trojan in autohotkey installer?

Get help with using AutoHotkey (v1.1 and older) and its commands and hotkeys
lexikos
Posts: 9553
Joined: 30 Sep 2013, 04:07
Contact:

Re: trojan in autohotkey installer?

27 Apr 2016, 22:56

JoeWinograd wrote:I don't know if anything was done in 1.1.23.05 to address this issue specifically,
No, but
v1.1.23.04
Fixed LV_Modify to support omitting Options, as in LV_Modify(r,, col1).
Changed the installer back to the standard 7-zip self-extractor (7zS2.sfx v9.20). It has less useful error reporting in the event of failure but also less antivirus false positives.
https://autohotkey.com/boards/viewtopic ... 24&t=13085
User avatar
JoeWinograd
Posts: 2177
Joined: 10 Feb 2014, 20:00
Location: U.S. Central Time Zone

Re: trojan in autohotkey installer?

28 Apr 2016, 09:01

Thanks for posting that, Steve — very interesting! Regards, Joe
User avatar
JoeWinograd
Posts: 2177
Joined: 10 Feb 2014, 20:00
Location: U.S. Central Time Zone

Re: trojan in autohotkey installer?

15 May 2016, 16:52

I just downloaded 1.1.23.06, both the U32 AutoHotkey.exe and the AutoHotkey112306_Install.exe installer. Scanned both with MBAM and MSE (W7) — both clean! Here are hashes for the U32 EXE:

CRC32(SFV): 9F0FC8A0
MD5: 01df23072ec4ea0175c4916200508841
SHA1: 536f9638c8befb8c466aac23a8bfaa7f1b1613b6
SHA256: 9284b1906c2eb0cbe2f67dd75527524cb4a8f2f974bd00fc846912657eeecbe4
SHA512: 81f26eb79e5fb79e40287f1a101eed3399f606e840f6bab2f60a9a36567d7ec4937f86d5e198faf7981bf068d4e972a7621d0e0514126288d9d809370363af19

Here are the hashes for the installer EXE:

CRC32(SFV): 70E75706
MD5: 7abbc15f434d9611505e7058a4c932a9
SHA1: afc0d0f02ad9d984ad52b90dab6fbc894283893f
SHA256: a58efff6bb1ad34b12cdd95991c084045efed6439f5bd2b96d08af893aadb9cc
SHA512: 119349e212763e82f1d6a901f78e620b984587104eb3302c21011f63a4da09501bb30acb85e67cc07f0ac885018248b1caac1943151947446914c0f24a17f482

Regards, Joe
User avatar
fischgeek
Posts: 435
Joined: 29 Jan 2014, 21:39

Re: trojan in autohotkey installer?

10 Aug 2016, 09:36

Sorry to bump an old thread that very well might have a resolution, but I couldn't seem to find one. Just did a fresh install of AHK on a new Windows 10 Pro machine and Windows Defender won't leave me alone about this. I keep trying to take it out of Quarantine, but it puts it right back in there. Was there a fix for this? I tried to us Lexikos' installer he referenced here: https://autohotkey.com/boards/viewtopic ... 24&t=13085 -- but still having the same issue. Anyone have any thoughts/ideas?
User avatar
joedf
Posts: 8940
Joined: 29 Sep 2013, 17:08
Location: Canada
Contact:

Re: trojan in autohotkey installer?

10 Aug 2016, 09:53

version info?
mine:

Code: Select all

Version du client anti-programme malveillant : 4.9.10586.494
Version du moteur : 1.1.12902.0
Définition antivirus : 1.225.3084.0
Définition du logiciel espion : 1.225.3084.0
Version du moteur du système d’inspection du réseau : 2.1.12706.0
Version des définitions du système d’inspection du réseau : 116.18.0.0
Sorry about it being french :b
Image Image Image Image Image
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x16GB Kingston FURY Beast - DDR4 3200 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]
User avatar
JoeWinograd
Posts: 2177
Joined: 10 Feb 2014, 20:00
Location: U.S. Central Time Zone

Re: trojan in autohotkey installer?

10 Aug 2016, 09:58

A work-around was recently posted here:
https://autohotkey.com/boards/viewtopic.php?f=5&t=21328
Regards, Joe
User avatar
lmstearn
Posts: 688
Joined: 11 Aug 2016, 02:32
Contact:

Re: trojan in autohotkey installer?

06 Jan 2017, 05:46

This is an curious issue with the AutoHotkey.zip for updating to 1.1.24.04. (There's absolutely no problem with the installer for that version.)

