Okay I have resubmitted the first FP. In order to make things simpler, I will make a summary.
1. False Positive @
http://www.autoitscript.com/forum/index.php?app=core&module=attach§ion=attach&attach_id=45061VirusTotal URL scanner:
https://www.virustotal.com/en/url/81ed97568dbd1fd3429d9dea0e0eb869dde9c38bbfb1278a47f0ed175af5fa95/analysis/Earlier File scan
https://www.virustotal.com/nb/file/489f0848463403a0e5a054b08ec8431bf5c554113895258399ab973a57ac9ec0/analysis/1410218486/Information about this file can be found in the following forum topic:
http://www.autoitscript.com/forum/topic/164148-checksumverify-verify-integrity-of-the-compiled-exe/The URL (file download link) has been submitted as a false positive twice.
The
file can not be run unless you know how to run it using the AutoIt interpreter which needs to be downloaded from
https://www.autoitscript.com/site/ and then installed on your system. I've never heard of this happening by itself. The file could also possibly be run by a malware program, but the same could be said of practically any file, so we can dismiss this as a reason to target .au3 file extensions containing nothing more than plain text, since by themselves they are
totally harmless to any computer. That's something that is unlikely to change in the foreseeable future.
2. What is AutoIt:Injector-G [Trj] ? Is it written in AutoIt? When did it first appear as a threat? Why is CheckSumVerify.au3 being flagged as AutoIt:Injector-G ?
3. I believe this is also a False Positive:
http://www.autoitscript.com/forum/topic/152017-my-notepad/?p=1089609 - submitted yesterday.
URL (file download link) submitted as a false positive once.
The 7zip probably contains a
compiled autoit script (file extension .exe) which may represent a threat because
it will run without third party software needing to be installed. Here I accept the possibility of a threat, although the virus scans suggest that no virus scanner has a clue what it is - see for yourself:
https://www.virustotal.com/en/file/75e7a14a15ca1d056b803dbdd77b9b38572dd03ef124f32b58dfca32357d1b53/analysis/1410312640/Lot's of apparently contradictory information. Although most virus scanners don't find anything, the 7zip appears to possibly contain several malicious items, one of which appears to have never existed - "Gen2.VXSQX" - at least Google never heard of it.
After further tests with other AutoIt scripts, it is clear that Avast does not flag au3 files indiscriminately. My main concern now is about AutoIt:Injector-G. I need to know what it is. If the Avast team know something that other antivirus companies (or computer users) don't know, then it is irresponsible to not share information about this threat. Let's try and keep everyone safe through education!
Finally it would be a shame if I am forced to replace Avast in order to regain control of my computer, especially since it was another AutoIt user who recommended Avast to me in the first place.