Skip to content
AutoHotKey
2011.12.31 17:18

autohotkey) Virus?

조회 수 31283 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄

autohotkey) Virus?


 

   관련 게시물 :

 

   AUTOhotKEY 웹페이지 열지않고 소스 가져오기 또는 로그인 하기 

   AUTOhotKEY 오토핫키 콤보박스 제어하기

   AUTOhotKEY 웹페이지 감시결과에 따라 마이피플로 글 전송하기

   AUTOhotKEY 윈도우 ahk_id 추출하기

   Autohotkey 엑셀(Excel)에서 행값 증가시키기

   Autohotkey 30분마다 자동으로 디스크 정리하기

                                                                     

                                                   

 

http://www.autohotkey.com/forum/search.php?mode=results


http://www.autohotkey.com/forum/topic19200.html


did you search the forums at all? 


http://www.autohotkey.com/forum/viewtopic.php?t=19100&highlight=virus 

http://www.autohotkey.com/forum/viewtopic.php?t=13067&highlight=virus 

http://www.autohotkey.com/forum/viewtopic.php?t=17163&highlight=virus 

http://www.autohotkey.com/forum/viewtopic.php?t=17365&highlight=virus 

http://www.autohotkey.com/forum/viewtopic.php?t=16170&highlight=virus



AutoIt3 has an option in the compression menu of its "Script to EXE Converter" app to disable UPX compression, which effectively avoids this situation albeit producing a larger executable file, but I see no such similar option in AutoHotkey 1.0.43.09's converter app.


Renaming UPX.EXE will disable compression. One may toggle between names like: 

Code:
F2::

IFExist, C:\Program Files\AutoHotkey\Compiler\UPX.EXE
   FileMove, C:\Program Files\AutoHotkey\Compiler\UPX.EXE, C:\Program Files\AutoHotkey\Compiler\UPX.XXX
Else
IFExist, C:\Program Files\AutoHotkey\Compiler\UPX.XXX
   FileMove, C:\Program Files\AutoHotkey\Compiler\UPX.XXX, C:\Program Files\AutoHotkey\Compiler\UPX.EXE

Return



http://ubuntuforums.org/archive/index.php/t-1590135.html


bodhi.zazen
January 3rd, 2011, 07:05 PM
http://www.autohotkey.com/forum/topic31975.html

You will see here some others with same issue. Compile hello world and get false positives.
I found using latest avast to cure one false positive with tag.exe which is said to be a threat because it modified other files. It is very powerful dos commandline mp3 tagger!

These things (AV detection) are tools, you need to understand how to use them.

First you start by scanning your system from a fresh install, you need a "known good" baseline.

Second you need to know what is "normal" for your usage on your computer. Obviously it goes without saying normal activity on your OS may be abnormal on mine.

Third you need to understand how these tools work. They are based on rules. If foo.exe can modify other files it might be a problem and an alert will be generated. It is then up to you to determine if this is a problem or not. If not it is a false positive. You need to understand that these tools will always err on the side of false positives as false negatives (missing an "infected" file) is by far more unacceptable then a false positive.

Last you need to understand that running these tools on linux is an exercise in false positives as there are no known active viruses for Linux (you system was patched long ago to the known viruses) and these tools can not protect you against zero day exploits.

Thus the tool is functioning normally and PEBKC in that you are not understanding the tool, it's use, and it's limits.


Use UPX to make Firefox load faster


All AutoHotkey (AHK) coders read: No more upx packing of compiled ahk utils http://www.donationcoder.com/forum/index.php?topic=21327.5;wap2



mouser:
As of today, I am advocating that we no longer host any compiled ahk utilities that have been "packed" with upx, which is something that autohotkey does by default when it builds exes.

The process of packing the executable with UPX results in a smaller sized file, but causes a continuous an inevitable false virus malware alert sooner or later.

Any application packed with upx by ahk compilation is almost guaranteed to be marked as a virus sooner or later and is going to cause trouble for any site that hosts it, and any users who get scared by it.

The true fault of this lies with the antivirus programs, but until we can get them to stop their bullshit, this is the only thing we have control over.


SO: If you are an ahk coder, go to your autohotkey /Compiler folder and delete the upx.exe executable.  That will stop ahk from packing your executable with UPX, and should solve the problem.


