False Positive? Or am I doomed

[TasteCola]

Hey guys I am here due to what I think is a false positive.

Although I can't be sure. I purchased a AHK script for an online game I play, the seller sent it in .exe form. I uploaded the file to virustotal and it got 4/72.

Usually I would assume false positive. But as it has "Trojan.PSW.Predator.fk" it has made me abit sketchy to run the file on my computer, due to PSW being a password trojan.

Every known/respected AV has given the file a green tick, but Cylance, Jiangmin, TACHYON have given red warnings.

UPDATE: At the time of writing this, I re-scanned. Now 3/72, Cylance no longer detects anything.

Jiangmin: Trojan.PSW.Predator.fk
TACHYON: Trojan-Downloader/W64.Taskun.1098240
MaxSecure: Trojan.Malware.121218.susgen

Am I being paranoid? is 3/72 a false positive, with only unknown antiviruses flagging it up?

Any advice would be greatly appreciated! Thanks

Cola




tldr: bought AHK for online game, 3/72 virustotal, am i doomed

[gregster]

Sounds like the usual false positive rate for AHK. I think at least Jiangmin is one of the usual suspects for this problem.
But of course, I can't speak for any third-party exe-files.

Related: https://www.autohotkey.com/boards/viewtopic.php?f=17&t=62266

[SOTE]

Hey guys I am here due to what I think is a false positive.

Jiangmin: Trojan.PSW.Predator.fk
TACHYON: Trojan-Downloader/W64.Taskun.1098240
MaxSecure: Trojan.Malware.121218.susgen

Am I being paranoid? is 3/72 a false positive, with only unknown antiviruses flagging it up?

Any advice would be greatly appreciated! Thanks

tldr: bought AHK for online game, 3/72 virustotal, am i doomed

Yes, you are being a bit paranoid. AutoHotkey is open-source software. You can freely inspect every line of code on GitHub. Not just you, but the staff of AV software companies can too, if they are not being lazy or unscrupulous. And being able to see every line of code is more than we can say for many other automation interpreters or software applications. The other aspect is, are you using Jiangmin, TACHYON, or MaxSecure? If it wasn't for VirusTotal listing these AV software names, you probably would have never known them.

Part of the issue is that VirusTotal (Google) doesn't seem to properly vet these companies as to standards and quality. They seem to be going after quantity of companies versus quality. That does a disservice to the industry and even their own website. Because VirusTotal is popular and backed by Google, I think various AV companies try to push to get listed. The problem is the quality of their product, how they do research, and their results are very poor. You will get a lot of false-positives, because various unscrupulous AV companies are trying to get sales. The thinking is, the more scared people are, the more likely they will buy their crappy product.

What we can do as consumers, is insist on quality and try to stop bad practices that result in excessive false-positives. Let VirusTotal and these AV companies know how you feel about what they are doing.

https://www.virustotal.com/gui/contact-us
(Contact VirusTotal)
Select the Subject
My site/file has been improperly flagged as harmful (false positive)

[TasteCola]

Thanks for the responses guys. That does actually make sense, the more scares a company gets the more likely it is to get downloaded, with many people thinking "everybody missed the virus except these guys! they must be good!" when in reality they are poor and fearmongering to get downloads.

Atleast I hope that is the case anyway, lol