Windows defender tells me that a virus is in the autohotkey setup file
Posted: 22 Apr 2024, 09:06
by ManualColdkey
I downloaded from the official website "AutoHotkey_2.0.13_setup.exe" and windows defender tells me that there is a trojan: "Trojan:Win32/Tnega!MSR"
I already installed autohotkey 2.0.13, and I encountered no issues, I followed windows defender instructions and I removed the virus (or at least I think and hope I did).
- Has this happened to someone else?
- Could it be a false positive or should I worry?
Thanks in advance
Re: Windows defender tells me that a virus is in the autohotkey setup file
Posted: 22 Apr 2024, 09:10
by joedf
The file checksums / hashes are provided here:
viewtopic.php?p=568805#p568805
If they match, it's very likely a false positive.
Please have a look at our false positives topic here:
viewtopic.php?f=17&t=62266
Re: Windows defender tells me that a virus is in the autohotkey setup file
Posted: 22 Apr 2024, 09:12
by gregster
Unfortunately, AutoHotkey gets regularly false positives from AV software, especially (but not limited to) new releases.
https://www.autohotkey.com/docs/v2/FAQ.htm#Virus
viewtopic.php?f=17&t=62266
If you download from this page or the github release page (
https://github.com/AutoHotkey/AutoHotkey/releases), you should be fine.
There are also SHA256 hashes you can check against. For v2.0.13, these would be
https://github.com/AutoHotkey/AutoHotkey/releases wrote:SHA256 hash
D7646CA3A26760FE5633288D79D7B6A44CFC19A85C5315F94E0861963F1C601E AutoHotkey_2.0.13_setup.exe
A7DB865B054314D253293A1F427D3A155DA5164060804AAC431020E26A40E1AD AutoHotkey_2.0.13.zip
Edit: too late
Re: Windows defender tells me that a virus is in the autohotkey setup file
Posted: 22 Apr 2024, 09:24
by ManualColdkey
The file checksums / hashes are provided here:
viewtopic.php?p=568805#p568805
If they match, it's very likely a false positive.
Thank you for your fast response
I'm not very comuter literate, could you explain what should I do to check if they match?
Re: Windows defender tells me that a virus is in the autohotkey setup file
Posted: 22 Apr 2024, 09:51
by gregster
There are different utilities which can do this. If you have a recent MS Powershell version installed, this should work:
https://www.se.com/us/en/faqs/FAQ000244427/
Worked here (where Windows Defender also originally quarantined the latest AHK installer and I had to restore it):
- ps.png
- (15.79 KiB) Downloaded 314 times
Re: Windows defender tells me that a virus is in the autohotkey setup file
Posted: 22 Apr 2024, 10:02
by garry
Windows Defender deleted my big text-file (xy.txt) with contained ahk scripts
It's possible to exclude some folders/files from scanning .
---------------------
https://www.theregister.com/2024/04/21/microsoft_national_security_risk/
-- Why Microsoft is a national security threat • The Register
------------------
https://www.theregister.com/2024/04/22/edr_attack_remote_data_deletion/
-- Researchers: Windows Defender attack can delete databases • The Register
Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files.
And, they asserted, the hole could remain exploitable – even after both vendors claim to have patched the problem.
---------------------
https://www.bleepingcomputer.com/news/security/autohotkey-malware-is-now-a-thing/ 2018-03-30
-- AutoHotkey Malware Is Now a Thing
------------------
Re: Windows defender tells me that a virus is in the autohotkey setup file
Posted: 22 Apr 2024, 10:17
by ManualColdkey
Thank you!
They matched.
(where Windows Defender also originally quarantined the latest AHK installer and I had to restore it)
So it happened to you too? I'm relieved, that probably means that it was a false positive
Thank you to all of you