AutoIt installer False Positive

I just downloaded the AutoIt installer and editor from www.autoitscript.com . When I allowed the Avast anti-virus screen saver to run, it reported that 3 of the files installed from the AutoIt website to be “Win32:Rootkit-gen [RtK]”. Two of the files are installed from the editor and one of the files is from the AutoIt program. All of these appear to be false positives.

Is there someway to submit my scan results here?

I should also point out that this was with the latest version of AutoIt and SCitE4AutoIt as well as the virus definition downloaded last night: 120118-0.

Hello,
which file(s) exactly? Post here the whole urls to download files (I tried to download the files and we don’t detect them).

Milos

Hi Milos,

Just tested it, and the detections are attached.

Will send them to you guys. (email and chest)

Basically the most recent versions of the installers.

vps: 120118-0

Scott

EDIT: Sent.

I just had a similar problem trying to run the AU3Info tool from within the SciTE editor. Avast complained about Autoit3wrapper being that rootkit mentioned above. Kind of a pain!

wow…just had an avast update while typing the last one - reinstalled AutoIt and no problems with Avast. Cool!

Hello,
it should be fixed in current VPS.

Milos

Confirmed. Not detected in vps: 120118-1

Thanks Milos :slight_smile:

Missed this the first time around, sorry.

Your post here was enough I suppose, but it helps avast if they have the files. :slight_smile:

There are two methods of submission to avast.

  1. Submit via the Virus Chest.
  • Open avast → Maintenance → Virus Chest → Right click on the file → Submit to virus lab
  • Once this is done, manually update to start the submission.
  1. Send by Email
    -Send the file in a Password protected archive to virus(at)avast.com