SpookMeister Posted July 25, 2006 Share Posted July 25, 2006 (edited) A few days ago an AVG update started detecting some compiled exe's I hade give to friends as trojans. Does anyone know if this false positive issue has been corrected by a newer pattern/engine from them yet? Edited July 25, 2006 by SpookMeister [u]Helpful tips:[/u]If you want better answers to your questions, take the time to reproduce your issue in a small "stand alone" example script whenever possible. Also, make sure you tell us 1) what you tried, 2) what you expected to happen, and 3) what happened instead.[u]Useful links:[/u]BrettF's update to LxP's "How to AutoIt" pdfValuater's Autoit 1-2-3 Download page for the latest versions of Autoit and SciTE[quote]<glyph> For example - if you came in here asking "how do I use a jackhammer" we might ask "why do you need to use a jackhammer"<glyph> If the answer to the latter question is "to knock my grandmother's head off to let out the evil spirits that gave her cancer", then maybe the problem is actually unrelated to jackhammers[/quote] Link to comment Share on other sites More sharing options...
Xenobiologist Posted July 25, 2006 Share Posted July 25, 2006 Hi, what about sending your friend the apps again and let him test? So long, Mega PS: Normally the AV are very fast ... Scripts & functions Organize Includes Let Scite organize the include files Yahtzee The game "Yahtzee" (Kniffel, DiceLion) LoginWrapper Secure scripts by adding a query (authentication) _RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...) Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc. MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times Link to comment Share on other sites More sharing options...
ivan Posted August 5, 2006 Share Posted August 5, 2006 (edited) On this issue, I'm rather nervous lately as I'm going to distribute a commercial application made with Autoit in the coming weeks and Monday is the test day with the bosses...uhhh!.... I'm aware of the AVG false positive issue, but I haven't even installed it to check if it reports a trojan or virus of any sort. If anyone is aware on how the subject stands at the moment (August 2006) I'd really appreciate it if you could let me know about it.I'm not concerned with whether my pc is infected or not as I trust implicitly the AutoIt team, but I'm concerned about how the exe will perform on the test and how it will do with end users...Valuater provided a worrying news, and I'm frankly shitting my pants, forgive the lingo. I'm also on the verge of sending Grissoft a frigging note to let them know that Autoit is like any other language, just that, and by itself it does not constitute a virus. I'm sure they're not going to write off all applications made with a given language, say C++ because they can't tell a normal exe from a virus.Before I do send them the note (again, I did so over a year ago, or so), I'd be really happy if someone could throw me an information lifeline...Forgot to say thanks in advance!IVAN Edited August 5, 2006 by ivan Think out of the boxGrabber: Yet another WinInfo tool_CSVLib (still alpha)Dynamic html in au3 Link to comment Share on other sites More sharing options...
Confuzzled Posted August 6, 2006 Share Posted August 6, 2006 You're going to distribute an application without testing it in a simulated situation that is as close as possible to the live environment you are deploying it on? I strongly suggest you download and install the latest AVG and try your application with it hovering in the background and see what happens. If it has problems, promptly send the problem code to AVG so they can update their signature if it is a false positive - don't whine here as the AutoIT people can't do anything about false positives in third party products.Make sure that if AVG fix a problem that your customers have the latest signature pattern, otherwise you will certainly look very unprofessional as their anti-virus comes up with alerts. Link to comment Share on other sites More sharing options...
navajo Posted August 7, 2006 Share Posted August 7, 2006 Even though I run my own testing lab, I don't even allow untested application 'I' have written into its open environment. At least make notes in an included 'readme' file about known problems with AVG, and possible solution to the issue. As of last night (08/07/06), AVG 7.1.405 did list AutoIT and AutoITX as possible spy-ware. I have not tested it against any AutoIT script yet. Link to comment Share on other sites More sharing options...
The Kandie Man Posted August 7, 2006 Share Posted August 7, 2006 Unfortunately, due to the ease-of-use of autoit and its availability, its a great utility for a$$holes to write viruses with. One way to get around the problem is to compile the script with options and change the various compression settings. Certain compression settings allow antivirus programs to read the exe correctly and not give it false positives. Try messing around with that and see what you can do. If there is a massive problem, autoit is also partially open source, recompiling a modified version of the source code would prevent your autoit exe from being detected as a virus with the main-stream autoit executables. Hope that helps "So man has sown the wind and reaped the world. Perhaps in the next few hours there will no remembrance of the past and no hope for the future that might have been." & _"All the works of man will be consumed in the great fire after which he was created." & _"And if there is a future for man, insensitive as he is, proud and defiant in his pursuit of power, let him resolve to live it lovingly, for he knows well how to do so." & _"Then he may say once more, 'Truly the light is sweet, and what a pleasant thing it is for the eyes to see the sun.'" - The Day the Earth Caught Fire Link to comment Share on other sites More sharing options...
