Author Topic: Autoit false positives  (Read 4613 times)

0 Members and 1 Guest are viewing this topic.

clank

  • Guest
Autoit false positives
« on: January 15, 2006, 09:19:59 AM »
I'm getting some annoying false alerts on compiled Autoit exe's.

'Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\Program Files...'

Build 4.6.744, latest updates
« Last Edit: January 15, 2006, 09:26:41 AM by clank »

Offline XMAS

  • Avast translator
  • Super Poster
  • ***
  • Posts: 1211
  • Santa is watching you ;)
    • avast! in Bulgarian
Re: Autoit false positives
« Reply #1 on: January 15, 2006, 10:23:51 AM »
Hello :)

With latest VPS update(0603-0) had been added and new Trojan-gens. If you get a false positive you can send the file to virus[at]avast[dot]com in password protected archive (usually the password is "virus") and in the mail body you can write that this is a false positive detection. And Alwil will fix the problem ;)
You've Got To Get Close To The Flame To See What It's Made Of...

teknobass

  • Guest
Re: Autoit false positives
« Reply #2 on: January 15, 2006, 12:22:41 PM »
Hi, im getting also false positives on my own compiled autoIT scripts. Using VPS 0603-0. Scared the sh*t out of me, but fortunately it seems that they are false positives

Dorset Dave

  • Guest
Re: Autoit false positives
« Reply #3 on: January 15, 2006, 12:44:37 PM »
Same here.

What kind of archive do you need?

~Dave

(Newbie here)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Autoit false positives
« Reply #4 on: January 15, 2006, 01:01:27 PM »
What kind of archive do you need?
To what?
Just add the AutoIt files to the exclusion lists.
I did it with a whole folder of AutoIt files. Other programs will detect them as false positives too due to the nature of the trojan-gen signatures... Ewido, Trojan Hunter, a-squared... from time to time give these false alarms.

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demmand scanning):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...
The best things in life are free.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Autoit false positives
« Reply #5 on: January 15, 2006, 03:21:13 PM »
Clank, teknobass, Dorset Dave, please send the files (the ones that are incorrectly detected) to virus@avast.com. The best way is to pack them with ZIP or RAR, protected the archive with a password and send the e-mail e.g. with "false alarm" subject (don't forget to note the password in the e-mail).
You may have to disable the resident protection temporarily (to be able to pack the file).

petersboulton

  • Guest
Re: Autoit false positives
« Reply #6 on: January 16, 2006, 10:19:32 AM »
This is the third occasion that compiled AutoIt scripts have been recognised as Trojans, that I can remember.  On each occasion it gets fixed, so why, oh why can't Avast be tested with them BEFORE it gets updated to the world?

What's the difference between AutoIts and, say, InstallShield installers, WinZip sfx-s etc.?

Please, Mr. Avast, could you incorporate a few AutoIts in your pre-release testing?  Thanks!

Pete

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Autoit false positives
« Reply #7 on: January 16, 2006, 10:29:19 AM »
They are "incorporated".
Unfortunatelly, it seems there are many versions...

petersboulton

  • Guest
Re: Autoit false positives
« Reply #8 on: January 16, 2006, 11:07:28 AM »
Clearly the CURRENT version of AutoIt is not incorporated?  Otherwise we wouldn't get the false positives!

Surely it's not too much to ask for - just to make AutoIts compiled with the current version of Autoit accepted by Avast?

Manitoban

  • Guest
Re: Autoit false positives
« Reply #9 on: January 16, 2006, 02:47:58 PM »
Edit: Withdrawn. My apologies.

dr.mow

  • Guest
Re: Autoit false positives
« Reply #10 on: April 11, 2006, 08:32:22 AM »
with the latest avast signatur 615-0 i dont have any false positive alerts with my autoit3.
so, all runs fine..... (for me..)