Skip to content
AutoHotKey
2011.12.31 17:18

autohotkey) Virus?

조회 수 34677 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄

autohotkey) Virus?


 

   관련 게시물 :

 

   AUTOhotKEY 웹페이지 열지않고 소스 가져오기 또는 로그인 하기 

   AUTOhotKEY 오토핫키 콤보박스 제어하기

   AUTOhotKEY 웹페이지 감시결과에 따라 마이피플로 글 전송하기

   AUTOhotKEY 윈도우 ahk_id 추출하기

   Autohotkey 엑셀(Excel)에서 행값 증가시키기

   Autohotkey 30분마다 자동으로 디스크 정리하기

                                                                     

                                                   

 

http://www.autohotkey.com/forum/search.php?mode=results


http://www.autohotkey.com/forum/topic19200.html


did you search the forums at all? 


http://www.autohotkey.com/forum/viewtopic.php?t=19100&highlight=virus 

http://www.autohotkey.com/forum/viewtopic.php?t=13067&highlight=virus 

http://www.autohotkey.com/forum/viewtopic.php?t=17163&highlight=virus 

http://www.autohotkey.com/forum/viewtopic.php?t=17365&highlight=virus 

http://www.autohotkey.com/forum/viewtopic.php?t=16170&highlight=virus



AutoIt3 has an option in the compression menu of its "Script to EXE Converter" app to disable UPX compression, which effectively avoids this situation albeit producing a larger executable file, but I see no such similar option in AutoHotkey 1.0.43.09's converter app.


Renaming UPX.EXE will disable compression. One may toggle between names like: 

Code:
F2::

IFExist, C:\Program Files\AutoHotkey\Compiler\UPX.EXE
   FileMove, C:\Program Files\AutoHotkey\Compiler\UPX.EXE, C:\Program Files\AutoHotkey\Compiler\UPX.XXX
Else
IFExist, C:\Program Files\AutoHotkey\Compiler\UPX.XXX
   FileMove, C:\Program Files\AutoHotkey\Compiler\UPX.XXX, C:\Program Files\AutoHotkey\Compiler\UPX.EXE

Return



http://ubuntuforums.org/archive/index.php/t-1590135.html


bodhi.zazen
January 3rd, 2011, 07:05 PM
http://www.autohotkey.com/forum/topic31975.html

You will see here some others with same issue. Compile hello world and get false positives.
I found using latest avast to cure one false positive with tag.exe which is said to be a threat because it modified other files. It is very powerful dos commandline mp3 tagger!

These things (AV detection) are tools, you need to understand how to use them.

First you start by scanning your system from a fresh install, you need a "known good" baseline.

Second you need to know what is "normal" for your usage on your computer. Obviously it goes without saying normal activity on your OS may be abnormal on mine.

Third you need to understand how these tools work. They are based on rules. If foo.exe can modify other files it might be a problem and an alert will be generated. It is then up to you to determine if this is a problem or not. If not it is a false positive. You need to understand that these tools will always err on the side of false positives as false negatives (missing an "infected" file) is by far more unacceptable then a false positive.

Last you need to understand that running these tools on linux is an exercise in false positives as there are no known active viruses for Linux (you system was patched long ago to the known viruses) and these tools can not protect you against zero day exploits.

Thus the tool is functioning normally and PEBKC in that you are not understanding the tool, it's use, and it's limits.


Use UPX to make Firefox load faster


All AutoHotkey (AHK) coders read: No more upx packing of compiled ahk utils http://www.donationcoder.com/forum/index.php?topic=21327.5;wap2



mouser:
As of today, I am advocating that we no longer host any compiled ahk utilities that have been "packed" with upx, which is something that autohotkey does by default when it builds exes.

The process of packing the executable with UPX results in a smaller sized file, but causes a continuous an inevitable false virus malware alert sooner or later.

Any application packed with upx by ahk compilation is almost guaranteed to be marked as a virus sooner or later and is going to cause trouble for any site that hosts it, and any users who get scared by it.

The true fault of this lies with the antivirus programs, but until we can get them to stop their bullshit, this is the only thing we have control over.


SO: If you are an ahk coder, go to your autohotkey /Compiler folder and delete the upx.exe executable.  That will stop ahk from packing your executable with UPX, and should solve the problem.


