| View previous topic :: View next topic |
| Author |
Message |
SecurityAnalysis
Guest
|
 Posted: Mon Jan 14, 2008 11:41 pm Post subject: Compiled AutoHotkey scripts detected as virus by AVG |
 |
|
AVG found two viruses:
| Code: | Object:
C:\RECYCLERS\S-1-5-21-1343024091-725345543-839522115-500\Dc396.exe
Infected:
Virus identified Worm/Autoit.LM
Deleted
Object:
C:\RECYCLERS\S-1-5-21-1343024091-725345543-839522115-500\Dc402.exe
Infected:
Virus identified Worm/Autoit.LM
Deleted |
Are they real viruses or false positives? If they are real, is there any way I can find out what they do? Is there any risk that information has been stolen from my computer, like login details or credit card numbers? |
|
| Back to top |
|
 |
Conquer
Joined: 27 Jun 2006
Posts: 383
Location: Canada
|
| Posted: Tue Jan 15, 2008 12:21 am Post subject: |
|
|
This is a FAQ. Search the forum before posting.
_________________
 |
|
| Back to top |
|
|
ManaUser
Joined: 24 May 2007
Posts: 901
|
| Posted: Tue Jan 15, 2008 4:22 am Post subject: |
|
|
| Conquer wrote: | | This is a FAQ. |
No it isn't. This is only the second time someone has asked about that particular "virus". It does look like it's been pretty well settled as a false positive though:
http://www.autohotkey.com/forum/viewtopic.php?t=27423 |
|
| Back to top |
|
|
neXt
Joined: 19 Mar 2007
Posts: 463
|
|
| Back to top |
|
|
NLI-Conquer
Guest
|
| Posted: Wed Jan 16, 2008 1:20 am Post subject: |
|
|
Aw snap ma boi neXt has got my back.. 
I meant viruses are a FAQ, ManaUser. Obviously I didn't mean that "Worm/Autoit.LM"s are. |
|
| Back to top |
|
|
WrongSectionAlert
Guest
|
| Posted: Wed Jan 16, 2008 1:28 am Post subject: |
|
|
--> General Chat 
Moderator!: Moved. |
|
| Back to top |
|
|
Ian
Joined: 15 Jul 2007
Posts: 1157
Location: Enterprise, Alabama
|
| Posted: Wed Jan 16, 2008 1:52 am Post subject: |
|
|
Whomever is the WrongSectionAlert guest, needs to stop. We all know what section topics belong in. If it needs to be moved, a mod will find and move it. As for this topic, it will do in either the General Chat or Ask For Help forums. The reason being:
| Quote: | It has to do with AutoHotkey, and this person needs help with it.
Most of these topics related to viruses in AutoHotkey are posted in the General Chat |
_________________
ScriptPad/~dieom/dieom/izwian2k7/Trikster/God
 |
|
| Back to top |
|
|
ManaUser
Joined: 24 May 2007
Posts: 901
|
| Posted: Wed Jan 16, 2008 2:28 am Post subject: |
|
|
| NLI-Conquer wrote: | | I meant viruses are a FAQ, ManaUser. Obviously I didn't mean that "Worm/Autoit.LM"s are. |
It's been said before but I'll say it again. It would be dangerous to assume all AutoHotkey related virus alerts are false positives. There have been viruses written in AutoHotkey before and it's also possible there could be copies of AutoHotkey infected with some other virus floating around out there.
So even though a continuous series of "Is this a real virus?" "Is this a real virus?" posts might be annoying, it's better than jumping to the conclusion that none of them are real. Besides, it doesn't make up a significant volume of posts anyway. |
|
| Back to top |
|
|
WrongSectionAlert
Guest
|
| Posted: Wed Jan 16, 2008 2:30 am Post subject: |
|
|
| Quote: | | If it needs to be moved, a mod will find and move it |
Indeed. As our moderators are smart enough to qualify a thread, it's up to them to decide. Once they find'm within a flood of threads. And for that one and only reason the WSA has been created. So, lets wait for a Moderator.
If this thread will 'survive' at its current position, fine - if not, it'll be fine too. Nothing personal.
'WrongSectionAlert' means not necessarily that it's completely wrong within its current area, but it could make more sense to be dropped at another section.
