This was going to be perfect for me. But Just Why?

Discuss Autohotkey related topics here. Not a place to share code.
Forum rules
Discuss Autohotkey related topics here. Not a place to share code.
VirusTotal
Posts: 1
Joined: 02 Feb 2020, 09:50

This was going to be perfect for me. But Just Why?

02 Feb 2020, 09:56

I scanned the portable program and it found that there is a bitcoin miner inside the program. Just why? Care to explain. Also i know this is not a false positive.
https://www.virustotal.com/gui/file/163e0bc711db51dd2f8ffb048650ed3e8e040dfd9a52df4a7cfa577042bd9640/detection
gregster
Posts: 4622
Joined: 30 Sep 2013, 06:48

Re: This was going to be perfect for me. But Just Why?

02 Feb 2020, 10:11

VirusTotal wrote:
02 Feb 2020, 09:56
Also i know this is not a false positive.
How? Because one (!) chinese anti-virus tested it positive?
Did you send it in to them for testing?

Btw, this seems to be a check of PuloversMacroCreator-Portable.zip, not AutoHotkey !
(It's hosted on Pulover's personal github page.)

You should mention that. Afaik, we are not even providing downloads for this editor. You should try to contact the editor's creator, if you are sure that there is a problem in this 4-year-old release (https://github.com/Pulover/PuloversMacroCreator/releases) - but it seems quite unlikely that 59 other anti-virus companies shouldn't have noticed in all these years...

Btw, the source code is available, too, on github.
User avatar
RUNIE
Posts: 293
Joined: 03 May 2014, 14:50
GitHub: Run1e

Re: This was going to be perfect for me. But Just Why?

02 Feb 2020, 10:13

VirusTotal wrote:
02 Feb 2020, 09:56
I scanned the portable program and it found that there is a bitcoin miner inside the program. Just why? Care to explain. Also i know this is not a false positive.
https://www.virustotal.com/gui/file/163e0bc711db51dd2f8ffb048650ed3e8e040dfd9a52df4a7cfa577042bd9640/detection
How do you know it's not a false positive? The reasons for why autohotkey binaries show up as malicious are well understood.

If you're so sure the official binary download is malicious you're welcome to download and build the source yourself.
https://github.com/Lexikos/AutoHotkey_L
guest3456
Posts: 3123
Joined: 09 Oct 2013, 10:31

Re: This was going to be perfect for me. But Just Why?

02 Feb 2020, 16:31

VirusTotal wrote:
02 Feb 2020, 09:56
Just why? Care to explain.
to try to steal your CPU time to earn bitcoins, duh. bitcoin is more important than you. you have a bad attitude and should repay for your sins. you can do that by donating your idle CPU

SOTE
Posts: 1035
Joined: 15 Jun 2015, 06:21

Re: This was going to be perfect for me. But Just Why?

03 Feb 2020, 21:43

VirusTotal wrote:
02 Feb 2020, 09:56
I scanned the portable program and it found that there is a bitcoin miner inside the program. Just why? Care to explain. Also i know this is not a false positive.
https://www.virustotal.com/gui/file/163e0bc711db51dd2f8ffb048650ed3e8e040dfd9a52df4a7cfa577042bd9640/detection
Jiangmin is a known problem as a AV company. They appear to not listen to users (especially outside of China), have poor international customer support and feedback setup, and aren't doing proper research (by international standards). The fact that Jiangmin is the only AV company out of 60 others to report such an issue, makes their results suspicious. To include if there is any kind of agenda behind the company that's not well known publicly or internationally.

Also, who outside of China, are really using Jiangmin software? If you were say in Canada, France, U.S, Japan, or Brazil... Are you using Jiangmin AV software? There are very few places where you can download the software, and usually it's a very old version of it from 2010 (for international customers), that is rated very low. And speak of the devil, if you Google it, people are complaining about false-positives from it all over the place. By the way, there are other Chinese AV software companies on VirusTotal such as Baidu and Qihoo 360 (if you must only use Chinese software), that aren't as problematic as Jiangmin.

VirusTotal (owned by Google) should debatably remove Jiangmin from their list, but that might be a political or business issue of Google in exchange for favors (which makes Google look equally as bad for doing such).

Return to “General Discussion”

Who is online

Users browsing this forum: No registered users and 1 guest