Skip to content
AutoHotKey
2011.12.31 17:18

autohotkey) Virus?

조회 수 31306 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄

autohotkey) Virus?


 

   관련 게시물 :

 

   AUTOhotKEY 웹페이지 열지않고 소스 가져오기 또는 로그인 하기 

   AUTOhotKEY 오토핫키 콤보박스 제어하기

   AUTOhotKEY 웹페이지 감시결과에 따라 마이피플로 글 전송하기

   AUTOhotKEY 윈도우 ahk_id 추출하기

   Autohotkey 엑셀(Excel)에서 행값 증가시키기

   Autohotkey 30분마다 자동으로 디스크 정리하기

                                                                     

                                                   

 

http://www.autohotkey.com/forum/search.php?mode=results


http://www.autohotkey.com/forum/topic19200.html


did you search the forums at all? 


http://www.autohotkey.com/forum/viewtopic.php?t=19100&highlight=virus 

http://www.autohotkey.com/forum/viewtopic.php?t=13067&highlight=virus 

http://www.autohotkey.com/forum/viewtopic.php?t=17163&highlight=virus 

http://www.autohotkey.com/forum/viewtopic.php?t=17365&highlight=virus 

http://www.autohotkey.com/forum/viewtopic.php?t=16170&highlight=virus



AutoIt3 has an option in the compression menu of its "Script to EXE Converter" app to disable UPX compression, which effectively avoids this situation albeit producing a larger executable file, but I see no such similar option in AutoHotkey 1.0.43.09's converter app.


Renaming UPX.EXE will disable compression. One may toggle between names like: 

Code:
F2::

IFExist, C:\Program Files\AutoHotkey\Compiler\UPX.EXE
   FileMove, C:\Program Files\AutoHotkey\Compiler\UPX.EXE, C:\Program Files\AutoHotkey\Compiler\UPX.XXX
Else
IFExist, C:\Program Files\AutoHotkey\Compiler\UPX.XXX
   FileMove, C:\Program Files\AutoHotkey\Compiler\UPX.XXX, C:\Program Files\AutoHotkey\Compiler\UPX.EXE

Return



http://ubuntuforums.org/archive/index.php/t-1590135.html


bodhi.zazen
January 3rd, 2011, 07:05 PM
http://www.autohotkey.com/forum/topic31975.html

You will see here some others with same issue. Compile hello world and get false positives.
I found using latest avast to cure one false positive with tag.exe which is said to be a threat because it modified other files. It is very powerful dos commandline mp3 tagger!

These things (AV detection) are tools, you need to understand how to use them.

First you start by scanning your system from a fresh install, you need a "known good" baseline.

Second you need to know what is "normal" for your usage on your computer. Obviously it goes without saying normal activity on your OS may be abnormal on mine.

Third you need to understand how these tools work. They are based on rules. If foo.exe can modify other files it might be a problem and an alert will be generated. It is then up to you to determine if this is a problem or not. If not it is a false positive. You need to understand that these tools will always err on the side of false positives as false negatives (missing an "infected" file) is by far more unacceptable then a false positive.

Last you need to understand that running these tools on linux is an exercise in false positives as there are no known active viruses for Linux (you system was patched long ago to the known viruses) and these tools can not protect you against zero day exploits.

Thus the tool is functioning normally and PEBKC in that you are not understanding the tool, it's use, and it's limits.


Use UPX to make Firefox load faster


All AutoHotkey (AHK) coders read: No more upx packing of compiled ahk utils http://www.donationcoder.com/forum/index.php?topic=21327.5;wap2



mouser:
As of today, I am advocating that we no longer host any compiled ahk utilities that have been "packed" with upx, which is something that autohotkey does by default when it builds exes.

The process of packing the executable with UPX results in a smaller sized file, but causes a continuous an inevitable false virus malware alert sooner or later.

Any application packed with upx by ahk compilation is almost guaranteed to be marked as a virus sooner or later and is going to cause trouble for any site that hosts it, and any users who get scared by it.

The true fault of this lies with the antivirus programs, but until we can get them to stop their bullshit, this is the only thing we have control over.


SO: If you are an ahk coder, go to your autohotkey /Compiler folder and delete the upx.exe executable.  That will stop ahk from packing your executable with UPX, and should solve the problem.


