Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate
Photo

My script/program reported as keylogger (spy sweeper)...


  • Please log in to reply
8 replies to this topic
.AHK
  • Members
  • 657 posts
  • Last active: Nov 27 2008 04:10 AM
  • Joined: 26 Apr 2006
Yesterday I downloaded spy sweeper and today I opened my program that I made a while back called ArbExpansion. After the program loaded Spy Sweeper - Keylogger Shield came up with this alert...

"This process may contain a malicious threat:

C:\Documents and Settings\User\My Documents\Created Programs and Scripts\ArbExpansion.exe

File details:

Name: Suspected Keylogger
File: ArbExpansion.exe
Company:
Copyright:

Please update you definitions then run a full sweep."

I have this program on my website for people to download and I would hate for anyone to think I tried to give them a keylogger. What should I do to correct this problem? ArbExpansion is a abbreviation expansion program for common internet used abbreviation like brb, idk, etc.... The script for the program is:

#SingleInstance ignore
#NoEnv

OnExit, ExitMsg

Menu, tray, NoStandard
Menu, tray, add
Menu, tray, add, Help
Menu, tray, add
Menu, tray, add, ArbList
Menu, tray, add
Menu, tray, add, Exit
Menu, tray, add
Menu, tray, Tip, ArbExpansion`nCreated by:`nHiddenTrojan`n

Gui, Font, CFF0000 S15 Bold
Gui, Color, 000000
Gui, Add, Text,, ArbExpansion is loading. To view a list of abbreviations`nright click on the system tray icon, and select "ArbList".
Gui, -SysMenu +AlwaysOnTop
Gui, Show, Center H80 W580, ArbExpansion
Sleep, 6500
Gui, Destroy
Return

Help:
Gui, Destroy
Gui, Font, CFF0000 S14 Bold
Gui, Color, 000000
Gui, Add, Edit, W570 R20 +VScroll +HScroll -Wrap +ReadOnly, ArbExpansion is a program designed to expand internet used abbreviations such as "BRB".`n`nWhile the program is running typing "brb", then a space or the enter key would result in: "Be right back".`n`nOnly the most commonly used internet abbreviations have been added.`n`nYou can exit the program while it is running by pressing Ctrl+E or by clicking on "Exit".`n`nIf you would like to have the program run on Startup add a shortcut of the file to your Startup Folder.`n`nIf you notice a missing abbreviation or if you have any problems with this program.`n`nEither message "hiddentrojan" on AOL Instant Messenger, or email me.`nEmail Address: [email protected]`n`n"yellowjacketf4i" <--AOL Instant Messenger, Helped find missing abbreviations and test program.`n`n`nThis program is FREEWARE, and can be distributed freely.
Gui, +AlwaysOnTop
Gui, Show, Center H540 W600, ArbExpansion Help
ControlSend, Edit1, ^{Home}, ArbExpansion Help
Return

ArbList:
Gui, Destroy
Gui, Font, CFFFFFF S12 Bold
Gui, Color, 000000
Gui, Add, Text, S13 CFF0000, List of the abbreviations used.
Gui, Add, Edit, W245 R17 +VScroll +HScroll -Wrap +ReadOnly, btw-By the way`nbbl-Be back later`nwtf-What the ****`nwth-What the hell`nyo-Hey, whats up?`ny-why`nidk-I don't know`nbrb-Be right back`nidc-I don't care`nnp-No problem`nnm-Not much`nnvm-Never mind`nns-Nice shot`nthx-Thank you`ngg-Good game`ngl-Good luck`ngj-Good job`nhf-Have fun`npos-Piece of shit`nppl-People`nstfu-Shut the **** up`nsob-Son of a bitch`nttyl-Talk to you later`nasap-As soon as possible`naka-Also known as`nimo-In my opinion`nbs-Bull shit`nic-I see`noic-Oh, I see`nly-Love ya`nlyl-Love ya lots`nomg-Oh my god`nsry-Sorry`ng2g-I have to go now`ngtg-I have to go now`ndn-Don't know`nidn-I don't know`nrofl-Rolling on floor laughing`nlmao-Laughing my ass off`nlmfao-Laughing my ****ing ass off`nu-you`nur-you're`ncu-See you later`ncul-See you later`nbf-Boy friend`ngf-Girl friend`nasl-Age/Sex/Location?`njk-Just joking`ncya-Cya later`nwb-Welcome back`nirl-In real life`nw/e-What ever`nk-Okay
Gui, +AlwaysOnTop
Gui, Show, Center H420 W275, Abbreviation List
ControlSend, Edit1, ^{Home}, Abbreviation List
Return

Exit:
ExitApp

^e::
ExitApp

ExitMsg:
Gui, Destroy
Gui, Font, CFF0000 S15 Bold
Gui, Color, 000000
Gui, Add, Text,, Thank you for using ArbExpansion.`nThe program will now exit.
Gui, -SysMenu +AlwaysOnTop
Gui, Show, Center H80 W375, AbrExit
Sleep, 3000
ExitApp
Return

