False positive virus alert?

Get help with using AutoHotkey and its commands and hotkeys
narny
Posts: 3
Joined: 14 May 2016, 09:01

False positive virus alert?

Post by narny » 14 May 2016, 12:25

My AVG anti-virus (virus DB 4568/12229) is reporting "Trojan horse FileCryptor.LCM" in AutoHotkey112305_Install.exe. Yesterday, I uploaded the file to virustotal.com, but only 1 engine (AVG) out of 55 identified it as a virus. I looked again a few minutes ago, and another 3 engines have joined it (McAfee, McAfee-GW-Edition and Rising). I'm assuming it's a false positive and have reported it to AVG.

I can't find hashes for the downloadable files anywhere. Please could someone confirm that my copy is OK?

MD5: 74FDBAF763D4B30C87DBE566C257095B
SHA-1: B5528EAE1B59C37F20A8BF6D4D72ABEE7A4D4F48
SHA-256: 849626ED9888C5F3CC1B10C960B4D40BC5C4C499E9D7F9DD1CEB90B32EF622F3

If this is a false positive, is there anyone else who can be contacted to help sort this out?

Thanks.

--
narny
[edited spelling misteak ;-)]
Last edited by narny on 15 May 2016, 03:42, edited 1 time in total.
JoeWinograd
Posts: 1056
Joined: 10 Feb 2014, 20:00

Re: False positive virus alert?

Post by JoeWinograd » 14 May 2016, 12:31

Hi narny,

Check out this thread:
https://autohotkey.com/boards/viewtopic.php?p=71561

I posted all of the hashes for 1.1.23.05 here:
https://autohotkey.com/boards/viewtopic ... 314#p82314

Regards, Joe
narny
Posts: 3
Joined: 14 May 2016, 09:01

Re: False positive virus alert?

Post by narny » 14 May 2016, 12:35

Thanks Joe. At least I know that it's not me and that I was right to alert AVG to the issue.

--
narny
JoeWinograd
Posts: 1056
Joined: 10 Feb 2014, 20:00

Re: False positive virus alert?

Post by JoeWinograd » 14 May 2016, 12:41

You're welcome, narny. And thanks to you for reporting it to AVG — you did the right thing!
narny
Posts: 3
Joined: 14 May 2016, 09:01

Re: False positive virus alert?

Post by narny » 15 May 2016, 03:41

Update: AVG DB (4568/12233 (15 May 2016, 06:47)) no longer considers AutoHotkey112305_Install.exe a threat. :dance:

--
narny
JoeWinograd
Posts: 1056
Joined: 10 Feb 2014, 20:00

Re: False positive virus alert?

Post by JoeWinograd » 15 May 2016, 08:47

Nice job, narny! You did a great service for AHK users. Regards, Joe
scriptors
Posts: 144
Joined: 25 Feb 2016, 09:01

Re: False positive virus alert?

Post by scriptors » 15 May 2016, 15:48

today I try to download and install v1.1.23.06 but my tablet with win10 found virus
i disable for installer but after have notice for installed file ...
JoeWinograd
Posts: 1056
Joined: 10 Feb 2014, 20:00

Re: False positive virus alert?

Post by JoeWinograd » 15 May 2016, 17:07

> my tablet with win10 found virus

What AV software found the virus? I just downloaded 1.1.23.06 — the U32 EXE and the installer EXE — and scanned both with MBAM and MSE (W7). Both came up clean. I posted the hashes here. Regards, Joe
scriptors
Posts: 144
Joined: 25 Feb 2016, 09:01

Re: False positive virus alert?

Post by scriptors » 16 May 2016, 01:28

Window defender
Willy

Re: False positive virus alert?

Post by Willy » 16 May 2016, 01:41

Windows defender
L’erreur suivante s’est produite : Code d’erreur : 0x80508023. Le programme n’a pas trouvé de logiciel malveillant ou d’autres logiciels potentiellement dangereux sur cet ordinateur.

Catégorie : Cheval de Troie

Description : Ce programme est dangereux et il exécute des commandes émanant d’une personne malveillante.

Action recommandée : Supprimer immédiatement ce logiciel.

Éléments :
containerfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{1DF0314A-CC59-4D3E-84D3-11F4F37E3067}-AutoHotkey112306.zip
containerfile:C:\Users\Willy\AppData\Local\Microsoft\Windows\INetCache\IE\7ERB4SJG\AutoHotkey112306.zip
file:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{1DF0314A-CC59-4D3E-84D3-11F4F37E3067}-AutoHotkey112306.zip->AutoHotkey.exe
file:C:\Users\Willy\AppData\Local\Microsoft\Windows\INetCache\IE\7ERB4SJG\AutoHotkey112306.zip->AutoHotkey.exe
webfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{1DF0314A-CC59-4D3E-84D3-11F4F37E3067}-AutoHotkey112306.zip|iexplore.exe
JoeWinograd
Posts: 1056
Joined: 10 Feb 2014, 20:00

Re: False positive virus alert?

Post by JoeWinograd » 16 May 2016, 11:46

I just scanned AutoHotkey112306_Install.exe on W10 with Windows Defender, virus defs updated today to Version 1.219.1973.0 — came up clean. Regards, Joe
Post Reply

Return to “Ask For Help”