Hello,
I am using a VBS script which downloads a file using HTTP and saves it to a defined folder.
Code:
strFileURL = "http://dl.dropbox.com/u/1234567/folder/tools.exe"
strHDLocation = "C:\tools\tools.exe"
Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")
objXMLHTTP.open "GET", strFileURL, false
objXMLHTTP.send()
If objXMLHTTP.Status = 200 Then
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1 'adTypeBinary
objADOStream.Write objXMLHTTP.ResponseBody
objADOStream.Position = 0 'Set the stream position to the start
Set objFSO = Createobject("Scripting.FileSystemObject")
If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation
Set objFSO = Nothing
objADOStream.SaveToFile strHDLocation
objADOStream.Close
Set objADOStream = Nothing
End if
Set objXMLHTTP = Nothing
It is currently detected by Avast and 3 other not-so-popular AV programs.
Jotti detection rate:
http://virusscan.jotti.org/en/scanresult/5e6d67b3750bd8a4f0377f7b72d82d8d355239e5
Could you please advise me how to edit the code to make it more friendly to avast? To prevent the detection?
I have already attempted to submit it as a false via Avast interface however it was not fixed after 2 avi updates, so most likely detection is considered correct.
I am using VBS and not wget due to VBS being available on all Win platforms.
Thank you for your assistance.