Again i repeat -- if you use AHK, do not upload to this site any compiled ahk program that is packed with upx -- remove the upx.exe from your ahk and recompile please.
f0dder:
Hrm, is disabling UPX packing enough to not get AHK scripts flagged? I thought that every virus scanner today knows how to unpack UPX (and several other packers) and do the scanning on the unpacked executable.
mouser:
if that's the case, then things are worse than i thought.
f0dder:
Even back in the pre-Win9x DOS days, ThunderByte AntiVirus (TBAV, which was the product back then) could decompress exepackers, and it even had a "virtualization" mode for unknown packers1 - afaik today's antivirus products, at least the better ones, have fast depackers for known exepackers and emulation for unknowns.

I assume the problem with all those false positives is static (or pattern-based) signatures that are simply too short... or heuristic engines that get confused for whatever fscktarded reason.

1: and there was at least one virus that figured out how to break out of the sandboxed mode, in effect causing a virus scan to infect your system :)
Stoic Joker:
Even tho I loved UPXs efficiency I quit using it years ago because of the tendency to FP on anything packed with it (Which is the root of why I hate heuristics). I just got tired of being cut off while trying to run a diagnostic on site because the client's AV ate my tool.

Is is "fair" (to UPX) to impose this limitation? No. But it does appear to be necessary. Even if it is only to eliminate it as the culprit...and/or expose a larger problem if it exists.

m2c




디컴파일러 하는방법이 잇을가요?

 

Autohotkey 를 컴파일 하면 자동으로 UPX 로 되버리는데

 

툴사용해서 언패킹 해봐도 안보이는거같더라구요..



autohotkey 사이트에 보시면 디컴파일러가 따로 있습니다.

http://autohotkey.pe.kr/bbs/board.php?bo_table=qna&wr_id=1#c_3

 

컴파일시 암호를 걸거나 디컴파일 불가 옵션을 두었다면 디컴파일 되지 않습니다.





























로그인 후 댓글쓰기가 가능합니다.

?

List of Articles
번호 분류 제목 날짜 조회 수
82 AutoHotKey AHK) AUTOKEY 웹페이지 열지않고 소스 가져오기 또는 로그인 하기 14 2012.05.12 52942
81 AutoHotKey AHK) 보안프로그램 등으로 화면복사(Printscreen) 안될때 사용방법 1 12 file 2012.11.21 47162
80 AutoHotKey Ahk) 웹페이지 감시결과에 따라 마이피플로 글 전송하기 12 file 2013.01.06 43995
79 AutoHotKey Autohotkey) 화면보호기(ScreenSaver) On/Off 방법 17 2012.03.16 40666
78 AutoHotKey ahk) 오토핫키 콤보박스 제어하기 file 2013.10.30 38137
77 AutoHotKey ahk) autohotkey 엑셀(Excel)에서 행값 증가시키기 2013.10.30 37410
76 AutoHotKey Autohotkey) Find WM_COMMAND parameter with Winspector 17 2012.02.22 35863
» AutoHotKey autohotkey) Virus? 6 2011.12.31 34677
74 AutoHotKey ahk) autohotkey 글자 자르기 방법 2013.10.30 34636
73 AutoHotKey autohotkey) 오토핫키에서 자주쓰는 함수모음 2013.10.30 33648
72 AutoHotKey autohotkey) 30분마다 자동으로 디스크 정리하기 file 2013.07.31 33066
71 AutoHotKey ahk) 열려진 엑셀창의 값 불러오기 1 2013.10.30 32524
70 AutoHotKey autohotkey) 윈도우 ahk_id 추출하기 2 2012.03.06 30084
69 AutoHotKey autohotkey) 편입 변수 4 2012.03.13 28886
68 AutoHotKey autohotkey) postmessage mouse control 13 2012.02.22 28627
67 AutoHotKey [COM] 자바스크립트 / DOM / HTML 웹페이지 컨트롤 3 2011.02.12 27281
66 AutoHotKey [AUTOHOTKEY] FTP 제어 file 2011.02.04 25246
65 AutoHotKey autohotkey) Mutex에 대해서 1 4 2011.12.31 24061
64 AutoHotKey [ahk_l] 구글의 Gmail 자동로그인 소스 3 2011.02.11 22491
63 AutoHotKey AutoHotkey_L: Arrays, Debugger, x64, COM, #If expression 3 2011.02.14 21591
Board Pagination Prev 1 2 3 4 5 Next
/ 5

http://urin79.com

우린친구블로그

sketchbook5, 스케치북5

sketchbook5, 스케치북5

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소