Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate

Compiled AutoHotkey scripts detected as virus by AVG


  • This topic is locked This topic is locked
28 replies to this topic
SecurityAnalysis
  • Guests
  • Last active:
  • Joined: --
AVG found two viruses:

Object:
C:\RECYCLERS\S-1-5-21-1343024091-725345543-839522115-500\Dc396.exe
Infected:
Virus identified Worm/Autoit.LM
Deleted

Object:
C:\RECYCLERS\S-1-5-21-1343024091-725345543-839522115-500\Dc402.exe
Infected:
Virus identified Worm/Autoit.LM
Deleted

Are they real viruses or false positives? If they are real, is there any way I can find out what they do? Is there any risk that information has been stolen from my computer, like login details or credit card numbers?

Conquer
  • Members
  • 385 posts
  • Last active: Jan 10 2013 02:14 AM
  • Joined: 27 Jun 2006
This is a FAQ. Search the forum before posting.

ManaUser
  • Members
  • 1121 posts
  • Last active: Dec 07 2016 04:24 PM
  • Joined: 24 May 2007

This is a FAQ.

No it isn't. This is only the second time someone has asked about that particular "virus". It does look like it's been pretty well settled as a false positive though:
<!-- m -->http://www.autohotke...pic.php?t=27423<!-- m -->

neXt
  • Members
  • 549 posts
  • Last active: May 20 2015 02:38 AM
  • Joined: 18 Mar 2007
<!-- m -->http://www.autohotke... ... ight=virus<!-- m -->
<!-- m -->http://www.autohotke... ... ight=virus<!-- m -->
<!-- m -->http://www.autohotke... ... ight=virus<!-- m -->
<!-- m -->http://www.autohotke... ... ight=virus<!-- m -->
<!-- m -->http://www.autohotke... ... ight=virus<!-- m -->
<!-- m -->http://www.autohotke... ... ight=virus<!-- m -->
<!-- m -->http://www.autohotke... ... ight=virus<!-- m -->
<!-- m -->http://www.autohotke... ... ight=virus<!-- m -->
<!-- m -->http://www.autohotke... ... ight=virus<!-- m -->

page 1 of 4

NLI-Conquer
  • Guests
  • Last active:
  • Joined: --
Aw snap ma boi neXt has got my back.. :p


I meant viruses are a FAQ, ManaUser. Obviously I didn't mean that "Worm/Autoit.LM"s are.

WrongSectionAlert
  • Guests
  • Last active:
  • Joined: --
--> General Chat :roll:

Moderator!: Moved.

trik
  • Members
  • 1317 posts
  • Last active: Jun 11 2010 11:48 PM
  • Joined: 15 Jul 2007
Whomever is the WrongSectionAlert guest, needs to stop. We all know what section topics belong in. If it needs to be moved, a mod will find and move it. As for this topic, it will do in either the General Chat or Ask For Help forums. The reason being:

It has to do with AutoHotkey, and this person needs help with it.
Most of these topics related to viruses in AutoHotkey are posted in the General Chat


Religion is false. >_>

ManaUser
  • Members
  • 1121 posts
  • Last active: Dec 07 2016 04:24 PM
  • Joined: 24 May 2007

I meant viruses are a FAQ, ManaUser. Obviously I didn't mean that "Worm/Autoit.LM"s are.

It's been said before but I'll say it again. It would be dangerous to assume all AutoHotkey related virus alerts are false positives. There have been viruses written in AutoHotkey before and it's also possible there could be copies of AutoHotkey infected with some other virus floating around out there.

So even though a continuous series of "Is this a real virus?" "Is this a real virus?" posts might be annoying, it's better than jumping to the conclusion that none of them are real. Besides, it doesn't make up a significant volume of posts anyway.

WrongSectionAlert
  • Guests
  • Last active:
  • Joined: --

If it needs to be moved, a mod will find and move it

Indeed. As our moderators are smart enough to qualify a thread, it's up to them to decide. Once they find'm within a flood of threads. And for that one and only reason the WSA has been created. So, lets wait for a Moderator.
If this thread will 'survive' at its current position, fine - if not, it'll be fine too. Nothing personal.

