Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate
Photo

Virus ?


  • Please log in to reply
12 replies to this topic
AnAHKUser
  • Members
  • 32 posts
  • Last active: Aug 12 2013 10:12 PM
  • Joined: 05 Feb 2007
Today AVG free edition v7.5.467 reports Trojan horse Generic4.IRO in AutoHotkeySC.bin. I get the same message on my compiled scripts.

I'm using Autohotkey Version 1.0.46.15

Grumpy
  • Guests
  • Last active:
  • Joined: --
Search the forum. It isn't the first time AVG raises a false alert on AutoHotkey. And so is F-prot. The culprit is likely to be the new UPX.

engunneer
  • Moderators
  • 9162 posts
  • Last active: Sep 12 2014 10:36 PM
  • Joined: 30 Aug 2005
did you search the forums at all?

http://www.autohotke...highlight=virus
http://www.autohotke...highlight=virus
http://www.autohotke...highlight=virus
http://www.autohotke...highlight=virus
http://www.autohotke...highlight=virus

AnAHKUser
  • Members
  • 32 posts
  • Last active: Aug 12 2013 10:12 PM
  • Joined: 05 Feb 2007
Indeed I read all those posts before I posted. I posted to show it seems to be a bigger problem!

Grumpy
  • Guests
  • Last active:
  • Joined: --
The problem is with anti-virus software makers, not with AHK.
You should post on their forum instead...

engunneer
  • Moderators
  • 9162 posts
  • Last active: Sep 12 2014 10:36 PM
  • Joined: 30 Aug 2005
there is even a solution in one of those threads

AutoIt3 has an option in the compression menu of its "Script to EXE Converter" app to disable UPX compression, which effectively avoids this situation albeit producing a larger executable file, but I see no such similar option in AutoHotkey 1.0.43.09's converter app.


Renaming UPX.EXE will disable compression. One may toggle between names like:

F2::

IFExist, C:\Program Files\AutoHotkey\Compiler\UPX.EXE
   FileMove, C:\Program Files\AutoHotkey\Compiler\UPX.EXE, C:\Program Files\AutoHotkey\Compiler\UPX.XXX
Else
IFExist, C:\Program Files\AutoHotkey\Compiler\UPX.XXX
   FileMove, C:\Program Files\AutoHotkey\Compiler\UPX.XXX, C:\Program Files\AutoHotkey\Compiler\UPX.EXE

Return

:)



AnAHKUser
  • Members
  • 32 posts
  • Last active: Aug 12 2013 10:12 PM
  • Joined: 05 Feb 2007
Thanks for your effort trying to solve my problem :D
I did try rename upx.exe but AVG are stopping compiling progress because of AutoHotkeySC.bin

This didn't happen a couple of days ago, so it has to do with their latest definition 7.5.467. Since they seems to be aware of Autohotkey, it's strange that they detect it as a trojaner now...

  • Guests
  • Last active:
  • Joined: --
HV gt the same probleme with "avg" just ignore it
Probably some virus was made with this "AutoHotkeySC.bin"
And now "avg" think its a trojant :x
E-maill them to update there database
Well AutoHotkey is a very good programe n avg not
lol :wink:

m
  • Guests
  • Last active:
  • Joined: --
After yesterdays autoupdate for Kaspersky AV it now reports a trojan when compiling .ahk files into .exe files. So it sounds like Kaspersky gives false positives related to UPX too.

Anyway, updating to Autohotkey Version 1.0.46.15 -- May 9, 2007 solved the problem for me (I had 1.0.46.10 previously I think). Compiling .ahk files no longer result in warnings.

m
  • Guests
  • Last active:
  • Joined: --
Let me revise what I wrote in the last message: Kaspersky still warns about the update. Not when compiling .ahk to .exe but when running the newly compiled .exe files (the ones I've just tried at least)

POINTS
  • Members
  • 290 posts
  • Last active: Oct 13 2010 02:12 AM
  • Joined: 17 Jan 2006
AutoHotkey.exe was a virus last night and tonight my program is a virus which is great that thousands of my users will be getting this warning.

We need to call up those idiots and tell them to fix their crappy virus detection. Call AutoHotkey.exe a virus is like calling python.exe a virus just because someone made one virus script with it. Freaking pisses me off...

EDIT: The latest version isn't giving me any problems and I think my program is safe too... but still they shouldn't be flagging a compiler like AutoHotkey.exe.
My AutoHotkey Program for Warcraft III:
Warkeys
http://warkeys.sourceforge.net/

Remap your hotkeys
Healthbars always on
Remap inventory

PhiLho
  • Moderators
  • 6850 posts
  • Last active: Jan 02 2012 10:09 PM
  • Joined: 27 Dec 2005

Call AutoHotkey.exe a virus is like calling python.exe a virus just because someone made one virus script with it. [...] but still they shouldn't be flagging a compiler like AutoHotkey.exe.

I don't think they flag AutoHotkey itself, the usual false warnings come from UPX itself, other compiled programs get the warning, as I saw in other forums.
Now, since they probably know that, I wonder why they don't check UPX (and perhaps other compressors) and systematically exclude it from their database.
Posted Image vPhiLho := RegExReplace("Philippe Lhoste", "^(\w{3})\w*\s+\b(\w{3})\w*$", "$1$2")

psjw12
  • Members
  • 28 posts
  • Last active: Mar 03 2009 11:40 AM
  • Joined: 10 May 2007
I've had the same problem but it picked up everything, autohotkey itself, the .bin compile files and compiled scripts. When I updated to 10.0.46.15 the problem went away.
But ahk can't be a trojen as ZoneAlarm has never prompted for it to access the internet!

So hows gonna be calling them up? lol