| View previous topic :: View next topic |
| Author |
Message |
colton
Joined: 17 Aug 2008
Posts: 8
|
 Posted: Sun Aug 17, 2008 4:41 am Post subject: Symantec Antivirus deleted my exe files |
 |
|
Symantec Antivirus just deleted all of my autohotkey scripts' executable files, having mistakenly identified them as trojans. It also seems to be preventing me from creating new exe files.
What should I do? |
|
| Back to top |
|
 |
garry
Joined: 19 Apr 2005
Posts: 1186
Location: switzerland
|
| Posted: Sun Aug 17, 2008 6:49 am Post subject: |
|
|
I don't know a solution for the symantec program
can restore , example in XP start this and make back to a previous system test point
| Quote: | | C:\WINDOWS\system32\restore\rstrui.exe |
to don't lose your programs:
-make an ahk script which automatically saves to a 2.5" USB drive all created/modified files (example when shutdown)
( at the moment I use xxcopy ) |
|
| Back to top |
|
|
colton
Joined: 17 Aug 2008
Posts: 8
|
| Posted: Sun Aug 17, 2008 11:05 pm Post subject: |
|
|
| Thanks for the reply. However, it's not so much *losing* the programs that I'm concerned about, since I have the scripts from which the programs were compiled. It's the fact that I can't *use* any exe files, or create new ones. So, e.g. my basic keyboard shortcuts cannot be automatically loaded when I start up windows. |
|
| Back to top |
|
|
poo_noo
Joined: 08 Dec 2006
Posts: 137
Location: Sydney Australia
|
| Posted: Mon Aug 18, 2008 3:05 am Post subject: |
|
|
Hi
I am struggling against this too. In our network (with lotsa PCs), my compiled AutoHotkey EXEs are being nuked by Symantec.
Currently we are excluding the AHK Program folder (c:\Program Files\AutoHotkey\) as an excluded folder within the configuration of Symantec AntiVirus application. then we get the files restored out of quarantine.
It seems that a virus definition update of 17-08-2008 is the culprit http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2004-021914-2822-99.
_________________
Paul O |
|
| Back to top |
|
|
Guest
|
| Posted: Mon Aug 18, 2008 5:03 am Post subject: |
|
|
| ditto, i've been using dualboxed.com scripts.. they were deleted.. |
|
| Back to top |
|
|
jack
Joined: 04 Sep 2004
Posts: 77
Location: UK
|
| Posted: Mon Aug 18, 2008 5:51 am Post subject: |
|
|
i don't think it's that one. i have the same problem and my defs file is '16/08/2008 rev. 3'
jack |
|
| Back to top |
|
|
jack
Joined: 04 Sep 2004
Posts: 77
Location: UK
|
| Posted: Mon Aug 18, 2008 5:54 am Post subject: |
|
|
| colton wrote: | | It's the fact that I can't *use* any exe files, or create new ones. So, e.g. my basic keyboard shortcuts cannot be automatically loaded when I start up windows. |
if you have autohotkey installed in the machine then you usually don't need the .exe anyway.
i load my key defs by running 'startup.ahk', which is a script that does lots of startup things for me... and in startup.ahk i have:
| Code: | ; key definitions
run c:\jack\ahk\keys.ahk |
jack |
|
| Back to top |
|
|
poo_noo
Joined: 08 Dec 2006
Posts: 137
Location: Sydney Australia
|
| Posted: Mon Aug 18, 2008 6:38 am Post subject: |
|
|
Oh I forgot to mention that I recompiled after renaming/removing UPX.exe and these new files escaped the AV scanner.
Its been a busy day.
_________________
Paul O |
|
| Back to top |
|
|
AnAHKUser
Joined: 05 Feb 2007
Posts: 15
|
| Posted: Mon Aug 18, 2008 8:53 am Post subject: |
|
|
Even if UPX is harmless, AV programs thinks it's virus from time to time. After some bad experiences, I always compile my scripts without compression. Problem solved.
Maybe upx should be disabled by default ? |
|
| Back to top |
|
|
Andrew237
Guest
|
| Posted: Mon Aug 18, 2008 11:56 am Post subject: |
|
|
| Norton AV is a crap. |
|
| Back to top |
|
|
jack
Joined: 04 Sep 2004
Posts: 77
Location: UK
|
| Posted: Mon Aug 18, 2008 12:45 pm Post subject: |
|
|
| AnAHKUser wrote: | | Even if UPX is harmless, AV programs thinks it's virus from time to time. After some bad experiences, I always compile my scripts without compression. Problem solved. |
yes, that works very nicely.
thanks
jack |
|
| Back to top |
|
|
colton
Joined: 17 Aug 2008
Posts: 8
|
| Posted: Mon Aug 18, 2008 5:59 pm Post subject: |
|
|
| jack wrote: | | colton wrote: | | It's the fact that I can't *use* any exe files, or create new ones. So, e.g. my basic keyboard shortcuts cannot be automatically loaded when I start up windows. |
if you have autohotkey installed in the machine then you usually don't need the .exe anyway.
i load my key defs by running 'startup.ahk', which is a script that does lots of startup things for me... and in startup.ahk i have:
| Code: | ; key definitions
run c:\jack\ahk\keys.ahk |
jack |
Thanks, I didn't know you could do that.
It doesn't fix things completely, though--the antivirus program freaks out when I try to run the script directly. |
|
| Back to top |
|
|
colton
Joined: 17 Aug 2008
Posts: 8
|
| Posted: Mon Aug 18, 2008 5:59 pm Post subject: |
|
|
| jack wrote: | | AnAHKUser wrote: | | Even if UPX is harmless, AV programs thinks it's virus from time to time. After some bad experiences, I always compile my scripts without compression. Problem solved. |
yes, that works very nicely.
thanks
jack |
How do you set things to compile scripts without perimission? |
|
| Back to top |
|
|
NLI-Conquer
Guest
|
| Posted: Mon Aug 18, 2008 6:42 pm Post subject: |
|
|
| If you mean compression, you need to rename UPX.exe in the compiler's directory to anything else. (Ex. UPX.exe.bak ) |
|
| Back to top |
|
|
colton
Joined: 17 Aug 2008
Posts: 8
|
| Posted: Mon Aug 18, 2008 10:32 pm Post subject: |
|
|
| Yes, thanks, I meant compression. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
