Virus REported in AHKDownoald 1.0.46.15 May 10, 2007

Not sure if this is the right place to post this but anyway - I tried to download version 1.0.46.15 today (5/10) and my antivirus client (F-Prot 6.0.7.0) blocked the download saying that it found backdoor: W32/Backdoor.AOAP, and blocks access to the file.

Is there a virus in this version or is there some snafu wrt my AV client?

Thanks

there are quite a few reports of different virus scanners picking up ahk. Our scanner here at work is continually deleting my compiled scripts from the network drive. The problem is that somebody probably wrote a virus once in ahk (possible) and now scanners detect it. It may not be true, but that is my thinking.

did you download an older version and see if it's detected?

CA Anti-Virus and AVG haven't reported anything with the current version here so far.

I did a quick scan on the Jottie malware scan site:
<!-- m -->http://virusscan.jotti.org/<!-- m -->

The results are as follows:

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:
Service
Service load: 0% 100%

File: AutoHotkey104615_Install.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 a979feba666eddf146a7016151cc7e00
Packers detected: PE_PATCH.UPX, UPX

Scanner results
Scan taken on 11 May 2007 04:59:35 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/Backdoor.AOAP
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

There is good news and bad news...

The good news is that only F-Prot Antivirus (so far) has determined that the software contains malware. This scan does not include all antivirus vendors.

The bad news is that the only way to get your antivirus program to stop reporting the false positive is for you (or someone) to report the false positive to the antivirus vendor.

The unfortunate reality is that antivirus vendors sometimes jump on each others band wagons when it comes to malware so... it is entirely possible that another antivirus vendor will eventually report a problem with this version of AHK. The only thing we can do is to report the false positives to the antivirus vendors when we find them.

Them be my thoughts...

Thanks Jballi and everyone. I fiddled around and it appears that F-Prot does not like the new version of UPX. When I disabled F-Prot, downloaded AHK, and installed everything and then deleted the new UPX.exe I was able to bring everything back up without a problem. Since I don't compile my scripts this is not a problem, however, I will send an email to F-Prot and let them know about this.

Again, thanks to you all.

Yes, lot of false alerts of anti-virus are on UPX-compressed exes.