AutoHotkey Community

[Dragyn]

Just an FYI, never saw this in previous versions of AutoHotkey's compiled executables. The virus was added to AntiVir last year in August, so I'm pretty sure its a change in AutoHotkey.

The virus reported to be found is:
TR/AutoIt

This is with the latest free home version of AntiVir http://www.free-av.com/

I'm guessing that some specific byte code that AntiVir is using to identify the AutoIt Trojan is being identified in executables generated with the latest version of AutoHotKey. (Since AutoHotkey is an AutoIt derivative I believe, that makes some possible sense?)

For now I set an exception in AntiVir to not scan my AutoHotKey generated EXE files, but that always makes me nervous in case they did get infected with some other virus in the future.

Not sure if there's anything you can do about it, or if its something AntiVir has to adjust (or if you could help them with what they need to fix) but thought I'd post here as an FYI.

[Chris]

I think the best thing to do is for a customer to contact the company and notify them of the false positive. Although this isn't a bug in AutoHotkey, I can understand your rationale for posting in the Bugs forum.

Thanks.

[Dragyn]

Posted in the AntiVir forums also and sent in a sample exe to their 'suspicious files' e-mail. Of course since no other product has such amazing support from the author like AutoHotkey does, we'll see when/if I get a reply from them. Thanks Chris!

[Grumpy]

It is not the first false positive from this anti-virus against AutoHotkey, a quick search on the forum should show this...
Note it is not the only one overreacting. I installed PC-cillin at my work (official anti-virus) and it just classified an archive with the official IE7 install package (not yet installed...) as containing a "generic trojan" (sic). It put the file in quarantine...

[Dragyn]

Got the false positive confirmed and they said they should fix it in one of the next updates.

"We could not find a virus in the attachment you have sent us.
This is a false positive. We will take out the pattern recognition in one of our
next updates."

[n-l-i-d]

[Gast]

Hi@all

i have the same problem but a other answer from AVIRA.

The message from Avira:

Sehr geehrte Damen und Herren,


wir bedanken uns fuer Ihre Email.

In der von Ihnen eingesendeten Datei haben wir einen neuen Virus entdeckt.
Dessen Erkennungsmerkmale werden nun eingebaut, sodass er mit einem der naechsten Updates als TR/Autoit.AE erkannt wird.

Wir bedanken uns fuer Ihre Mithilfe zur Verbesserung des Virenschutzes.

Thanks for your email.

we have fount a new virus called TR/Autoit.AE in your compiled file.
The VDF file will update soon to find this virus.

sry for my Bad english.

I hope they will find a way to delete the virus.

Please dont use WOWsuche.exe. This is the infected file, i delete the file from webserver, if you use it, please delete it and scan your system.

[daonlyfreez]

It may well be that this WOWsuche script is malicious, but I get this with a compiled script with nothing but a msgbox aswell.

Which is a bit too strict.

"TR/Autoit.AE" and then "No description was found matching your research criteria. "

What irritates me too is that you can choose "Ignore" what you want, the alert will still popup
_________________
(sorry, homesite offline atm)

[Gast]

Hi

i have installed AHK new, the Trojan is deleted now. I think it is placed in the Compiler.src file. The file was littel bit bigger as the original after reinstalling AHK.

I have made the post because i get the mail from Avira.

WOWsuche is a script to find Quests on Webseits for WOW. It is placed on Top of Screen in Windowmode and you can simple search for Questdescriptions in Inet.

The Trojan is now deleted and the File is clean.

Update Avira and reinstall AHK, the Trojan will deleted.

[Gast]

Sry i mean the AutoHotkeySC.bin not .src

[n-l-i-d]

You are right, updating AHK and recompiling works. Probably Avira detects signatures of previous versions of AHK, still too strict.

[jballi]

This antivirus "problem" is no big deal... until it happens to you!

AVG just updated their signatures and who woulda thunk, some pattern from the AutoHotkeySC.bin file in AHK v1.0.46.08 was tagged as a trojan. I was in antivirus hell until I upgraded AHK to v1.0.46.09 and recompiled a few scripts. What a pain in the butt!

I just spent the last 30 minutes trying to track down a place to report false positives to AVG but couldn't find jack squat. I'm usually pretty good at finding this stuff.

Does anyone have an web address or email address to report false positives to AVG.

Thanks in advance for your assistance.

[corrupt]

[leucocytor]

FYI I had the same kind of pb this afternoon and I get rid of simply by recompiling my exe whith the last Autohotkey release (AHK v1.0.46.09)

I hope this sea snake will not go back at the surface in a couple of weeks.

[jballi]