topten Posted June 19, 2015 Posted June 19, 2015 Ok, I understand, UPX, malwares and all that sort of things, but...Dont the people use other languages to write malwares? Dont they use c++, python and other languages to hook dlls etc? But as default AV companies dont mark their simple code such as "MsgBox (0,0,0)" as Autoit keylogger .gen trojan. Sincerely, I can live with this... But I want to be proud of my scripts.- not to be marked for such simple things
Developers Jos Posted June 19, 2015 Developers Posted June 19, 2015 AV companies often mark any Compiled script as virus for the simple fact they check on the included runtime module in stead of the real script section.There is a simple reason why AutoIt3 is used to write illigal stuff because it is so damn simply to do.In this case of autoit3help I have no clue why they make that as virus as it is a simple c++ program which opens the helpfile on the right topic/function page depending on the parameter provided.Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
c.haslam Posted June 19, 2015 Posted June 19, 2015 I am interested to hear that the sources for AutoIt3Help.exe are written in C++. I thought Melba23 was rough on me because he was assuming that I knew that AutoIt3Help.exe is a compiled AutoIt script, which I now know is not so. AutoIt3Help.exe is not "my AutoIt EXE".It must be tough on the moderators to face compiled AutoIt scripts being seen as infected.Would it make sense to distribute an AutoIt3Help.au3 script? The antivirus guys, to my knowledge, don't tag scripts as infected,...chris Spoiler CDebug Dumps values of variables including arrays and DLL structs, to a GUI, to the Console, and to the Clipboard
jchd Posted June 19, 2015 Posted June 19, 2015 Yes they regularly do. Some .au3 are even sometimes their targets. This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)
Moderators JLogan3o13 Posted June 19, 2015 Moderators Posted June 19, 2015 I don't see what having an uncompiled help file would buy us, besides further confusion for new users. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
Developers Jos Posted June 19, 2015 Developers Posted June 19, 2015 (edited) I am interested to hear that the sources for AutoIt3Help.exe are written in C++.You could have read a little but further back and see it was already stated by me on May 15 in this thread. Autoit3Help.exe is an C++ compiled program so is indeed not related to False positives regularly seen with the compiled scripts.JosI am also not sure why you read into Melba23's post that AutoIt3Help.exe is a compiled script. It used to be one which was converted to an EXE when we added some extra logic and to keep it smaller, so it's not going to be reverted. Jos Edited June 19, 2015 by Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
c.haslam Posted June 19, 2015 Posted June 19, 2015 (edited) You could have read a little but further back and see it was already stated by me on May 15 in this thread. I am also not sure why you read into Melba23's post that AutoIt3Help.exe is a compiled script. It used to be one which was converted to an EXE when we added some extra logic and to keep it smaller, so it's not going to be reverted. JosActually, I didn't read (or post) to this thread yesterday, but to a new thread, because AutoIt3Help.exe is not my exe. Perhaps I missed the point, but the only reason I could see for Melba23's blast was that AutoIt3Help.exe is a compiled script. Perhaps I missed his point. I see your point for not reverting it to a compiled script.May we win the war against the AV companies! Edited June 19, 2015 by c.haslam Spoiler CDebug Dumps values of variables including arrays and DLL structs, to a GUI, to the Console, and to the Clipboard
Developers Jos Posted June 19, 2015 Developers Posted June 19, 2015 (edited) May we win the war against the AV companies!That will never happen, like AV companies will never catch all malicious programs.Jos Edited June 19, 2015 by Jos mLipok 1 SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Skysnake Posted August 17, 2015 Posted August 17, 2015 This recently posted:Reworked AutoIt3Help.exe and applied a digital signature to help with malware false positives - as above. Skysnake Why is the snake in the sky?
