I downloaded from the official website "AutoHotkey_2.0.13_setup.exe" and windows defender tells me that there is a trojan: "Trojan:Win32/Tnega!MSR"
I already installed autohotkey 2.0.13, and I encountered no issues, I followed windows defender instructions and I removed the virus (or at least I think and hope I did).
- Has this happened to someone else?
- Could it be a false positive or should I worry?
Thanks in advance
Windows defender tells me that a virus is in the autohotkey setup file
- ManualColdkey
- Posts: 5
- Joined: 22 Apr 2024, 04:04
Re: Windows defender tells me that a virus is in the autohotkey setup file
The file checksums / hashes are provided here:
viewtopic.php?p=568805#p568805
If they match, it's very likely a false positive.
Please have a look at our false positives topic here:
viewtopic.php?f=17&t=62266
viewtopic.php?p=568805#p568805
If they match, it's very likely a false positive.
Please have a look at our false positives topic here:
viewtopic.php?f=17&t=62266
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x16GB Kingston FURY Beast - DDR4 3200 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]
Re: Windows defender tells me that a virus is in the autohotkey setup file
Unfortunately, AutoHotkey gets regularly false positives from AV software, especially (but not limited to) new releases.
https://www.autohotkey.com/docs/v2/FAQ.htm#Virus
viewtopic.php?f=17&t=62266
If you download from this page or the github release page (https://github.com/AutoHotkey/AutoHotkey/releases), you should be fine.
There are also SHA256 hashes you can check against. For v2.0.13, these would be
https://www.autohotkey.com/docs/v2/FAQ.htm#Virus
viewtopic.php?f=17&t=62266
If you download from this page or the github release page (https://github.com/AutoHotkey/AutoHotkey/releases), you should be fine.
There are also SHA256 hashes you can check against. For v2.0.13, these would be
Edit: too latehttps://github.com/AutoHotkey/AutoHotkey/releases wrote:SHA256 hash
D7646CA3A26760FE5633288D79D7B6A44CFC19A85C5315F94E0861963F1C601E AutoHotkey_2.0.13_setup.exe
A7DB865B054314D253293A1F427D3A155DA5164060804AAC431020E26A40E1AD AutoHotkey_2.0.13.zip
- ManualColdkey
- Posts: 5
- Joined: 22 Apr 2024, 04:04
Re: Windows defender tells me that a virus is in the autohotkey setup file
Thank you for your fast responseThe file checksums / hashes are provided here:
viewtopic.php?p=568805#p568805
If they match, it's very likely a false positive.
I'm not very comuter literate, could you explain what should I do to check if they match?
Re: Windows defender tells me that a virus is in the autohotkey setup file
There are different utilities which can do this. If you have a recent MS Powershell version installed, this should work: https://www.se.com/us/en/faqs/FAQ000244427/
Worked here (where Windows Defender also originally quarantined the latest AHK installer and I had to restore it):
Worked here (where Windows Defender also originally quarantined the latest AHK installer and I had to restore it):
Re: Windows defender tells me that a virus is in the autohotkey setup file
Windows Defender deleted my big text-file (xy.txt) with contained ahk scripts
It's possible to exclude some folders/files from scanning .
---------------------
https://www.theregister.com/2024/04/21/microsoft_national_security_risk/
-- Why Microsoft is a national security threat • The Register
------------------
https://www.theregister.com/2024/04/22/edr_attack_remote_data_deletion/
-- Researchers: Windows Defender attack can delete databases • The Register
Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files.
And, they asserted, the hole could remain exploitable – even after both vendors claim to have patched the problem.
---------------------
https://www.bleepingcomputer.com/news/security/autohotkey-malware-is-now-a-thing/ 2018-03-30
-- AutoHotkey Malware Is Now a Thing
------------------
It's possible to exclude some folders/files from scanning .
---------------------
https://www.theregister.com/2024/04/21/microsoft_national_security_risk/
-- Why Microsoft is a national security threat • The Register
------------------
https://www.theregister.com/2024/04/22/edr_attack_remote_data_deletion/
-- Researchers: Windows Defender attack can delete databases • The Register
Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files.
And, they asserted, the hole could remain exploitable – even after both vendors claim to have patched the problem.
---------------------
https://www.bleepingcomputer.com/news/security/autohotkey-malware-is-now-a-thing/ 2018-03-30
-- AutoHotkey Malware Is Now a Thing
------------------
- ManualColdkey
- Posts: 5
- Joined: 22 Apr 2024, 04:04
Re: Windows defender tells me that a virus is in the autohotkey setup file
Thank you!
They matched.
Thank you to all of you
They matched.
So it happened to you too? I'm relieved, that probably means that it was a false positive(where Windows Defender also originally quarantined the latest AHK installer and I had to restore it)
Thank you to all of you