Your/this thread isn't about that ...
a) you need help with AHK Code to analize a virus/write a virus.
b) a request within an anti virus forum to discuss that topic in detail
... so what?
| Quote: | | It has to do with AutoHotkey, and this person needs help with it. |
My PC dropped from my desk. Now I can't code any AHK scripts. Would this issue qualify my request for AHKs 'Ask for Help'? I guess no.
| Quote: | | Most of these topics related to viruses in AutoHotkey are posted in the General Chat |
Guess why? a)+b)? Correct! |
|
| Back to top |
|
|
BoBoĻ
Guest
|
| Posted: Wed Jan 16, 2008 2:53 am Post subject: |
|
|
| Quote: | | So even though a continuous series of "Is this a real virus?" "Is this a real virus?" posts might be annoying, it's better than jumping to the conclusion that none of them are real. Besides, it doesn't make up a significant volume of posts anyway. |
If 9 out of 10 are false alarms, it won't make sense to act this way.
Do you think to promote again & again & again something similar like - "AHK is a virus" - will be of any benefit for the community or AHKs reputation outside of this forum? I don't think so.
Ignorants will ignore your warning anyway. And those who are aware of the risk won't need that information that 'special' way. |
|
| Back to top |
|
|
Ian
Joined: 15 Jul 2007
Posts: 1157
Location: Enterprise, Alabama
|
| Posted: Wed Jan 16, 2008 3:23 am Post subject: |
|
|
| WrongSectionAlert wrote: | | My PC dropped from my desk. Now I can't code any AHK scripts. Would this issue qualify my request for AHKs 'Ask for Help'? I guess no. |
Actually..You can post in the Ask For Help forum about that, because you dropping your computer may not be the problem for your computer not running AutoHotkey scripts.
Edit:
When searching for the following terms:
AutoHotkey Virus, 27 matches were found in the Ask For Help forum where as only 7 were found in the General Chat forum.
_________________
ScriptPad/~dieom/dieom/izwian2k7/Trikster/God
|
|
| Back to top |
|
|
Lexikos
Joined: 17 Oct 2006
Posts: 2557
Location: Australia, Qld
|
| Posted: Wed Jan 16, 2008 6:19 am Post subject: |
|
|
A google for "AutoIt.LM" turns up:
DonationCoder.com: AltTab Fingertips v1.3 - 14 Jan 08
| Ampa wrote: | | I compiled your script on my own machine, with the latest version of AHK, and AVG now likes the EXE! |
HAVA :: free program: automatically schedule recordings (and OTR)
| Jamey wrote: | | My best guess at this point is that - in fact - ALL EXE's compiled using the last version of the AutoHotKey scripting engine (which is what I had used to compile before) just began being flagged by AVG scans in the last couple days (or thereabouts) -- I mean to say, it has nothing to do with my own script or my own computer -- And the very latest version of AHK (version 1.0.47.05) does not generate any complaints from AVG. |
I can confirm that my scripts compiled with v1.0.47.04 were being flagged as viruses, but not after re-compiling them with v1.0.47.05. I guess 05 has a different signature. (Still, these apparent false positives are a pain...) |
|
| Back to top |
|
|
ManaUser
Joined: 24 May 2007
Posts: 901
|
| Posted: Wed Jan 16, 2008 6:53 am Post subject: |
|
|
I guess it's not critical since it only effects an outdated version, but Has anyone reported this to AVG? I can if nobody else wants to, but I don't have that version of AutoHotkey installed at the moment and they want a sample sent in.
Here's a page on how to report false positives in AVG (free version, which I assume we're talking about.)
http://forum.grisoft.cz/freeforum/read.php?4,104930,backpage=,sv= |
|
| Back to top |
|
|
BoBoĻ
Guest
|
| Posted: Wed Jan 16, 2008 12:17 pm Post subject: |
|
|
| Quote: | | I can if nobody else wants to, but I don't have that version of AutoHotkey installed at the moment and they want a sample sent in. |
 [Archive]
[AutoHotkey_1.0.45.04.exe] |
|
| Back to top |
|
|
ManaUser
Joined: 24 May 2007
Posts: 901
|
| Posted: Thu Jan 17, 2008 4:58 am Post subject: |
|
|
Thanks. But I downloaded that and compiled a script with it, but AVG didn't detect anything amiss.
Can someone who noticed this problem before please update their virus definitions and see if it's still happening? |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
