AntiVir False Positives with EXE made with AHK 1.0.46.08
The virus reported to be found is:
This is with the latest free home version of AntiVir <!-- m -->http://www.free-av.com/<!-- m -->
I'm guessing that some specific byte code that AntiVir is using to identify the AutoIt Trojan is being identified in executables generated with the latest version of AutoHotKey. (Since AutoHotkey is an AutoIt derivative I believe, that makes some possible sense?)
For now I set an exception in AntiVir to not scan my AutoHotKey generated EXE files, but that always makes me nervous in case they did get infected with some other virus in the future.
Not sure if there's anything you can do about it, or if its something AntiVir has to adjust (or if you could help them with what they need to fix) but thought I'd post here as an FYI.
Note it is not the only one overreacting. I installed PC-cillin at my work (official anti-virus) and it just classified an archive with the official IE7 install package (not yet installed...) as containing a "generic trojan" (sic). It put the file in quarantine... :-(
"We could not find a virus in the attachment you have sent us.
This is a false positive. We will take out the pattern recognition in one of our
and it just classified an archive with the official IE7 install package (not yet installed...) as containing a "generic trojan" (sic).
That is because it is one...
Good to see that AntiVir speeded up it's replies/service. I reported false positives a couple of times already, but I have been very disappointed with their response time so far...
i have the same problem but a other answer from AVIRA.
The message from Avira:
Sehr geehrte Damen und Herren,
wir bedanken uns fuer Ihre Email.
In der von Ihnen eingesendeten Datei haben wir einen neuen Virus entdeckt.
Dessen Erkennungsmerkmale werden nun eingebaut, sodass er mit einem der naechsten Updates als TR/Autoit.AE erkannt wird.
Wir bedanken uns fuer Ihre Mithilfe zur Verbesserung des Virenschutzes.
Thanks for your email.
we have fount a new virus called TR/Autoit.AE in your compiled file.
The VDF file will update soon to find this virus.
sry for my Bad english.
I hope they will find a way to delete the virus.
Please dont use WOWsuche.exe. This is the infected file, i delete the file from webserver, if you use it, please delete it and scan your system.
Which is a bit too strict.
"TR/Autoit.AE" and then "No description was found matching your research criteria. "
What irritates me too is that you can choose "Ignore" what you want, the alert will still popup :x
i have installed AHK new, the Trojan is deleted now. I think it is placed in the Compiler.src file. The file was littel bit bigger as the original after reinstalling AHK.
I have made the post because i get the mail from Avira.
WOWsuche is a script to find Quests on Webseits for WOW. It is placed on Top of Screen in Windowmode and you can simple search for Questdescriptions in Inet.
The Trojan is now deleted and the File is clean.
Update Avira and reinstall AHK, the Trojan will deleted.
AVG just updated their signatures and who woulda thunk, some pattern from the AutoHotkeySC.bin file in AHK v1.0.46.08 was tagged as a trojan. I was in antivirus hell until I upgraded AHK to v1.0.46.09 and recompiled a few scripts. What a pain in the butt! :evil:
I just spent the last 30 minutes trying to track down a place to report false positives to AVG but couldn't find jack squat. I'm usually pretty good at finding this stuff.
:?: Does anyone have an web address or email address to report false positives to AVG. :?:
Thanks in advance for your assistance.
Created a post on the AVG Free forum: http://forum.grisoft.cz/freeforum/. Thank you corrupt for the address. Hopefully they will identify and resolve the issue so that this "sea snake will not go back at the surface in a couple of weeks."
I think the best thing to do is for a customer to contact the company and notify them of the false positive.
Edit: I was informed by the moderator at the AVG Free forum that posting this kinda stuff on that forum wouldn't do much good. He/she gave me instructions which can be found here: http://forum.grisoft...ead.php?4,93902