#Hotstring SI

::btw::By the way
::bbl::Be back later
::wtf::What the ****
::wth::What the hell
::yo::Hey, whats up?
::y::why
::idk::I don't know
::brb::Be right back
::idc::I don't care
::np::No problem
::nm::Not much
::nvm::Never mind
::ns::Nice shot
::thx::Thank you
::gl::Good luck
::gj::Good job
::gg::Good Game
::hf::Have fun
::pos::Piece of shit
::ppl::people
::stfu::Shut the **** up
::sob::Son of a bitch
::ttyl::Talk to you later
::asap::As soon as possible
::aka::Also known as
::imo::In my opinion
::bs::Bull shit
::ic::I see
::oic::Oh, I see
::ly::Love ya
::lyl::Love ya lots
::omg::Oh my god
::sry::Sorry
::g2g::I have to go now
::gtg::I have to go now
::dn::Don't know
::idn::I don't know
::rofl::Rolling on floor laughing
::lmao::Laughing my ass off
::lmfao::Laughing my ****ing ass off
::u::you
::ur::you're
::cu::See you later
::cul::See you later
::bf::Boy friend
::gf::Girl friend
::asl::Age/Sex/Location?
::jk::Just joking
::cya::Cya later
::wb::Welcome back
::irl::In real life
::w/e::What ever
::k::Okay


Chris
  • Administrators
  • 10727 posts
  • Last active:
  • Joined: 02 Mar 2004
Chances are, this particular spy sweeper reports any program that uses a keyboard hook as a possible security threat. As described in the documentation, the keyboard hook is used to support hotstrings and some types of hotkeys.

.AHK
  • Members
  • 657 posts
  • Last active: Nov 27 2008 04:10 AM
  • Joined: 26 Apr 2006
The program is Webroot Spy Sweeper 4.5 free version. What should I do to try and fix this problem? My program is not detected to be a keylogger by Nortan 2006, Spyware Doctor, or Ad-Aware SE.

Chris
  • Administrators
  • 10727 posts
  • Last active:
  • Joined: 02 Mar 2004
You could try contacting them about it and asking that an exception be made for your program (or for all AutoHotkey compiled scripts).

PhiLho
  • Moderators
  • 6850 posts
  • Last active: Jan 02 2012 10:09 PM
  • Joined: 27 Dec 2005
Side note: it is good you broke down the two long Gui Add, Edit lines to the sake of posting.
But you know you could use continuation sections for an easier to read and edit content? No more `n, just plain newlines.
Posted Image vPhiLho := RegExReplace("Philippe Lhoste", "^(\w{3})\w*\s+\b(\w{3})\w*$", "$1$2")

JSLover
  • Members
  • 920 posts
  • Last active: Nov 02 2012 09:54 PM
  • Joined: 20 Dec 2004

...it is good you broke down the two long Gui Add, Edit lines to the sake of posting.

...he didn't...they're one long line, but it's text & wraps itself...but he should use continuation sections...
Useful forum links: New content since: Last visitPast weekPast 2 weeks (links will show YOUR posts, not mine)

OMFG, the AutoHotkey forum is IP.board now (yuck!)...I may not be able to continue coming here (& I love AutoHotkey)...I liked phpBB, but not this...ugh...

Note...
I may not reply to any topics (specifically ones I was previously involved in), mostly cuz I can't find the ones I replied to, to continue helping, but also just cuz I can't stand the new forum...phpBB was soo perfect. This is 100% the opposite of "perfect".

I also semi-plan to start my own, phpBB-based AutoHotkey forum (or take over the old one, if he'll let me)
PM me if you're interested in a new phpBB-based forum (I need to know if anyone would use it)
How (or why) did they create the Neil Armstrong memorial site (neilarmstronginfo.com) BEFORE he died?

not-logged-in-daonlyfreez
  • Guests
  • Last active:
  • Joined: --
Instructions on how to report a spyware/false positive

Btw: Have you ever considered that your nick might trigger it? Maybe you could try to remove the 'hiddentrojan' references, and have Spy Sweeper scan the program again...

.AHK
  • Members
  • 657 posts
  • Last active: Nov 27 2008 04:10 AM
  • Joined: 26 Apr 2006
Thank you for the help everyone, and for that link daonlyfreez. I sent a support ticket to Spy Sweeper and also attached my program along with the ticket. I added the link to this forum post incase they would like to ask any questions. I need to go download the new AHK now because Ive been idle for so long my version is slightly outdated. I did not ask for all AHK programs/scripts to be ignored as im sure autohotkey could be used to create certain programs like keyloggers, viruses, etc... Also, it could just be embedded into a compiled .ahk script.

By the way I did not use a continuation section because each abbreviation and expansion were ment to be on a separate line. For the Help gui I should of used it though. I still plan on making this program better eventually when I have the time.

If anyone would like to download arbexpansion it is on my website http://idw87.50megs.com/ and once agian thanks for the help.

PhiLho
  • Moderators
  • 6850 posts
  • Last active: Jan 02 2012 10:09 PM
  • Joined: 27 Dec 2005

By the way I did not use a continuation section because each abbreviation and expansion were ment to be on a separate line.

And so what?
Posted Image vPhiLho := RegExReplace("Philippe Lhoste", "^(\w{3})\w*\s+\b(\w{3})\w*$", "$1$2")