False positive UPX again

Once again, Avast detects my AutoIt script as a UPX trojan and stops it from working. This happened before in March this year, and I checked it fully and submitted it as a false positive. If Avast keeps doing this I will have no choice but to change to another program.
For the previous postings see:
http://forum.avast.com/index.php?topic=27233.new;topicseen#new

Tode

Has this started with the 0762-0 update (released an hour ago)?

Cheers
Vlk

That is the update I have at the moment. I’m not sure when it arrived though as I have fully auto updating.
Tode

This false positive has now been cured by VPS build 000763-0, under ticket ID: DTD-287546.
Tode

Hi,

I am afraid the problem is still here. I too use AutoIt, and I have a very important compiled script which is now blocked with 000763-0, saying there is a Win32:Hupigon-CXG [Trj] trojan when in fact there is none. Tested on several clean machines. I hope this will be cured quickly, thanks.

Fred

Have you submitted the file to virus at avast dot com?

No, I reported it to Support because it was very obviously almost the same as the previous false positive. Today Support confirmed the problem and told me that it had been fixed. I checked this on my machine before posting the information here.
Tode

I’m having some doubts about this false positive affair… Isn’t it a way to throw dirt at Avast? ??? ;D But can happen!..

I don’t see where your doubts come from, there have been a number of detections on AutoIt scripts in the past which have been false positives. a search of the forums for AutoIt will most certainly reveal more information.

By saying what you did (“Isn’t it a way to throw dirt at Avast?”) you effectively accuse people of making false claims without evidence.

If you don’t believe me ask Avast: they have confirmed the false positive. Some false positives are inevitable. What annoyed me was having a second false positive on a very similar file to what had just been fixed. I have not any more time to spend on this, so I will not be posting again in this thread unless I experience more similar problems.
Tode

And I am happy to confirm that the problem has been solved (quickly) with 000763-1.

The problem with AutoIt is that there really is a number of viruses out there created in this tool. And since every program created in it shares a great deal of code (the AutoIt code), it is somewhat tricky to distinguish between legit programs created with AutoIt and AutoIt-based malware.

Hope this explains it a bit.
Vlk

It a great tool used for bad purposes.

Fred, due to that, if you can, let your AutoIt files in a specific folder and as a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button… You can use wildcards like * and ?.