AutoHotkey Community

NTHRIWZ · Joined: 21 Aug 2007 Posts: 7

I just had AVG get hits on the Autoit.KV worm in a ZIP file that had 4 work-in-progress (as I was creating something) .EXEs created by AutoHotkey v 1.0.47.03 on 8-20-07. Strangely enough the ones I created 59 minutes later (that day) were not tagged as being infected.

I believe these are false-positive hits but you people are the AutoHotkey geniuses and I defer to you.
_________________
This is all SO repetitive...

neXt · Joined: 18 Mar 2007 Posts: 504

search the forum it was discussed millions of times.

NTHRIWZ · Joined: 21 Aug 2007 Posts: 7

I searched before I asked and came up with 9 pages of hits that have nothing to do with the Autoit.KV worm I asked about.

Hopefully someone can direct me to something helpful.
_________________
This is all SO repetitive...

Guest · Posted: Fri Jan 11, 2008 7:19 am Post subject:

neXt · Joined: 18 Mar 2007 Posts: 504

http://www.autohotkey.com/forum/search.php?mode=results

you ned to search the forum.

NTHRIWZ · Joined: 21 Aug 2007 Posts: 7

Thanks for the links they were most helpful.

I ran the file (renamed to make it easy for the scanner) through Jotti's scanner and it got several hits. Amazingly these are .EXEs in a .ZIP that's never been off of this machine. Go figure...

Nevertheless here are the results per your request.

Scan taken on 12 Jan 2008 02:27:16 (GMT)
AntiVir
Found nothing
ArcaVir
Found Trojan.Downloader.Agent.Ejc
Avast
Found nothing
AVG Antivirus
Found Worm/Autoit.KV
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found F9 test version, it works.exe - Signature 'Virus.Win32.AutoRun.wv, Ctrl keypress version - original.exe - Signature 'Virus.Win32.AutoRun.wv, Ctrl keypress version.exe - Signature 'Virus.Win32.AutoRun.wv, non-Ctrl keypress version.exe - Signature 'Virus.Win32.AutoRun.wv, non-Ctrl keypress version - blue & tan.exe - Signature 'Virus.Win32.AutoRun.wv, blue pyramid - blue pyramid.exe - Signature 'Virus.Win32.AutoRun.wv, non-Ctrl keypress version - red.exe - Signature 'Virus.Win32.AutoRun.wv, Ctrl keypress version - red.exe - Signature 'Virus.Win32.AutoRun.wv, Virus.Win32.AutoRun.wv
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found W32/AutoRun.AFH
Panda Antivirus
Found nothing
Rising Antivirus
Found Worm.Win32.Autorun.ity
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

_________________
This is all SO repetitive...

badmojo · Joined: 11 Nov 2005 Posts: 202

i have an alert too on AVG Free.. no doubt, it's a false positive but just posting here and going to notify the AVG people as well..

vdongen · Joined: 08 May 2005 Posts: 41 Location: Jakarta, Indonesia

I got the same message from AVG. how to solve the problem?

Bart

Jamey (forgot password) · Guest

I got the exact same AVG virus warning as badmojo did:

AVG Free Edition Resident Shield
Threat Detected!
While opening file: D:\...\AnAutoHotKeyEXE.exe
Virus identified Worm/Autoit.LM

For the moment I seem to have side-stepped the problem. I uninstalled my AutoHotKey version 1.0.47.04, and I installed the new version, 1.0.47.05. I "re-compiled" the same AHK script (whose EXE had been giving the virus warning), and the new EXE no longer generated any complaints from AVG. It is possible that my computer has some virus infection on it, after all - so scanning time, I guess. I mean, I doubt (?) the newest version changes involved fixing a false-positive virus warning; and the same AHK EXE gave no AVG complaints for the last 6 months until today (and today, is after I had just re-installed and updated AVG Free with the latest released version).