Korom Posted September 19, 2015 Posted September 19, 2015 my script always become infected after using UPX Compression !! and sometimes even without using itplease help
Developers Jos Posted September 19, 2015 Developers Posted September 19, 2015 my script always become infected after using UPX Compression !! and sometimes even without using itplease help Not sure what you are expecting for other help than already suggested in this thread,but assume you get false positives or else you have a serious problem we can't help you with..Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
EmilyLove Posted October 12, 2015 Posted October 12, 2015 Greetings, I actually have a script that allows you to quickly report your programs as false positives to all known anti virus vendors with a simple drag and drop operation. It takes what normally takes a person a couple of hours to do and does it in 30 seconds. You can get it from my signature below. It's called False Positive Reporter. Thank you for your time and have a great day. I hope this was of help to you. Xandy 1
water Posted January 16, 2016 Posted January 16, 2016 (edited) In the following case the script isn't flagged as a virus but the problem is caused by an AV software:You run Trend Micro AV software.You get an AutoIt error message when running the script telling you "Unable to open the script file".The size of this exe is a few kilobyte smaller then that of a working exe.You do not get any error messages when compiling the script. Neither from Aut2xe nor from Trend Micro.The problem - in my case - was caused by Trend Micro's Behavior Monitoring.To solve the problem you simply have to disable this feature for Aut2Exe.exe.Seemed that logging was disabled for the Behavior Monitoring as well (by default?) so we didn't find anything in the TM logs.Details can be found in the following thread: Edited January 16, 2016 by water EmilyLove 1 My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
MattHiggs Posted February 8, 2016 Posted February 8, 2016 Is it really too much to ask that antivirus companies put quality before quantity, especially for the ones which charge annual fees for the service? I work as a remote IT support specialist and service many different clients, and I often use Autoit scripts to assist my end users, which is made difficult when I get a slew of emails stating that a script I wrote (which includes a legitimate program installer, say, for an adobe reader update, and runs the installer unattended using my admin credentials) is being flagged as malicious by their antivirus programs. I have the issue with antiviruses just flat out trying to automatically quarantine my files without so much as a warning, and I can tell you that opening my antivirus, restoring my quarantined file, and marking it or the folder it is in in the exception list just never gets old (sarcasm). And the sad fact of the matter is that it is not just antiviruses which play a role in this.....frustration. Now browsers are trying to get in on the action. Even if, somehow, the file is not flagged as a virus, I still get emails from users using Google chrome who, when attempting to download the file, would receive a message stating "This file has not been downloaded very often and may harm your computer. You should delete it" or something to that extent. If they would just read the message and use this little thing called logic (I just wrote the script to meet your needs, so of course it hasn't been downloaded often), they could save themselves and myself the migraine, but when they see that red circle, they start freaking out and stop using their brains. But I still blame the browser in the end for trying to nudge its way into malware detection and using a metric that is completely retarded in order to determine this.
JohnOne Posted February 9, 2016 Posted February 9, 2016 I have never had a false for over 2 years since I stopped using compression. Or. Start creating a library of functions/methods/classes to do the work, in some other language, as I cannot see this problem ending anytime soon. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans.
EmilyLove Posted February 25, 2016 Posted February 25, 2016 I almost never compress my scripts, yet I still get false positives all the time. It's usually always 2 or 3 companies (ones I've never heard of if not for virustotal) that always flag autoit. Usually I get basically heuristics detections.
Trong Posted March 17, 2016 Posted March 17, 2016 The antivirus is the reason that I stopped using autoit to write public software. I am very sad and be forced to switched to using c++ it harder than AutoIt. I hope people do not use autoit to write viruses. I always love AutoIt. Win32:Evo-gen [Susp] Trojan: W32/AutoIt Regards,
DrAhmed Posted March 21, 2016 Posted March 21, 2016 It happens to me sometimes ,my AV says that my codes is infected .. I already contacted the AV company but still have always the same problem when I use some functions / methods .
VaultGuy Posted April 7, 2016 Posted April 7, 2016 I don't know if someone already suggested this: Get a code signing certificate from a certificate authority (Thawte, GlobalSign, etc.) and use it to digitally sign your applications. Usually costs around 200-300$ per year (Just had a quick glance). Usually AV solutions monitor the certificates issued by a CA and trust the applications signed with official certificates automatically. Even if that's not the case, many AV solutions use a reputation system for the heuristic analysis of files. Having a digital signature would improve the chances of your file being detected as "good". If you want to use your software in any commercial way or in a professional environment, code signing would be the best way to get along with AV solutions.
giangnguyen Posted June 1, 2016 Posted June 1, 2016 I just want you guys to know that currently Twister AV marked the entire AutoIt "engine". I contacted them and got no response. Anyone want to help me contact them?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now