Persistent FP - AutoIT compiled scripts

After changes to Avast program about half a year ago, I started getting problems with my apps. At first it seemed just a case of telling Avast that my programs are safe. However after the Avast program updates, it seems to forget all my settings. That means it thinks my scripts are suspicious again. Just now this happened after a detection update. This rings much more serious because detection updates occur almost daily. At some point I may be sharing software and possibly selling it. However I’m very concerned about this recent update. I have created a link to the latest exe I struggled to open. The zip file also includes the source code. This was compiled using an earlier version of AutoIT. It seems Avast is becoming much more difficult to use.

http://www.czardas.co.uk/downloads/thebigrip.zip

SHA-1
47550D7912C44812335DC77D958DDA94A22D6781

have you tested the file at www.virustotal.com

you can report false positive here
http://www.avast.com/en-eu/contact-form.php?loadStyles

Good to see a fellow Man U fan. :slight_smile: No I haven’t tested the file. It would be pointless because I can guarantee that it’s absolutely clean. I’ll look at the FP report link thanks.

Edit:
I’ll contact them in the morning. I’m a bit tired now and I need to think about what to say. Much appreciated.

Did you read the FAQ?

AutoIt scripts tend to be detected as viruses due to its nature of being heavily packed by UPX. It is normal that AutoIt scripts are reported as malicious.

Thus, if an antivirus DOES detect your file on VirusTotal, it is reccominded you send the file to their labs so that they fix the false positive. Then you can sell your products without worry. :wink:

Hi !Donovan,
VT has no problems with this: https://www.virustotal.com/url/511484ed5387faee279267e00fc614136a4cf14d473304ac69ebfdc701830bb4/analysis/1336086154/ 0 detections!

Here the packers are given with the DrWeb’s URL scan:
Checking: hxtp://www.czardas.co.uk/downloads/thebigrip.zip
Engine version: 7.0.1.2210
Total virus-finding records: 2833225
File size: 441.38 KB
File MD5: 8a204215afe3b6336fed39700cc1d71b

hxtp://www.czardas.co.uk/downloads/thebigrip.zip - archive ZIP

hxtp://www.czardas.co.uk/downloads/thebigrip.zip/thebigrip/source/3Dv2.1.au3 - Ok
hxtp://www.czardas.co.uk/downloads/thebigrip.zip/thebigrip/source/Modal.au3 - Ok
htxp://www.czardas.co.uk/downloads/thebigrip.zip/thebigrip/source/resources/NGC 6791.jpg - Ok
hxtp://www.czardas.co.uk/downloads/thebigrip.zip/thebigrip/source/resources/tbr.ico - Ok
htxp://www.czardas.co.uk/downloads/thebigrip.zip/thebigrip/source/The Big Rip.au3 - Ok
htxp://www.czardas.co.uk/downloads/thebigrip.zip/thebigrip/The Big Rip.exe packed by UPX

hxtp://www.czardas.co.uk/downloads/thebigrip.zip/thebigrip/The Big Rip.exe - archive AUTOIT

hxtp://www.czardas.co.uk/downloads/thebigrip.zip/thebigrip/The Big Rip.exe/DOCUME~1\Nick\LOCALS~1\Temp\aut1C1.tmp packed by ASCRIPT

hxtp://www.czardas.co.uk/downloads/thebigrip.zip/thebigrip/The Big Rip.exe/DOCUME~1\Nick\LOCALS~1\Temp\aut1C1.tmp - Ok
hxp://www.czardas.co.uk/downloads/thebigrip.zip/thebigrip/The Big Rip.exe/Documents and Settings\Nick\Desktop\Personal UDF Library\The Big Rip\resources\NGC 6791.jpg - Ok
hxtp://www.czardas.co.uk/downloads/thebigrip.zip/thebigrip/The Big Rip.exe - Ok
htxp://www.czardas.co.uk/downloads/thebigrip.zip - Ok

and given as clean,

polonus

I have decided to observe the behaviour of Avast for the time being. It seems that detection updates have been overriding my settings. This could just be a bug or it may be intentional (I’m not sure). Everything seems fine for now. If the problem continues I’ll report the issue. I imagine it will be fixed in the next program update. Thanks for the responces everyone. I will use the links.

Jotti
http://virusscan.jotti.org/en/scanresult/e04a13d001d0d8190aa8cc935534bdd3d196bbf0

VirusTotal
https://www.virustotal.com/file/baf09baac3c0d0b70d3e6cee621edb2c9c40089adc82b1a36d94bd5c939acc5c/analysis/1336288308/

TrID
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda’s Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
F-Prot packer identifier
UPX

Sigcheck
copyright…: 2012 Nick Wilkinson
comments…: Portable Application
file version…: 1.0.0.0
description…: 3D Bitwise Encodier

First seen by VirusTotal
2012-05-06 07:11:48 UTC ( 1 minutt ago )