Again i repeat -- if you use AHK, do not upload to this site any compiled ahk program that is packed with upx -- remove the upx.exe from your ahk and recompile please.
f0dder:
Hrm, is disabling UPX packing enough to not get AHK scripts flagged? I thought that every virus scanner today knows how to unpack UPX (and several other packers) and do the scanning on the unpacked executable.
mouser:
if that's the case, then things are worse than i thought.
f0dder:
Even back in the pre-Win9x DOS days, ThunderByte AntiVirus (TBAV, which was the product back then) could decompress exepackers, and it even had a "virtualization" mode for unknown packers1 - afaik today's antivirus products, at least the better ones, have fast depackers for known exepackers and emulation for unknowns.

I assume the problem with all those false positives is static (or pattern-based) signatures that are simply too short... or heuristic engines that get confused for whatever fscktarded reason.

1: and there was at least one virus that figured out how to break out of the sandboxed mode, in effect causing a virus scan to infect your system :)
Stoic Joker:
Even tho I loved UPXs efficiency I quit using it years ago because of the tendency to FP on anything packed with it (Which is the root of why I hate heuristics). I just got tired of being cut off while trying to run a diagnostic on site because the client's AV ate my tool.

Is is "fair" (to UPX) to impose this limitation? No. But it does appear to be necessary. Even if it is only to eliminate it as the culprit...and/or expose a larger problem if it exists.

m2c




디컴파일러 하는방법이 잇을가요?

 

Autohotkey 를 컴파일 하면 자동으로 UPX 로 되버리는데

 

툴사용해서 언패킹 해봐도 안보이는거같더라구요..



autohotkey 사이트에 보시면 디컴파일러가 따로 있습니다.

http://autohotkey.pe.kr/bbs/board.php?bo_table=qna&wr_id=1#c_3

 

컴파일시 암호를 걸거나 디컴파일 불가 옵션을 두었다면 디컴파일 되지 않습니다.





























로그인 후 댓글쓰기가 가능합니다.

?

List of Articles
번호 분류 제목 날짜 조회 수
46 컴퓨터잡담 AHK_L) SysListView321 컨트롤 내용 추출하기 2011.10.07 8671
45 컴퓨터잡담 autohotkey - 변수리스트(Variables and Expressions) 모음 2011.09.30 10611
44 AutoHotKey [AHK_B&AHK_L] 익스플로러 HTML 문서정보 알아내기(IE HTML Element Spy) 2011.08.08 13264
43 AutoHotKey [AHK_B&AHK_L] 엑셀 제어 비교. 2 2011.08.02 17858
42 AutoHotKey [AHK_L] 현재 열려진 인터넷 창 값 가져오기 4 2011.08.02 14160
41 컴퓨터잡담 [AHK] COM Standard Library 1 1 2011.07.28 12480
40 컴퓨터잡담 [AHK] AutoHotkey_N, AutoHotkey.dll 1 2011.07.28 12518
39 AutoHotKey 정보수집 2011.03.30 14066
38 AutoHotKey [ahk]웹페이지가 띄워진 창 내용을 추출하여 로딩이 완료되었는지를 확인할 수 있는 소스 2011.02.25 13004
37 AutoHotKey ahk로 만든 파일을 exe로 컴파일 한 후 실행시킬때 변수를 임의 1 1 2011.02.24 13888
36 AutoHotKey 클릭해서 새창열리는 페이지에 클릭 또는 값설정 가능한가요? 2011.02.22 12545
35 AutoHotKey ahk_l 웹페이지 파일로 저장한 뒤 불러와 필요한 부분 추출하여 출력하기 2011.02.22 15106
34 AutoHotKey ahk_l 웹페이지 앞, 뒤페이지 제어 예제소스 및 설명첨부 2011.02.22 15752
33 AutoHotKey ahk_l 과 com 의 이해 2011.02.22 16030
32 AutoHotKey autohotkey_L Object 2011.02.21 13795
31 AutoHotKey COM 사용 1 2011.02.21 17555
30 AutoHotKey 웹페이지의 내용을 변수에 넣기 2011.02.17 12257
29 AutoHotKey WinMenuSelectItem로 메뉴선택하기 1 2011.02.17 12403
28 AutoHotKey [ahk_l] 섬세한 인터넷 자동검색 2011.02.16 15845
27 AutoHotKey [ahk] 다른 프로그램의 트레이 아이콘을 숨기기 1 4 2011.02.16 17085
Board Pagination Prev 1 2 3 4 5 Next
/ 5

http://urin79.com

우린친구블로그

sketchbook5, 스케치북5

sketchbook5, 스케치북5

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소