. The UPX program is a compressor that is used by a lot of software not just AutoIt. The problem is that the AV companies see all AutoIt scripts with the belief that it's "probably" a virus so lets flag it as such. The problem has been beaten to death, and the issue is that the AV companies are lazy. Link to comment Share on other sites More sharing options...
JohnOne Posted May 26, 2015 Share Posted May 26, 2015 You don't understand the problem at all. The UPX program is a compressor that is used by a lot of software not just AutoIt. The problem is that the AV companies see all AutoIt scripts with the belief that it's "probably" a virus so lets flag it as such. The problem has been beaten to death, and the issue is that the AV companies are lazy.Yes, I do understand. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
c.haslam Posted June 18, 2015 Share Posted June 18, 2015 I am writing this, taking the risk of being banned: I realize that the previous topic I started on this subject was closed.I have a lot of confidence in the developers, so I do believe that when they write that there is no Trojan in AutoIt3Help.exe, I believe them; however, they should know that scans by virusTotal.com show mixed results. (Report available on request). 26 out of 51 anti-virus programs show it to be infected. Spoiler CDebug Dumps values of variables including arrays and DLL structs, to a GUI, to the Console, and to the Clipboard Link to comment Share on other sites More sharing options...
Moderators Melba23 Posted June 18, 2015 Moderators Share Posted June 18, 2015 c.haslam,No, you will not get banned - but you make yourself look very stupid. - Do you think you are the first to notice this? You are not.- Is there a Trojan in the Help fie? No.- Have the AV companies been informed? No doubt - I personally inform AVG every time they hit on an AutoIt file.So what more do you want us to do?M23 JLogan3o13 1 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area Link to comment Share on other sites More sharing options...
c.haslam Posted June 18, 2015 Share Posted June 18, 2015 My apologies. Spoiler CDebug Dumps values of variables including arrays and DLL structs, to a GUI, to the Console, and to the Clipboard Link to comment Share on other sites More sharing options...
JohnOne Posted June 18, 2015 Share Posted June 18, 2015 SHA256: bfa04c28ec8ebda53aada77f7d46d29bf5bc4de3bd9678ab154d74710fab5443File name: AutoIt3Help.exeDetection ratio: 0 / 57 AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now