16 replies to this topic

[dennistoo]

i just attempted to download AUTOKEY_L and recvd message says the program is infected or reported to be.

i do not see any topics on this.

advise please.

thank you in advance

[Moved from Ask for Help forum. ~jaco0646]

[None]

Wiki FAQ Security
Common problem it is a false positive

[dennistoo]

thank you for your reply

[tidbit]

yup. 1,000's of users and the Open-source code and many years of AHK-related confirmed false positives are a lie.

[/sarcasm]

[MacroMan!]

This is true,

AVG and Antivir seem to be the worst, especially AVG reporting it as a specific virus, I don't see how they can unless it's signature matches that virus exactly.

Anyway, it's nothing to worry about. If your still unsure, you can so an online virus scan of the file here: <!-- m -->http://www.virustotal.com/<!-- m -->
It will scan the file using 20 or so virus scanners and give you the results of all of them.

David

[girlgamer]

A lot depends on where you downloaded it from. If you didn't use the official site, it could be infected.

Enough =  No way
IfNotEqual Afwaid, Enough
{  level := "Vewwy"
    Afwaid := "Be "%level%" Afwaid!"
    MsgBox,,,%Afwaid%
}

[MacroMan!]

Good point girlgamer.

Always use the official download from <!-- m -->http://www.autohotkey.com/download/<!-- m -->

David

[codybear]

I used AVG a while back and it was the worst one I've used for false positives. (Well besides McAfee that I used like 5 years ago...but who uses that anymore? ).
I used virustotal.com to upload files to make sure if they were actually a virus or not...

[Frankie]

I use Kaspersky and it reports based on behavior of the program. So if you were using a keylogging script with AHK it jumps at it, but normally it doesn't care.

[Lexikos]

Latest results from VirusTotal:

AhnLab-V3            2010.12.02.07   2010.12.02   -
AntiVir              7.10.14.171     2010.12.02   -
Antiy-AVL            2.0.3.7         2010.12.02   -
Avast                4.8.1351.0      2010.12.02   -
Avast5               5.0.677.0       2010.12.02   -
AVG                  9.0.0.851       2010.12.02   Win32/Cryptor
BitDefender          7.2             2010.12.02   -
CAT-QuickHeal        11.00           2010.12.02   -
ClamAV               0.96.4.0        2010.12.02   -
Command              5.2.11.5        2010.12.02   -
Comodo               6929            2010.12.02   -
DrWeb                5.0.2.03300     2010.12.02   -
Emsisoft             5.0.0.50        2010.12.02   Virus.Win32.Cryptor!IK
eSafe                7.0.17.0        2010.12.02   Win32.Corrupt.Ag
eTrust-Vet           36.1.8015       2010.12.02   -
F-Prot               4.6.2.117       2010.12.01   -
F-Secure             9.0.16160.0     2010.12.02   -
Fortinet             4.2.254.0       2010.12.02   -
GData                21              2010.12.02   -
Ikarus               T3.1.1.90.0     2010.12.02   Virus.Win32.Cryptor
Jiangmin             13.0.900        2010.12.02   -
K7AntiVirus          9.70.3146       2010.12.02   -
Kaspersky            7.0.0.125       2010.12.02   -
McAfee               5.400.0.1158    2010.12.02   Artemis!5C5CEBD103FD
McAfee-GW-Edition    2010.1C         2010.12.02   Artemis!5C5CEBD103FD
Microsoft            1.6402          2010.12.02   -
NOD32                5668            2010.12.02   -
Norman               6.06.10         2010.12.02   -
nProtect             2010-12-02.01   2010.12.02   -
Panda                10.0.2.7        2010.12.02   -
PCTools              7.0.3.5         2010.12.02   -
Prevx                3.0             2010.12.02   -
Rising               22.76.02.04     2010.12.02   -
Sophos               4.60.0          2010.12.02   -
SUPERAntiSpyware     4.40.0.1006     2010.12.02   -
Symantec             20101.2.0.161   2010.12.02   -
TheHacker            6.7.0.1.094     2010.12.01   -
TrendMicro           9.120.0.1004    2010.12.02   -
TrendMicro-HouseCall 9.120.0.1004    2010.12.02   -
VBA32                3.12.14.2       2010.12.02   -
VIPRE                7481            2010.12.02   -
ViRobot              2010.12.2.4181  2010.12.02   -
VirusBuster          13.6.71.0       2010.12.02   -

That's rather disheartening. I've also run a scan of my system with Hitman, which I believe uses heuristics and either a number of online scanners or software running on their own cloud. It identified AutoHotkey_L_Install.exe as Virus.Win32.Cryptor!IK (with a note like "contains characteristics of a virus") and MsgBox.exe (an old "Hello, world!" script) as a Rootkit (absurd!), but didn't detect anything else, such as AutoHotkeySC.bin or the source files used in the installer. Just in case it skipped the bin files, I scanned each of them using VirusTotal; there were no alerts.

Always use the official download from <!-- m -->http://www.autohotkey.com/download/<!-- m -->

Note that the AutoHotkey_L links are pointed at my space on autohotkey.net.

[jaco0646]

Note that the AutoHotkey_L links are pointed at my space on autohotkey.net.

Would there be any advantage to hosting them on the same server as AHK Basic?

[Lexikos]

Not that I'm aware of. Someone mentioned their A/V link scanner identified it as malicious, but that's probably just because the file itself is (falsely) identified as a virus.

[taurolyon]

MD5 : 5c5cebd103fd489590ca1f54d95073d9

If your checksum matches this, you have the original file and a false positive.