Autohotkey

Hi:
I ran Avast 4.8 today. It found 8 files infected with “Win32:Spyware-gen [trj]” and moved them to the Chest. The files all relate to 5 mini-apps written in Autohotkey.

[color=red]My questions are:
Are these programs all infected with some bad trojan or are these false positives?
Does Avast target anything written with Autohotkey?
Can I safely use these programs?
If they are infected maybe I simply need to find them at a source which certifes their software is malware free?
[color=blue]If anyone can advice me I’d appreciate it.

[b]All 8 files related to 5 mini-apps that I rather like. They are written in autohotkey scripting.
They are available at http://www.donationcoder.com/Software/Skrommel/index.html
They are:

capshift
desklock
gonein60s
toddlertrap
noclose[/b]

Thanks

SiteAdvisor rates this site yellow.

Gonein60s is classified as W32/YahLover.worm.trojan

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

Thank you for the very good answers and introducing me to SITEADVISOR and VIRUS TOTAL. I reinstalled the files, (excluding “gonein60s”) and scanned them with avast again using the “right click scan mode” in explorer and they seemed OK. But I kind of think the “scan drive” mode may be more agressive as it was the process that first targeted these files. I will upload them to the recommended site VIRUS TOTAL and see how they fare. I will also do a drive scan again and see if avast targets them a second time. I was wondering how you checked that “gonein60s” is classifiedas a W32/YahLover.worm.trojan. That would be useful to know. After reading all the things that Trojans can do in wikipedia \ search “trojan,” I have a healthier respect for deleting and avoiding them.

I also use the mini-app program Winroll.exe which is very useful and has the respect of its users. It was not targeted by avast and it seems to have been written, and maintained by a single dedicated author for many years. Apparently though, some malware has hijacked its name and function and you have to check which directory it runs from to tell the difference. Some site recommended “Security Task Manager” to tell where a process is running from.

SiteAdvisor tested Gonein60s and rated the download red.

@ mars373
The right click scan (ashQuick.exe) is the most thorough of scans as it uses all the unpackers and scans all types of file.

If your reference to “But I kind of think the “scan drive” mode may be more agressive as it was the process that first targeted these files.” refers to the Simple User Interface on-demand scan, then it depends on the settings, to do the same job as the ashQuick.exe (right click scan), it would have to be set to Thorough sensitivity and have Archives selected to be included in the scan.