Today AVG free edition v7.5.467 reports Trojan horse Generic4.IRO in AutoHotkeySC.bin. I get the same message on my compiled scripts.
I'm using Autohotkey Version 1.0.46.15
Virus ?
Started by
AnAHKUser
, May 14 2007 04:38 PM
12 replies to this topic
#1
-
Posted 14 May 2007 - 04:38 PM
Search the forum. It isn't the first time AVG raises a false alert on AutoHotkey. And so is F-prot. The culprit is likely to be the new UPX.
#2
-
Posted 14 May 2007 - 04:56 PM
did you search the forums at all?
http://www.autohotke...highlight=virus
http://www.autohotke...highlight=virus
http://www.autohotke...highlight=virus
http://www.autohotke...highlight=virus
http://www.autohotke...highlight=virus
http://www.autohotke...highlight=virus
http://www.autohotke...highlight=virus
http://www.autohotke...highlight=virus
http://www.autohotke...highlight=virus
http://www.autohotke...highlight=virus
#3
-
Posted 14 May 2007 - 04:57 PM
Indeed I read all those posts before I posted. I posted to show it seems to be a bigger problem!
#4
-
Posted 14 May 2007 - 05:00 PM
The problem is with anti-virus software makers, not with AHK.
You should post on their forum instead...
You should post on their forum instead...
#5
-
Posted 14 May 2007 - 05:02 PM
there is even a solution in one of those threads
AutoIt3 has an option in the compression menu of its "Script to EXE Converter" app to disable UPX compression, which effectively avoids this situation albeit producing a larger executable file, but I see no such similar option in AutoHotkey 1.0.43.09's converter app.
Renaming UPX.EXE will disable compression. One may toggle between names like:F2:: IFExist, C:\Program Files\AutoHotkey\Compiler\UPX.EXE FileMove, C:\Program Files\AutoHotkey\Compiler\UPX.EXE, C:\Program Files\AutoHotkey\Compiler\UPX.XXX Else IFExist, C:\Program Files\AutoHotkey\Compiler\UPX.XXX FileMove, C:\Program Files\AutoHotkey\Compiler\UPX.XXX, C:\Program Files\AutoHotkey\Compiler\UPX.EXE Return
#6
-
Posted 14 May 2007 - 05:15 PM
Thanks for your effort trying to solve my problem
I did try rename upx.exe but AVG are stopping compiling progress because of AutoHotkeySC.bin
This didn't happen a couple of days ago, so it has to do with their latest definition 7.5.467. Since they seems to be aware of Autohotkey, it's strange that they detect it as a trojaner now...
I did try rename upx.exe but AVG are stopping compiling progress because of AutoHotkeySC.bin
This didn't happen a couple of days ago, so it has to do with their latest definition 7.5.467. Since they seems to be aware of Autohotkey, it's strange that they detect it as a trojaner now...
#7
-
Posted 14 May 2007 - 06:09 PM
HV gt the same probleme with "avg" just ignore it
Probably some virus was made with this "AutoHotkeySC.bin"
And now "avg" think its a trojant :x
E-maill them to update there database
Well AutoHotkey is a very good programe n avg not
lol :wink:
Probably some virus was made with this "AutoHotkeySC.bin"
And now "avg" think its a trojant :x
E-maill them to update there database
Well AutoHotkey is a very good programe n avg not
lol :wink:
#8
-
Posted 14 May 2007 - 07:01 PM
After yesterdays autoupdate for Kaspersky AV it now reports a trojan when compiling .ahk files into .exe files. So it sounds like Kaspersky gives false positives related to UPX too.
Anyway, updating to Autohotkey Version 1.0.46.15 -- May 9, 2007 solved the problem for me (I had 1.0.46.10 previously I think). Compiling .ahk files no longer result in warnings.
Anyway, updating to Autohotkey Version 1.0.46.15 -- May 9, 2007 solved the problem for me (I had 1.0.46.10 previously I think). Compiling .ahk files no longer result in warnings.
#9
-
Posted 15 May 2007 - 09:43 AM
Let me revise what I wrote in the last message: Kaspersky still warns about the update. Not when compiling .ahk to .exe but when running the newly compiled .exe files (the ones I've just tried at least)
#10
-
Posted 15 May 2007 - 12:11 PM
AutoHotkey.exe was a virus last night and tonight my program is a virus which is great that thousands of my users will be getting this warning.
We need to call up those idiots and tell them to fix their crappy virus detection. Call AutoHotkey.exe a virus is like calling python.exe a virus just because someone made one virus script with it. Freaking pisses me off...
EDIT: The latest version isn't giving me any problems and I think my program is safe too... but still they shouldn't be flagging a compiler like AutoHotkey.exe.
We need to call up those idiots and tell them to fix their crappy virus detection. Call AutoHotkey.exe a virus is like calling python.exe a virus just because someone made one virus script with it. Freaking pisses me off...
EDIT: The latest version isn't giving me any problems and I think my program is safe too... but still they shouldn't be flagging a compiler like AutoHotkey.exe.
#11
-
Posted 18 May 2007 - 06:39 AM
My AutoHotkey Program for Warcraft III:
Warkeys
http://warkeys.sourceforge.net/
Remap your hotkeys
Healthbars always on
Remap inventory
Warkeys
http://warkeys.sourceforge.net/
Remap your hotkeys
Healthbars always on
Remap inventory
I don't think they flag AutoHotkey itself, the usual false warnings come from UPX itself, other compiled programs get the warning, as I saw in other forums.Call AutoHotkey.exe a virus is like calling python.exe a virus just because someone made one virus script with it. [...] but still they shouldn't be flagging a compiler like AutoHotkey.exe.
Now, since they probably know that, I wonder why they don't check UPX (and perhaps other compressors) and systematically exclude it from their database.
#12
-
Posted 18 May 2007 - 07:03 AM
vPhiLho := RegExReplace("Philippe Lhoste", "^(\w{3})\w*\s+\b(\w{3})\w*$", "$1$2")
I've had the same problem but it picked up everything, autohotkey itself, the .bin compile files and compiled scripts. When I updated to 10.0.46.15 the problem went away.
But ahk can't be a trojen as ZoneAlarm has never prompted for it to access the internet!
So hows gonna be calling them up? lol
But ahk can't be a trojen as ZoneAlarm has never prompted for it to access the internet!
So hows gonna be calling them up? lol
#13
-
Posted 18 May 2007 - 09:26 PM