ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

DonationCoder.com Software > Skrommel's Software

More false virus warnings in compiled ahk utilities #*(%&*(#*(&#(%

<< < (3/3)

lanux128:
The file Start-Clock.exe inside the rar/zip file is getting reported as a Worm/Autoit.AWP ,
avg free 8.0 reports that this file is a Worm/Autoit.AWP , yet i have had it on my puter using avg free 7.5 for a year or so without any problems from avg reporting it as a Worm/Autoit.AWP.-x_qxp (May 12, 2008, 02:34 PM)
--- End quote ---

there is a pattern emerging. av programs looking at all compressed EXEs and conveniently flag them as viruses (Worm/Autoit.XXX). now whenever i updated AHK, i'm renaming upx.exe so that AHK compiler doesn't compile scripts as compressed EXEs.

mediaguycouk:
Sophos has just caught Accents as being Generic Malware-A.

I've sent the program to sophos support.

dnm:
There's a larger issue here in that a lot of these AV hits can be valid, in certain circumstances. AutoHotkey is a general purpose (and useful) tool, which means it can also be used by malware authors, especially to do the sorts of things malware often wants to do (and that AutoHotkey is good at): Windows automation! (e.g. hooking the keyboard and capturing passwords, GUI automation, network access, general system scripting, etc.). The AV engines have no way to determine the intent of any given AutoHotkey script, so they may flag them as dangerous.

This is a general problem with multi-purpose tools like AutoHotkey for AV vendors. On one hand there are power users trying to use tools like Skrommel's software, and on the other hand there are other users who are being taken advantage of by malicious users who happen to use AutoHotkey.

I'd argue that malware using AutoHotkey is pretty transparent and easy to find, comparatively speaking (it's not anywhere near as complex as a half-decent rootkit, for instance), but nonetheless, it's useful for both good and bad. I think this is unlikely, but if there are more people complaining about AV flagging AutoHotkey than there are AV vendors finding AutoHotkey-based malware in the wild or getting enough credible reports, then it's more likely they'll take it off their lists, which conversely means it's a more worthwhile tool for malware authors (since it'll go undetected by AV for longer).

There's no easy solution for AV, sadly, other than knowing what's running on your machine.

mediaguycouk:
Well Sophos got back
Hi Graham

thank you for your email. The file that you sent to us for analysis was producing a false-positive report which has now been corrected. Please do not hesitate to contact me if I can be of any further assistance.


Regards,

Martin Elliott
Sophos Technical Support

--- End quote ---

lanux128:
the AHK forumers are creating a letter template to shoot off to any of the AV companies that flag AHK programs as a virus. :Thmbsup:

• An open letter for Antiviral software companies

Navigation

[0] Message Index

[*] Previous page

Go to full version