False positive: Win32:AutoIt-AT

I just today realized that one of my kind of useless AutoIt scripts is flagged as a virus, haha funny I thought, but then I realized that this would hurt AutoIt - the scripting language www.autoitscript.com
So here I am! I got source and binary.

First I thought I’d check how many antiviruses that had flagged my proggy, so here is virustotal:

Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.3.15.0 2008.03.14 - AntiVir 7.6.0.73 2008.03.14 - Authentium 4.93.8 2008.03.13 - Avast 4.7.1098.0 2008.03.13 Win32:AutoIt-AT AVG 7.5.0.516 2008.03.14 - BitDefender 7.2 2008.03.14 - CAT-QuickHeal 9.50 2008.03.13 - ClamAV 0.92.1 2008.03.14 - DrWeb 4.44.0.09170 2008.03.14 - eSafe 7.0.15.0 2008.03.09 suspicious Trojan/Worm eTrust-Vet 31.3.5614 2008.03.14 - Ewido 4.0 2008.03.14 - F-Prot 4.4.2.54 2008.03.13 - F-Secure 6.70.13260.0 2008.03.14 - FileAdvisor 1 2008.03.14 - Fortinet 3.14.0.0 2008.03.14 - Ikarus T3.1.1.20 2008.03.14 IM-Worm.Win32.Sohanad.cv Kaspersky 7.0.0.125 2008.03.14 - McAfee 5251 2008.03.13 - Microsoft 1.3301 2008.03.13 - NOD32v2 2947 2008.03.14 archive damaged Norman 5.80.02 2008.03.13 - Panda 9.0.0.4 2008.03.13 - Prevx1 V2 2008.03.14 - Rising 20.35.42.00 2008.03.14 - Sophos 4.27.0 2008.03.14 - Sunbelt 3.0.963.0 2008.03.14 - Symantec 10 2008.03.14 - TheHacker 6.2.92.245 2008.03.14 Trojan/Downloader.AutoIt.co VBA32 3.12.6.2 2008.03.13 - VirusBuster 4.3.26:9 2008.03.14 - Webwasher-Gateway 6.6.2 2008.03.14 - Övrig information File size: 338929 bytes MD5: 48f622cfbce00add9b8eabcfd79b5cd8 SHA1: b614a7fb7a55367f9071c799b35f239493f51916 PEiD: - packers: UPX packers: PE_Patch.UPX
I hope you don't mind the swedish :P

So I can tell what the program does, and then if some developer needs the source and the binary, I’d post it here. Totally harmless!

So what it does:
It makes a GUI with a IE window in it and connects to miniclip2.shockplay.com/robotrage/rearmed/default.php (a miniclip games URL). This program was originally made to “bot” control the game, but I was too lazy and didn’t get it to work, so my younger brother plays the game from it, like a shortcut :stuck_out_tongue:
I know the program is useless and I wont have any need of it, but I think that if all AutoIt scripters think like that, the whole AutoIt language is soon flagged as virus.
So, please update that.

As said more information on request!

Hi LinuZ,

Heuristics and av-programs detect a program that looks like a Trojan Dropper, because of the FileInstall taking place, So when something looks like a dog, and smells like a dog, it should not be a wolf outright, should it?.
Read why it is flagged by some:
http://secunia.com/virus_information/32391/autoit.x/

polonus

Similar thread: http://forum.avast.com/index.php?topic=33838
You should use avast Exclusion lists and send the file for analysis and correction to virus (at) avast (dot) com