Author Topic: AutoIt V3.6.1 being flagged as virus due to use of upx.exe  (Read 4183 times)

0 Members and 1 Guest are viewing this topic.

Offline wrl

  • Newbie
  • *
  • Posts: 1
As of the latest Avast update, AutoIt V3.6.1 scripting system is being flagged as win32:Malware.gen - apparently due to its use of the .exe compressor upx.exe.   I have confirmed beyond all reasonable doubt that there is nothing malicious about this program. Mcafee, Norton do not flag the file.

Avast configuration:
Virus Definitions version: 100516-0
program version: 5.0.545
Win7-64

AutoIt:
V3.6.1
www.autoitscript.com

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33109
  • malware fighter
Re: AutoIt V3.6.1 being flagged as virus due to use of upx.exe
« Reply #1 on: May 16, 2010, 06:20:24 PM »
Hi wrl,

Read about this here: http://www.threatexpert.com/files/UPX.EXE.html
I wonder why they don't check UPX (and perhaps other compressors) and systematically exclude it from their database,
the problem is that heuristic detection (not virus definitions) seems to flag UPX more often than PECompact,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline superhacker

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 979
  • superhacker != super mario
Re: AutoIt V3.6.1 being flagged as virus due to use of upx.exe
« Reply #2 on: May 16, 2010, 07:30:52 PM »
may it is a protected exe file then protected by upx i.e:crypted with Crypto-Lock then packed with upx,just a guess. :)
Dreams don't die, they just fall asleep.