Author Topic: winlock & virus (Read 14915 times)

x_qxp · « **on:** March 12, 2008, 09:05 PM »

when i try to dwnload winlock.exe my anti virus prog stops me with alert;
PSW agent .SIA trojan
Can you help?

mouser · « **Reply #1 on:** March 12, 2008, 09:15 PM »

There is no virus in winlock. You can even download the ahk source for it (and all of skrommel's programs) yourself and build it into an exe easily using the autohotkey compiler with just a few clicks.

mouser · « **Reply #2 on:** March 12, 2008, 09:18 PM »

i've tried compiling this ahk script myself so i *know* there is no virus in it.. these programs are either alerting on autohotkey itself which is outrageous, or else just lines in the script designed to manipulate windows which is freaking them out. seriously this false alarm stuff is getting out of hand.

mouser · « **Reply #3 on:** March 12, 2008, 09:20 PM »

See the autohotkey forum for more info about false alarms with autohotkey programs: http://www.autohotke...orum/topic27562.html

This is really getting silly.

mouser · « **Reply #4 on:** March 12, 2008, 09:24 PM »

I'm starting to sympathize with the companies who are suing antivirus vendors for harming their reputation by identifying things as viruses/trojans when they aren't. It's really getting triesome. I sympathize with wanting to be cautious and alert people to possible risks -- but this is outrageous how they state with confidence that files are infected so consistently wrongly. There has to be something done to force these companies to admit a more realistic level of doubt when identifying problems -- and force them to be more cautious in what they label as malware.

mouser · « **Reply #5 on:** March 12, 2008, 09:24 PM »

By the way -- please don't take my word for it, download the ahk file and compile it yourself using the autohotkey compiler.

mouser · « **Reply #6 on:** March 12, 2008, 09:40 PM »

I've just confirmed that the problem is these antivirus tools are alerting because their signatures are triggering on Autohotkey itself. If you compile the script with Autohotkey v104705 then you get all the alerts. if you compile with the version released last week v104706 you won't. So that is 100% conclusive that the problem is the antivirus programs are once again being braindead harmful products.

ps. you can now compile the script with the latest version of autohotkey yourself to avoid the false positive. and i can recompile all of skrommels ahks with the newest version of autohotkey to solve this problem for now. but guess what? next week when some idiot writes another harmful script using autohotkey, our little dumb antivirus friends will go off and once again decide to mark every program written using the tool as some random virus. and the circle of pain begins again..

justice · « **Reply #7 on:** March 13, 2008, 06:15 AM »

Yep wonder how they add in all those inclusions / exclusions, add in a general one for authotkey then exclude all the false positives reported by checksum? Wonder how it works, it would mean that if I change a line in my AHK file and recompile it then it would show false positives again..

jgpaiva · « **Reply #8 on:** March 13, 2008, 01:48 PM »

Yesterday i tried the site mouser posted, (http://www.virustotal.com/), and apparently all my scripts get flagged in a few antiviruses...
From what i understand, all you need in order to get flagged is to register hotkeys... It's crazy!

mouser · « **Reply #9 on:** March 13, 2008, 01:54 PM »

given how this seems to happen with autohotkey regularly, i think if you are a ahk coder who distributes compiled exes, you have to accept that you are going to have to recompile your scripts each time a new version of autohotkey comes out, in order to overcome the previous release's signature being added to antivirus signatures. you'd think these anti-virus companies would learn by now.

speaking of which.. you know someone needs to make a page calling out the anti-virus programs based on which ones have the most false-positives. it's long overdue and i dont think the traditional antivirus review sites every test for this.

x_qxp · « **Reply #10 on:** March 13, 2008, 03:56 PM »

well i read replies here & tried to download again & this time got no warnings . Thus something has changed.
where can download the ahk file at?

tomos · « **Reply #11 on:** March 13, 2008, 04:37 PM »

well i read replies here & tried to download again & this time got no warnings . Thus something has changed.
where can download the ahk file at?
-x_qxp (March 13, 2008, 03:56 PM)

https://www.donation.../WinLock/WinLock.ahk
and save it

EDIT/ it's linked to at
https://www.donation...l/index.html#WinLock
under Winlock - the link with the "H"

jgpaiva · « **Reply #12 on:** March 13, 2008, 07:55 PM »

well i read replies here & tried to download again & this time got no warnings . Thus something has changed.
-x_qxp (March 13, 2008, 03:56 PM)

Maybe your antivirus was updated or something like that?
I don't think winlock's binary was updated.

mouser · « **Reply #13 on:** March 13, 2008, 08:33 PM »

i recompiled all of skrommel's ahks with the latest autohotkey and re-uploaded them.

Author Topic: winlock & virus (Read 14915 times)

x_qxp

winlock & virus

mouser

Re: winlock & virus

mouser

Re: winlock & virus

mouser

Re: winlock & virus

mouser

Re: winlock & virus

mouser

Re: winlock & virus

mouser

Re: winlock & virus

justice

Re: winlock & virus

jgpaiva

Re: winlock & virus

mouser

Re: winlock & virus

x_qxp

Re: winlock & virus

tomos

Re: winlock & virus

jgpaiva

Re: winlock & virus

mouser

Re: winlock & virus