I have sent a lot of files to analysis in the past that were false positives of AutoIt scripts.
In the last VPS, a lot of false detections were back again
Igor, can you check?
17/10/2006 15:08:32 1161108512 SYSTEM 924 Sign of “Win32:Autoit [Trj]” has been found in “…\Flush DNS.exe[UPX]” file.
17/10/2006 15:09:14 1161108554 SYSTEM 924 Sign of “Win32:Autoit [Trj]” has been found in “…\avast! Update Silent.exe[UPX]” file.
I would have though that by now that Alwil wouldn’t have just given a specific autoit malware name, but obtained a copy of autoit and tried to identify what it is in the autoit conversion process to an executable file that caused the problem ???
I’ve created a sort of task sheduler with AutoIt which runs a program on a certain time.
The task shedular exe runs without any problem, but when it calls the backup utility, Avast gives the trojan horse alert (Win32.AutoIt Trojan Horse). Both programs are created with the same AutoIt version.
The filename is mentioned as backup.exe[UPX] on the Avast alert message.
This shouldn’t be an trojan…
[edit] The task shedular was already running some hours before avast updated his virus definitions this night.
It also won’t run anymore now because avast denies the access
If you are certain it isn’t infected (and it probably isn’t) add it to the exclusions lists: Standard Shield, Customize, Advanced add the path and file name e.g. C:*\autoit-file-folder\backup.exe the wild card can be used to shorten the path. Program Settings, Exclusions
I’m not sure of the benefit of sending it to avast other than highlight yet another autoit compiled file being detected again.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.
It won’t be bad if they test more than now, because I know they test AutoIt executable files.
My avast! tweaker, which development is ‘stopped’ right now, I’m with very little ‘spare’ time, it is detected by avast too.
Well, false positives are really a pain. I’ve added my AutoIt executables to the avast Exclusion lists. Peace 8)
still dont fix the problem!
Running “UniExtract.exe” causes a windows error “Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.”
If I reboot and run it again, I get an Avast infection notification.
This is so incredibly anoying…
Yes, I do have that very same VPS database installed.
However, these files are only installed when you also install the current Scite version from the AutoIt page. The files reside in \AutoIt\Scite\AutoIt3Wrapper.
I’ve mailed those files to virus (at) avast (dot) com, maybe they can sort it out.