Virus falsepositiv detection

Get help with using AutoHotkey and its commands and hotkeys
szukam
Posts: 5
Joined: 10 Feb 2018, 12:45

Virus falsepositiv detection

10 Feb 2018, 13:00

Hello.

I made a many programs with AHK, but last one have some virus signatures.

Code: Select all

Antiy-AVL      Trojan[Dropper]/Win32.Agent
Jiangmin      RiskTool.BitMiner.udv
McAfee-GW-Edition      BehavesLike.Win32.Generic.ch
NANO-Antivirus     Trojan.Win32.AutoHK.exogvg
Zillya     Trojan.Miner.Win32.2448
When I use mpress, then come little bit more.

I can't show this program to the people, because of this virus detections.

Is any chance to compile script without "virus problems" ?
Maybe I can use another program "AHK like" ? Any options ? But AHK is the best for now.

Your longtime user (with new account)
szukam - arek
User avatar
boiler
Posts: 3437
Joined: 21 Dec 2014, 02:44

Re: Virus falsepositiv detection

10 Feb 2018, 13:30

You could have your users install AHK and give them the .ahk file instead of a compiled file.
guest3456
Posts: 2979
Joined: 09 Oct 2013, 10:31

Re: Virus falsepositiv detection

10 Feb 2018, 14:43

i tend to just submit the files each time, yes its a pain in the ass. this link gives direct links for each vendor:

https://www.techsupportalert.com/conten ... endors.htm

User avatar
boiler
Posts: 3437
Joined: 21 Dec 2014, 02:44

Re: Virus falsepositiv detection

10 Feb 2018, 15:49

I tell people it's a false positive and they can choose not to use the software, but if they used my download link, they can be assured it's virus free. Most everyone accepts that, especially when you explain that a lot of AV software will flag it only if they haven't seen a large number of downloads, not because it spotted anything malicious in the code.
szukam
Posts: 5
Joined: 10 Feb 2018, 12:45

Re: Virus falsepositiv detection

12 Feb 2018, 06:00

After Update AHK to 1.1.28.00 something change.
When I compile script and send to Virustotal now I have only 1/65 with Unsafe.
szukam
Posts: 5
Joined: 10 Feb 2018, 12:45

Re: Virus falsepositiv detection

21 Mar 2018, 11:38

Again something wrong.
With some new lines code and compile, VirusTotal shows
2018-03-21_17h36_57.png
2018-03-21_17h36_57.png (6.94 KiB) Viewed 1441 times
gregster
Posts: 3723
Joined: 30 Sep 2013, 06:48

Re: Virus falsepositiv detection

21 Mar 2018, 13:33

When you use Autohotkey, you will probably have to live with false positives. AHK is a mighty tool, that also can be used for bad things. So, heuristic searches will turn up (false) positives if they see certain similarity to known malware. Therefore, the actual content of your script might have some impact.

The names in the picture indicate that the antivir programs think that your script has some similarities to a known trojan that was programmed with AHK - might just be a crappy heuristic. Not much we can do about that... but you can probably submit your program to these antivirus companies for analysis, like guest3456 already suggested (see his post above). Perhaps it helps.
mtodd
Posts: 23
Joined: 21 Feb 2016, 19:31

Re: Virus falsepositiv detection

09 May 2018, 19:52

I was having a similar problem with 1.1.28. Working on a program for the last two years and all of a sudden Avast was freaking out every time I tried to run it or make copies of it. I went back to 1.1.27.7 and recompiled. Now Avast is behaving itself again. What a pain!

Return to “Ask For Help”

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], LanzasPT, malcev, markc63, Odlanir, potscrubber, TAC109 and 87 guests