Again i repeat -- if you use AHK, do not upload to this site any compiled ahk program that is packed with upx -- remove the upx.exe from your ahk and recompile please.
f0dder:
Hrm, is disabling UPX packing enough to not get AHK scripts flagged? I thought that every virus scanner today knows how to unpack UPX (and several other packers) and do the scanning on the unpacked executable.
mouser:
if that's the case, then things are worse than i thought.
f0dder:
Even back in the pre-Win9x DOS days, ThunderByte AntiVirus (TBAV, which was the product back then) could decompress exepackers, and it even had a "virtualization" mode for unknown packers1 - afaik today's antivirus products, at least the better ones, have fast depackers for known exepackers and emulation for unknowns.

I assume the problem with all those false positives is static (or pattern-based) signatures that are simply too short... or heuristic engines that get confused for whatever fscktarded reason.

1: and there was at least one virus that figured out how to break out of the sandboxed mode, in effect causing a virus scan to infect your system :)
Stoic Joker:
Even tho I loved UPXs efficiency I quit using it years ago because of the tendency to FP on anything packed with it (Which is the root of why I hate heuristics). I just got tired of being cut off while trying to run a diagnostic on site because the client's AV ate my tool.

Is is "fair" (to UPX) to impose this limitation? No. But it does appear to be necessary. Even if it is only to eliminate it as the culprit...and/or expose a larger problem if it exists.

m2c




디컴파일러 하는방법이 잇을가요?

 

Autohotkey 를 컴파일 하면 자동으로 UPX 로 되버리는데

 

툴사용해서 언패킹 해봐도 안보이는거같더라구요..



autohotkey 사이트에 보시면 디컴파일러가 따로 있습니다.

http://autohotkey.pe.kr/bbs/board.php?bo_table=qna&wr_id=1#c_3

 

컴파일시 암호를 걸거나 디컴파일 불가 옵션을 두었다면 디컴파일 되지 않습니다.





























로그인 후 댓글쓰기가 가능합니다.

?

List of Articles
번호 분류 제목 날짜 조회 수
22 AutoHotKey IPC 메커니즘에 사용되는 각종 Windows리소스를 이용하는 authotkey( WinExec, CreateProcess, ShellExcute, ShllExcuteEx ) 2011.02.14 7311
21 AutoHotKey [COM] 자바스크립트 / DOM / HTML 웹페이지 컨트롤 3 2011.02.12 21969
20 AutoHotKey Com_invoke to login 2011.02.11 9554
19 AutoHotKey AHK에서 가능한 COM 인터넷 익스플로러 및 GUI 브라우저 1 2011.02.11 17871
18 AutoHotKey [ahk_l] 구글의 Gmail 자동로그인 소스 3 2011.02.11 19369
17 AutoHotKey ahk와 ahk_l 의 웹페이지 로딩완료 체크 비교 3 2011.02.11 18344
16 AutoHotKey autohotkey와 autohotkey_l 의 인터넷 창 띄우기 비교예제 2 2011.02.11 15798
15 AutoHotKey [COM제어] 바탕화면 바로가기 2011.02.11 4942
14 AutoHotKey Internet Explorer Control 2011.02.11 17866
13 AutoHotKey IE.ahk COM 환상강의 1 file 2011.02.10 19270
12 AutoHotKey AutoHotkey COM Standard Library 2 2011.02.10 16085
11 AutoHotKey AHK_L 예제소스 1 2011.02.10 14978
10 AutoHotKey PostMessage로 한글 사용하기 1 2 2011.02.09 14508
9 AutoHotKey com.ahk 1 2011.02.09 16316
8 AutoHotKey UrlDownloadToVar() 1 2011.02.09 13581
7 AutoHotKey 부팅 완료 체크 2011.02.09 15591
6 AutoHotKey [autohotkey] 레지스트리 재부팅이 필요한 항목 수정후 재부팅 없이 바로 적용시킬수있는 방법 1 2011.02.07 14360
5 AutoHotKey Mysqld 프로세서 실시간 감시 2011.02.06 6792
4 AutoHotKey OnMessage() 3 2011.02.05 18565
3 AutoHotKey [autohotkey] TCP/IP 메시지 전달방법 2011.02.05 12093
Board Pagination Prev 1 2 3 4 5 Next
/ 5

http://urin79.com

우린친구블로그

sketchbook5, 스케치북5

sketchbook5, 스케치북5

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소