AutoHotkey Community

Hey guys,

While I'm aware that some virus scanners see AHK as malware (due to possible keylogging IIRC), I was pretty shocked when Avira AntiVir just flagged AHK as a virus:

The whole thing started with AnitVir alerting me that my mIRC.exe was a trojan horse called TR/Dldr.Stration.I.
Quite worried (I've been using that very file for ages!), I ran a full system scan, which brought up AutoHotkey104414.zip, AU3_Spy.exe and AutoScriptWriter.exe as being (infected with?) the same virus or trojan horse.
And just now, PSPad's Notepad.exe was flagged with the same malware.

If it were only for AHK, I'd say AntiVir is a little too sensitive, but this mIRC thing worries me - that can't be a coincidence, can it?
A Google search didn't bring up any results on TR/Dldr.Stration.I, so I'm pretty much lost right now...

Any help would be appreciated!

It is possible, but highly unlikely, that the files may have been hacked. Agian, this seems to not be the case. I would have to say that the detection of those files is a False positive. Maybe chris, or someone else who has access, can manual check the files, but I still think it has to be a false positive. If you could, you should email AnitVir support asking for exact information about the trojan, and ask if it is likely to be a false positive detection on those files.

Funny, I just had the same alert from my Avira AntiVir PersonalEdition Classic... I had the idea to search for "virus" on the forum before alerting everybody... So here I am! We must have got the same update.

To be sure, I used BitDefender Online Scanner (need IE) and it reported no virus... So that's probably a false alert. I know that UPX compressed exes are sometime reported as virus, that's probably the common link between your various programs.

I am also trying Kaspersky Lab Online Scanner to be sure, but it choked on au3_spy.exe... I am re-trying. [UPDATE] OK, it was stuck because Avira blocked access to it, waiting I tell it to ignore it... This anti-virus is becoming a major annoyance, as it ask me regularly what to do with these files... I hope they will issue a new update.

Note 1: I first tried Secuser's online anti-virus, but unlike BitDefender's it cannot go beyond XP SP2's protection on running ActiveX, so I couldn't run it.

Note 2: I give French links, that's what I got, try these where I replaced the .fr with .com, perhaps it will work for you:
BitDefender Online Scanner
Kaspersky Lab Online Scanner

_________________
vPhiLho := RegExReplace("Philippe Lhoste", "^(\w{3})\w*\s+\b(\w{3})\w*$", "$1$2")

Hmm, I updated the definitions, and scanned the AutoHotkey folder with Avira AntiVir PE: Nothing found

Hi there,

I also get the "virus found" message:

The files
AU3_Spy.exe and AutoScriptWriter.exe
are infected with the trojan horse "TR/Dldr.Stration.I".
I Think, that's a false alarm, but does anybody ahs some more infos about his?

Daniel

Same here. AU3_Spy.exe AutoScriptWriter.exe and A0066881.exe (whatever this file might be) ... have them in quarantine right now. Can anybody confirm that these are false positives so that I can move the files back in place?

Thanks in advance!

Thanks for the responses, guys.
I've also filed a report to Avira - haven't heard back from them yet, but it looks like they're aware of the issue.

*phew* When mIRC was showing up as infected, I really thought I'd caught a virus there - glad that's not the case.