'WrongSectionAlert' means not necessarily that it's completely wrong within its current area, but it could make more sense to be dropped at another section.

Your/this thread isn't about that ...
a) you need help with AHK Code to analize a virus/write a virus.
B) a request within an anti virus forum to discuss that topic in detail
... so what?

It has to do with AutoHotkey, and this person needs help with it.

My PC dropped from my desk. Now I can't code any AHK scripts. Would this issue qualify my request for AHKs 'Ask for Help'? I guess no.

Most of these topics related to viruses in AutoHotkey are posted in the General Chat

Guess why? a)+B)? Correct!

BoBo¨
  • Guests
  • Last active:
  • Joined: --

So even though a continuous series of "Is this a real virus?" "Is this a real virus?" posts might be annoying, it's better than jumping to the conclusion that none of them are real. Besides, it doesn't make up a significant volume of posts anyway.

If 9 out of 10 are false alarms, it won't make sense to act this way.

Do you think to promote again & again & again something similar like - "AHK is a virus" - will be of any benefit for the community or AHKs reputation outside of this forum? I don't think so.

Ignorants will ignore your warning anyway. And those who are aware of the risk won't need that information that 'special' way.

trik
  • Members
  • 1317 posts
  • Last active: Jun 11 2010 11:48 PM
  • Joined: 15 Jul 2007

My PC dropped from my desk. Now I can't code any AHK scripts. Would this issue qualify my request for AHKs 'Ask for Help'? I guess no.


Actually..You can post in the Ask For Help forum about that, because you dropping your computer may not be the problem for your computer not running AutoHotkey scripts.

Edit:

When searching for the following terms:

AutoHotkey Virus, 27 matches were found in the Ask For Help forum where as only 7 were found in the General Chat forum.
Religion is false. >_>

Lexikos
  • Administrators
  • 9844 posts
  • AutoHotkey Foundation
  • Last active:
  • Joined: 17 Oct 2006
A google for "AutoIt.LM" turns up:

DonationCoder.com: AltTab Fingertips v1.3 - 14 Jan 08

I compiled your script on my own machine, with the latest version of AHK, and AVG now likes the EXE!

HAVA :: free program: automatically schedule recordings (and OTR)

My best guess at this point is that - in fact - ALL EXE's compiled using the last version of the AutoHotKey scripting engine (which is what I had used to compile before) just began being flagged by AVG scans in the last couple days (or thereabouts) -- I mean to say, it has nothing to do with my own script or my own computer -- And the very latest version of AHK (version 1.0.47.05) does not generate any complaints from AVG.

I can confirm that my scripts compiled with v1.0.47.04 were being flagged as viruses, but not after re-compiling them with v1.0.47.05. I guess 05 has a different signature. (Still, these apparent false positives are a pain...)

ManaUser
  • Members
  • 1121 posts
  • Last active: Dec 07 2016 04:24 PM
  • Joined: 24 May 2007
I guess it's not critical since it only effects an outdated version, but Has anyone reported this to AVG? I can if nobody else wants to, but I don't have that version of AutoHotkey installed at the moment and they want a sample sent in.

Here's a page on how to report false positives in AVG (free version, which I assume we're talking about.)
<!-- m -->http://forum.grisoft... ... kpage=,sv=<!-- m -->

BoBo¨
  • Guests
  • Last active:
  • Joined: --

I can if nobody else wants to, but I don't have that version of AutoHotkey installed at the moment and they want a sample sent in.

:arrow: [Archive]
:arrow: [AutoHotkey_1.0.45.04.exe]

ManaUser
  • Members
  • 1121 posts
  • Last active: Dec 07 2016 04:24 PM
  • Joined: 24 May 2007
Thanks. But I downloaded that and compiled a script with it, but AVG didn't detect anything amiss.

Can someone who noticed this problem before please update their virus definitions and see if it's still happening?