Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate
Photo

AntiVir False Positives with EXE made with AHK 1.0.46.08


  • Please log in to reply
24 replies to this topic
corrupt
  • Members
  • 2558 posts
  • Last active: Nov 01 2014 03:23 PM
  • Joined: 29 Dec 2004
Thanks for the link. AVG is showing recently compiled scripts on this PC as TROJAN HORSE GENERIC3.HTN :( :( . Although I'll probably inform them it proabably wouldn't hurt if AutoHotkey's developer(s) dropped them a line also...

Edit: Interestingly, I restored the file and it seems that the file was corrupted. Compiling the file again from source seems to solve the issue but I didn't update AHK before compiling again...

jballi
  • Members
  • 1029 posts
  • Last active:
  • Joined: 01 Oct 2005
I received this reply from AVG Technical support today...

Thank you for your email.

Unfortunately, the previous virus database might have detected the virus (Trojan Horse) on some legitimate applications. We can confirm that it was a false alarm. This false detection will be fixed in the next virus database update. Please update your AVG and check your files again.

If you need to restore deleted files from AVG Virus Vault you can do it this way: open AVG Virus Vault (Start -> Programs -> AVG Antivirus -> AVG Virus Vault). Locate the file that was removed, right click on it and choose "Restore File(s)" option.

We are sorry for the inconvenience.

Best regards,

David Rohlik
AVG Technical Support

I checked. No, not yet. Hopefully they will resolve the problem in the next couple of days.

Them be my thoughts...

corrupt
  • Members
  • 2558 posts
  • Last active: Nov 01 2014 03:23 PM
  • Joined: 29 Dec 2004
Thanks for the update. Unfortunately I ended up losing a few files on my laptop that I had deleted the scripts for. AVG on my laptop was apparently set to delete by default... :(

Grumpy
  • Guests
  • Last active:
  • Joined: --
AntiVir is annoying because of these false alerts and some other issues (the daily ad page, no scan over network, etc.).

I switched to Avast! and it seems much better! :-)

corrupt
  • Members
  • 2558 posts
  • Last active: Nov 01 2014 03:23 PM
  • Joined: 29 Dec 2004
Although it may not be AHK that's causing the issue, I have found 3 machines now where the files quarantined by AVG files turned out to be corrupted. Updating to the latest version of AHK on XP Pro SP2 seems to allow compiling scripts again on at least 1 machine tested but I've tried the last 3 releases on Vista and AVG will complain on each of them when trying to compile. So, ATM I can't seem to compile using Vista but can compile using XP then move the compiled file to Vista Ok... :?

Antoine92
  • Guests
  • Last active:
  • Joined: --
Some new false positives by AVG since this morning after latest virus db update. With all exe files generated by AHK compiler, AVG believes to recognize the following malware :

Trojan horse Generic4.IRO

:?

thd
  • Guests
  • Last active:
  • Joined: --
At my work AVG also reported this trojan (Trojan horse Generic4.IRO) in all compiled AHK scripts (and also the .BIN file in the AHK folder) since this morning. Updating to the latest AHK version and recompiling fixed the problem.

Thank god I have a script that automatically recompiles and puts the files on the network... I wouldn't want to have to recompile the script on 50 PC's.

Antoine92
  • Guests
  • Last active:
  • Joined: --
Just a post to confirm what thd wrote : no more false positive with AVG and the latest AHK build. Thanks thd.

POINTS
  • Members
  • 290 posts
  • Last active: Oct 13 2010 02:12 AM
  • Joined: 17 Jan 2006
AVG said that Autohotkey.exe was a virus. I have the latest build (I think) but when I scan it manually it says it's okay so hopefully AVG won't bug me any more.

It's kind of lame when you think about it. It's like saying "python.exe" is a virus because someone wrote a script that acts as a virus. Pretty lame Anti-virus guys...
My AutoHotkey Program for Warcraft III:
Warkeys
http://warkeys.sourceforge.net/

Remap your hotkeys
Healthbars always on
Remap inventory

ashraf
  • Guests
  • Last active:
  • Joined: --

Just an FYI, never saw this in previous versions of AutoHotkey's compiled executables. The virus was added to AntiVir last year in August, so I'm pretty sure its a change in AutoHotkey.

The virus reported to be found is:
TR/AutoIt

This is with the latest free home version of AntiVir http://www.free-av.com/

I'm guessing that some specific byte code that AntiVir is using to identify the AutoIt Trojan is being identified in executables generated with the latest version of AutoHotKey. (Since AutoHotkey is an AutoIt derivative I believe, that makes some possible sense?)

For now I set an exception in AntiVir to not scan my AutoHotKey generated EXE files, but that always makes me nervous in case they did get infected with some other virus in the future.

Not sure if there's anything you can do about it, or if its something AntiVir has to adjust (or if you could help them with what they need to fix) but thought I'd post here as an FYI.