Valuater Posted August 7, 2006 Share Posted August 7, 2006 (edited) From: technicalsupport@grisoft.comShow/Hide all the To recipientsTo: valuaterSubject: Re: G#0601502313 - Fwd: ... Any news yet?Date: Sun, 6 Aug 2006 1:00 PMDear Sir/Madam,Thank you for your email.I have tested the file you have sent with the latest virus database and the file is not detected as a virus anymore. Please update your AVG virus database to the latest one.- open AVG Control Center- right-click on the Update Manager component- select Update from the context menu- select update from the InternetThank you for cooperation. Best regards, David Rohlik AVG Technical Supportwebsite: http://www.grisoft.commailto: technicalsupport@grisoft.comOn Sun, 06 Aug 2006 15:39:12 -0400 you wrote:>> -----Original Message-----> From: valuater@aol.com> To: virus@grisoft.com> Cc: Valuater@aol.com> Sent: Fri, 21 Jul 2006 2:22 PM>******* Notice the "anymore" word???8) Edited September 1, 2006 by Valuater Link to comment Share on other sites More sharing options...
Valuater Posted August 31, 2006 Share Posted August 31, 2006 (edited) AVG latest update ( today/yesturday )You guys need to check for false positives with Autoit in your database....PLEASE!!!! see attached... password = "Valuater" YOU ARE HURTING US!!!!! Service load: 0% 100% File: AutoitSC.bin Status: INFECTED/MALWARE MD5 b5cf0582f8a01dcdc1fd81eb1fe9e158 Packers detected: - Scanner results AntiVir Found nothingArcaVir Found nothingAvast Found nothingAVG Antivirus Found Generic2.RW BitDefender Found nothingClamAV Found nothingDr.Web Found nothingF-Prot Antivirus Found nothingFortinet Found nothingKaspersky Anti-Virus Found nothingNOD32 Found nothingNorman Virus Control Found nothingUNA Found nothingVirusBuster Found nothingVBA32 Found nothing Sincerely,ValuaterI am going to stay on them like....White on Rice!!8) Edited August 31, 2006 by Valuater Link to comment Share on other sites More sharing options...
Valuater Posted September 1, 2006 Share Posted September 1, 2006 latest reply.....Dear Valuater,According to the problem with false detection on your applications we would like to ask you for cooperation. To avoid the false alarm detection the future you can send us the latest version of the compiled application before releasing - it will allow us test the file and update the virus definitions. Please send us these files in the password protected ZIP or RAR archive virus@grisoft.com and write the archive password into mail.If there are more files, kindly pack them all to one archive. Another solution is to provide us any efficient algorithm able to detect if the file has been compiled by the Autoit, this will avoid the further false detections.The file you send us will be removed from the AVG virus definistions.Thank you for your understanding and cooperation.Best regards, Ondrej Novotny AVG Technical Supportwebsite: http://www.grisoft.commailto: technicalsupport@grisoft.com>>You guys need to check for false positives with Autoit in your >database....PLEASE!!!!> >see attached... password = "Valuater"> >YOU ARE HURTING US!!!!!> > Service load: 0% 100% File: AutoitSC.bin Status: >INFECTED/MALWARE >MD5 b5cf0582f8a01dcdc1fd81eb1fe9e158 Packers detected: >->Scanner results >AntiVir >Found nothing>ArcaVir >Found nothing>Avast >Found nothing>AVG Antivirus >Found Generic2.RW >BitDefender >Found nothing>ClamAV >Found nothing>Dr.Web >Found nothing>F-Prot Antivirus >Found nothing>Fortinet >Found nothing>Kaspersky Anti-Virus >Found nothing>NOD32 >Found nothing>Norman Virus Control >Found nothing>UNA >Found nothing>VirusBuster >Found nothing>VBA32 >Found nothing>>>>Sincerely,>Valuater>>8) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now