Open the zip with 7z 16.04 64bit, select the files in the package bar the compiler folder and extract to \Program Files\AutoHotkey: works.
Navigate to the compiler folder and attempt to extract all files in there to anywhere: not working- (copy dialog bombs without an exception.)
However, selecting everything and extracting to \Program Files\AutoHotkey works!
:arrow: itros "ylbbub eht tuO kaerB" a ni kcuts m'I pleH
swampy
Posts: 3
Joined: 07 Mar 2017, 11:13

Re: trojan in autohotkey installer?

07 Mar 2017, 11:53

Hi,

I got "Trojan.Gen.8 (https://us.norton.com/security_response ... 08-2853-99)" from Norton Security Suite on AHK2EXE today when updating AHK to v1.1.25.01 via the ninite.com updater. Norton seems to have deleted the file and I don't see a way to restore it to get checksums or other information.

Regards,
Swampy
swampy
Posts: 3
Joined: 07 Mar 2017, 11:13

Re: trojan in autohotkey installer?

07 Mar 2017, 12:22

I tried downgrading AHK using the prior installer (v1.1.25.00) on this site and then checking for updates in the ninite.com updater, and it found and updated AHK, but the updated version did not have the Compiler folder. So I downloaded the v1.1.25.01 .zip and copied the Compiler folder from that to the AHK folder. I was able to run it.

CRC of the new file:

Code: Select all

C:\> CertUtil -hashfile "C:\Program Files\AutoHotkey\Compiler\Ahk2Exe.exe" MD5
MD5 hash of file C:\Program Files\AutoHotkey\Compiler\Ahk2Exe.exe:
e3 8c 2c 35 7a be df 80 a7 e8 b0 2a 26 8c cc 84
CertUtil: -hashfile command completed successfully.
I still don't see a way to find/get the CRC of the blocked file. Sorry if this is not enough information to help.

Regards,
Swampy
swampy wrote:Hi,

I got "Trojan.Gen.8 (https://us.norton.com/security_response ... 08-2853-99)" from Norton Security Suite on AHK2EXE today when updating AHK to v1.1.25.01 via the ninite.com updater. Norton seems to have deleted the file and I don't see a way to restore it to get checksums or other information.

Regards,
Swampy
AtleastItried
Posts: 51
Joined: 03 Mar 2017, 04:51

Re: trojan in autohotkey installer?

07 Mar 2017, 16:34

As long as it's a false positive I am fine with it.
User avatar
joedf
Posts: 8940
Joined: 29 Sep 2013, 17:08
Location: Canada
Contact:

Re: trojan in autohotkey installer?

07 Mar 2017, 18:37

Double-check for hashes, most probably a false positive
Image Image Image Image Image
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x16GB Kingston FURY Beast - DDR4 3200 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]
robdawg133

Re: trojan in autohotkey installer?

21 Jan 2018, 09:59

it showed one in my installer to, but im here to say for a fact that AHK is definitely not a virus it's 100% safe.

I use AHK for CS:GO all the time and never have had any problems.

A real virus would make your computer where you couldn't do hardly anything at all on it.
JSHARP

Re: trojan in autohotkey installer?

12 Mar 2018, 13:10

I had an older version on a different computer that came back clean, but in downloading the most recent version I am getting Trojan warnings from VT. Any ideas why?

https://www.virustotal.com/#/file/ce970 ... /detection
gregster
Posts: 8916
Joined: 30 Sep 2013, 06:48

Re: trojan in autohotkey installer?

12 Mar 2018, 14:21

The newest version often causes false positives. After some time, it is sorted out.
JsHARP

Re: trojan in autohotkey installer?

12 Mar 2018, 15:15

How do I know if it's a false positive or something has gone wrong with the code and it's compromised?
gregster
Posts: 8916
Joined: 30 Sep 2013, 06:48

Re: trojan in autohotkey installer?

12 Mar 2018, 15:45

Well, the safest way: Download the source code, study it and compile it yourself.
If that is not an option for you (which I assume), either use an older version (https://autohotkey.com/download/1.1/) or believe in AHK. Of course, a hack can never 100 % ruled out - but that is true for every application and every website - but then old versions could also be affected. We have had false positives for nearly every version - in the end, they were all ok.
I just compared the exe-installer from just now (look above) with the one I downloaded and used since 4 weeks ago (atm 4 positives) - shortly after version 1.1.28 came out. It still creates the same hash on VirusTotal and hasn't shown suspicious behaviour in this time - it was also ok with my virus scanner.
But in the end - it is your decision. Just use common sense and an up-to-date system (and don't download AHK from dubious sources).

Return to “Ask for Help (v1)”

Who is online

Users browsing this forum: garry, marypoppins_1, mikeyww and 115 guests