False positives in AutoHotkey and SciTE4AutoHotkey?

[configX]

[Moderator: Split from SciTE4AutoHotkey v3.0.04.01 [Updated Dec 24 2013]]

When I downloaded this at work I got a trojan.adk alert. Not sure if that's a false positive or not.

[fincs]

Yes, it is a false positive. False positives are a common occurrence with AHK-related software for some bizarre reason.

[Joe Glines]

I get this from several different anti-virus programs. One of which keeps deleting the files. I even wrote one of them (Microtrend) and asked them to evaluate it but they didn't do anything about it. Is there anything on our computers we can do to change this? Some programs I can tell it to not check the file however others do not have this setting.

[joedf]

Modify/add a useless byte in autohotkey.exe ... I guess nothing practical anyways...

[lexikos]

Adding/modifying a single byte won't necessarily change the signature at all, or enough to disguise it. Otherwise, virus authors would do that with every virus they release and antivirus software would be even more useless than it is.

AutoHotkey.exe changes in some way with every new version, anyway.

[joedf]

i know that... its obvious... but what i mean basically, is well, you know what i mean

[lexikos]

No, I don't. What I'm saying is that your suggestion is futile. If you knew that, for what reason did you post? A high post count does you no favours.

[joedf]

... I am sorry, i am to vague due to my laziness..

[fischgeek]

Yes, it is a false positive. False positives are a common occurrence with AHK-related software for some bizarre reason.

I've noticed this only when the file in question has any DllCalls in it. I've compiled the following script before and nothing seems to pick it up has harmful.

Code: Select all

MsgBox, I'm not a virus
ExitApp

But, the second I compile something with a DllCall reference (or iWeb back in the day) I had all sorts of troubles. Namely with Windows UAC.

[lexikos]

Regardless of whether you use DllCall, the DllCall function is included in the executable. I don't see why the presence of the text DllCall("SomeFunction", ...) would cause a false positive. The executable parts of each compiled script are identical (and come entirely from AutoHotkeySC.bin).