AVG8 reports virus in Office integrator

[ht1]

i've just downloaded the zip file from your site

AVG8 reports the worm/Autoit.DPG
Detected on open

[benners]

i've just downloaded the zip file from your site

AVG8 reports the worm/Autoit.DPG
Detected on open

It's called a false positive. Some of the virii out there use UPX compression to make the programs smaller, this is what triggers most AV programs. Also if a malicious program has been created using AutoIt then the signature can get added to the AV databases as something to scan for, leading people to believe that their programs are infected.

I can say that the OI is not infected, but as with other programs if you are not sure either run in a Virtual environment or a sandbox or don't run it. If the program you d/l was infected there would be people posting in the forum about it.

[ht1]

Setting up a filter for exclusion list in AVG8 should solve the problem.

thats good info nonetheless, i'm just letting you know about it so your people can do something about it, maybe let grisoft know would fix this for everyone or just dont use the compression you mentioned. i dont mind downloading a file a bit bigger than it is right now.

[benners]

Setting up a filter for exclusion list in AVG8 should solve the problem.

thats good info nonetheless, i'm just letting you know about it so your people can do something about it, maybe let grisoft know would fix this for everyone or just dont use the compression you mentioned. i dont mind downloading a file a bit bigger than it is right now.

It is not just the upx, AutoIt is an interpreted language so when compiling it adds the interpreter or engine to run the script so if the AV checks for this interpreter that could also throw the alert. Here is a link that explains it. http://www.autoitscript.com/forum/in...howtopic=34658

[Siginet]

Yeah it really sucks. Basically once we go final with the OI we will try to contact all of the AV companies and make sure they have our tool in their defenitions as a safe file. But since it is still in beta... it is too much of a hassel to have to worry about it right now.

It may be a good idea to turn off upx compression on the compiled script benners if it is in use. That may help a little.

I am starting to turn off upx on the RVMi from now on.