AVG8 reports virus in Office integrator


Slipstreams Office Servicepacks, hotfixes and custom HotPacks into your Office 2003 Suite. It also creates a reg file with needed entries to satisfy Microsoft Update.

AVG8 reports virus in Office integrator

Postby ht1 » Tue Nov 18, 2008 11:38 am

i've just downloaded the zip file from your site

AVG8 reports the worm/Autoit.DPG
Detected on open
ht1
Junior Member

Posts: 2
Users Information
Joined: Tue Nov 18, 2008 11:35 am

Postby benners » Tue Nov 18, 2008 12:49 pm

ht1 wrote:i've just downloaded the zip file from your site

AVG8 reports the worm/Autoit.DPG
Detected on open


It's called a false positive. Some of the virii out there use UPX compression to make the programs smaller, this is what triggers most AV programs. Also if a malicious program has been created using AutoIt then the signature can get added to the AV databases as something to scan for, leading people to believe that their programs are infected.

I can say that the OI is not infected, but as with other programs if you are not sure either run in a Virtual environment or a sandbox or don't run it. If the program you d/l was infected there would be people posting in the forum about it.
benners

Posts: 502
Users Information
Joined: Sun Dec 31, 2006 1:40 pm

Postby ht1 » Tue Nov 18, 2008 5:28 pm

Setting up a filter for exclusion list in AVG8 should solve the problem.

thats good info nonetheless, i'm just letting you know about it so your people can do something about it, maybe let grisoft know would fix this for everyone or just dont use the compression you mentioned. i dont mind downloading a file a bit bigger than it is right now.
ht1
Junior Member

Posts: 2
Users Information
Joined: Tue Nov 18, 2008 11:35 am

Postby benners » Tue Nov 18, 2008 5:42 pm

ht1 wrote:Setting up a filter for exclusion list in AVG8 should solve the problem.

thats good info nonetheless, i'm just letting you know about it so your people can do something about it, maybe let grisoft know would fix this for everyone or just dont use the compression you mentioned. i dont mind downloading a file a bit bigger than it is right now.


It is not just the upx, AutoIt is an interpreted language so when compiling it adds the interpreter or engine to run the script so if the AV checks for this interpreter that could also throw the alert. Here is a link that explains it. http://www.autoitscript.com/forum/index.php?showtopic=34658
benners

Posts: 502
Users Information
Joined: Sun Dec 31, 2006 1:40 pm

Postby Siginet » Wed Nov 19, 2008 3:17 pm

Yeah it really sucks. Basically once we go final with the OI we will try to contact all of the AV companies and make sure they have our tool in their defenitions as a safe file. But since it is still in beta... it is too much of a hassel to have to worry about it right now.

It may be a good idea to turn off upx compression on the compiled script benners if it is in use. That may help a little. ;)

I am starting to turn off upx on the RVMi from now on.
Image
Windows XP PowerPacker Reviewed in PC-Quest & PC Utilities magazines!
RVM Integrator Reviewed in CPU magazine and Maximum PC!
--Siginet--
User avatar
Siginet
Senior Member

Posts: 1445
Users Information
Joined: Sat May 06, 2006 3:24 pm


Return to Office Integrator

Who is online

Users browsing this forum: Exabot [Bot] and 5 guests

cron