Avast WEBforum

Other => Viruses and worms => Topic started by: wrl on May 16, 2010, 06:01:51 PM

Title: AutoIt V3.6.1 being flagged as virus due to use of upx.exe
Post by: wrl on May 16, 2010, 06:01:51 PM

As of the latest Avast update, AutoIt V3.6.1 scripting system is being flagged as win32:Malware.gen - apparently due to its use of the .exe compressor upx.exe.   I have confirmed beyond all reasonable doubt that there is nothing malicious about this program. Mcafee, Norton do not flag the file.

Avast configuration:
Virus Definitions version: 100516-0
program version: 5.0.545
Win7-64

AutoIt:
V3.6.1
www.autoitscript.com

Title: Re: AutoIt V3.6.1 being flagged as virus due to use of upx.exe
Post by: polonus on May 16, 2010, 06:20:24 PM

Hi wrl,

Read about this here: http://www.threatexpert.com/files/UPX.EXE.html
I wonder why they don't check UPX (and perhaps other compressors) and systematically exclude it from their database,
the problem is that heuristic detection (not virus definitions) seems to flag UPX more often than PECompact,

polonus

Title: Re: AutoIt V3.6.1 being flagged as virus due to use of upx.exe
Post by: superhacker on May 16, 2010, 07:30:52 PM

may it is a protected exe file then protected by upx i.e:crypted with Crypto-Lock then packed with upx,just a guess. :)