OK. I am done chasing AV scanners. They can create new scanners and malware db way faster than I can try to divine what the problem may be in 54 downloads in 60 some odd scanners.
Here is an illustration of what can be flagged as malware. This program has three executables. The reason is AHK can do the job really easily(recursively copy files) but it cannot compile genuine console(command line) programs. AutoIt3 can do such compiles. So I created an AutoIt3 console program that determines if you are on an x86 or x64 PC and runs either a 32 bit or 64 bit version of the exe that will actually do the copying. The slave program issues an exit code with the number of files copied. The launcing program reports this on the command line. Simple. Here is the AutoIt3 source.
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
$slavePath = ""
If @OSArch = "X86" Then
$slaveProg = "rcopy_slave.exe"
$slaveProg = "rcopy_slave_x64.exe"
$slavePath = _WinAPI_PathFindOnPath($slaveProg, @WorkingDir)
If @error Then
ConsoleWrite("Required program: " & $slaveProg & " not found!" & @CRLF)
ConsoleWrite("For best results put rcopy.exe and " & $slaveProg & " in a folder in your PATH." & @CRLF)
$result = ShellExecuteWait($slavePath, $CmdLineRaw)
ConsoleWrite($result & " File(s) Copied")
If I check this with VirusTotal the MBAM there clears it. But on my Laptop I run MBAM, update the db and scann a folder full of downloads. It does not like rcopy.zip. I split out the zip file and run MBAM on that folder. It does not like rcopy.exe the source of which you see above.
I tested all 54 zips with MBAM yesterday and it liked them all then. I did an md5 test on a folder of all 54 zip downloads from yesterday and a fresh download from today. They have not been modified in the web site. So all that has changed is which scanners like which files.
I am not doing this crap to give away software anymore. It says use at your own risk. I think what I will do now is check the md5 of zips I have not changed. If I find an issue I will deal with it. But AV scanners can scan in hell afaic.
Do good deed goes unpunished.
Edit: A bit of a rant. But I feel better now.