silentway wrote: ↑16 Sep 2021, 09:36
feel free to look at the source code
I could do that, but I'm probably the wrong person - I would not know what to look for.
Andy,
It is the makers of SpyHunter 5 who should have experts examining the clear and open source code of AutoHotkey to determine if there is a trojan in it. That AutoHotkey is
open-source and thus its
code is viewable, should already be a clue about certain companies pulling shenanigans. Various unethical Anti-Virus companies are trying to play customers for fools, by pretending their software is more effective than it really is or by using scare tactics. It will pretend to find all kinds of "trojans" and "malware" to scare customers that don't know any better into giving them money.
You should report the false-positive, give them a link to the source, and demand they not engage in such behavior or change any mistakes that they made.
The company that makes SpyHunter 5 is EnigmaSoft. Unless the person bought the product, it's not clear how to contact their help desk or report false positives (not a promising sign of the company's practices). However, you should be able to contact the company with the link below.
https://www.enigmasoftware.com/about-us/inquiries-feedback/
(EnigmaSoft Inquiries and Feedback)
silentway wrote:
One prevention action might be submission of source code (and/or files such as ahk2exe) to security vendors for test and whitelisting. Are there any other actions that could potentially prevent AHK being the source of so many false positives?
If you get a false-positive result from a submission to VirusTotal, you can contact them too about those Anti-Virus companies, to help them select those companies that meet a high ethical and business standard and get rid of the bad ones listed on their site. Let them know your opinions and about false-positives.
https://www.virustotal.com/gui/contact-us/technical-support
(Contact VirusTotal)