Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
scripts
hosting
jscript
remote
scripting.wsh
scriptlets
vbscript
virus.discussion
  
 
date: Fri, 30 May 2008 16:11:24 -0400,    group: microsoft.public.scripting.virus.discussion        back       


Autoit    
Autoit is a scripting agent that is being picked up in VirusTotal as a
Trojan; 10/32 or 31.25% of the listed scan engines. This is not a virus or
malware only it is vulnerable to malicious "script kiddies". Anyone familiar
with this product and want to share their thoughts on this?
date: Fri, 30 May 2008 16:11:24 -0400   author:   Jim lid

Re: Autoit    
From: "Jim" <invalid@example.invalid>

| Autoit is a scripting agent that is being picked up in VirusTotal as a
| Trojan; 10/32 or 31.25% of the listed scan engines. This is not a virus or
| malware only it is vulnerable to malicious "script kiddies". Anyone familiar
| with this product and want to share their thoughts on this?
|

Please post the URL of the Virus Total report or post the text of that report.

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
date: Sat, 31 May 2008 19:20:30 -0400   author:   David H. Lipman DLipman~nospam~@Verizon.Net

Re: Autoit    
Hi Dave, is this what you need?

File browser.exe received on 06.02.2008 10:48:00 (CET)Antivirus Version Last
Update Result
AhnLab-V3 2008.5.30.1 2008.06.02 -
AntiVir 7.8.0.26 2008.06.02 -
Authentium 5.1.0.4 2008.06.01 W32/Malagent
Avast 4.8.1195.0 2008.06.01 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.02 -
BitDefender 7.2 2008.06.02 -
CAT-QuickHeal 9.50 2008.05.31 -
ClamAV 0.92.1 2008.06.02 -
DrWeb 4.44.0.09170 2008.06.02 -
eSafe 7.0.15.0 2008.06.01 suspicious Trojan/Worm
eTrust-Vet 31.4.5837 2008.05.30 -
Ewido 4.0 2008.06.01 -
F-Prot 4.4.4.56 2008.06.01 W32/Malagent
F-Secure 6.70.13260.0 2008.06.02 -
Fortinet 3.14.0.0 2008.06.02 -
GData 2.0.7306.1023 2008.06.02 Win32:Trojan-gen
Ikarus T3.1.1.26.0 2008.06.02 Trojan.Win32.Autoit.D
Kaspersky 7.0.0.125 2008.06.02 -
McAfee 5307 2008.05.30 -
Microsoft 1.3520 2008.06.02 Backdoor:Win32/Agent
NOD32v2 3150 2008.06.01 archive damaged
Norman 5.80.02 2008.05.30 -
Panda 9.0.0.4 2008.06.01 -
Prevx1 V2 2008.06.02 Malicious Software
Rising 20.47.00.00 2008.06.02 Trojan.Win32.Malagent.a
Sophos 4.29.0 2008.06.02 -
Sunbelt 3.0.1139.1 2008.05.29 -
Symantec 10 2008.06.02 Trojan Horse
TheHacker 6.2.92.331 2008.06.02 Trojan/Agent.lf
VBA32 3.12.6.6 2008.06.01 -
VirusBuster 4.3.26:9 2008.06.01 -
Webwasher-Gateway 6.6.2 2008.06.02 -

Additional information
File size: 43387 bytes
MD5...: d8dfa157a09614c969373b7e421c103c
SHA1..: 2a41c4c0c9aedddda57294753895a2bda3b1d4fd
SHA256: 49b9816a6ab562cf961e19afcc2d2d262aed16037e9d4aaeb42ae821b1e36e2d
SHA512:
d1f6471aa004ef111036ef0148cc839010beee73fe60bfec4c482a1e2d3e3b93<BR>03e7bd65
481ff297a02d230591aabd3b1f6daa199a3a589be3c201ff0edee04f
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John
Reiser
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.:
0x448b30<BR>timedatestamp.....: 0x3e00c9ca (Wed Dec 18 19:17:30
2002)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name
viradd virsiz rawdsiz ntrpy md5<BR>UPX0 0x1000 0x3f000 0x0 0.00
d41d8cd98f00b204e9800998ecf8427e<BR>UPX1 0x40000 0x9000 0x8e00 7.88
804e3e6f0857bd94c28fb9701dd53cfe<BR>.rsrc 0x49000 0x2000 0x1400 3.36
34885b13bf5439c8135e7c8eaab09eea<BR><BR>( 6 imports ) <BR>> KERNEL32.DLL:
LoadLibraryA, GetProcAddress, ExitProcess<BR>> ADVAPI32.dll:
RegCloseKey<BR>> comdlg32.dll: GetOpenFileNameA<BR>> GDI32.dll:
GetStockObject<BR>> SHELL32.dll: Shell_NotifyIconA<BR>> USER32.dll:
IsIconic<BR><BR>( 0 exports ) <BR>
Prevx info:
http://info.prevx.com/aboutprogramtext.asp?PX5=D9CDF6517B5FFD83A9E7002E360C5D0036ABE1DD
packers (Kaspersky): UPX, Autoit



"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:exEisT3wIHA.4912@TK2MSFTNGP03.phx.gbl...
> From: "Jim" <invalid@example.invalid>
>
> | Autoit is a scripting agent that is being picked up in VirusTotal as a
> | Trojan; 10/32 or 31.25% of the listed scan engines. This is not a virus
or
> | malware only it is vulnerable to malicious "script kiddies". Anyone
familiar
> | with this product and want to share their thoughts on this?
> |
>
> Please post the URL of the Virus Total report or post the text of that
report.
>
> -- 
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
date: Mon, 2 Jun 2008 13:38:16 -0400   author:   Jim lid

Re: Autoit    
This is URL:
http://www.virustotal.com/analisis/798791774bb980dbf4795a0a6d2b4051

"Jim" <invalid@example.invalid> wrote in message
news:%23p3Y4dNxIHA.5996@TK2MSFTNGP04.phx.gbl...
> Hi Dave, is this what you need?
>
> File browser.exe received on 06.02.2008 10:48:00 (CET)Antivirus Version
Last
> Update Result
> AhnLab-V3 2008.5.30.1 2008.06.02 -
> AntiVir 7.8.0.26 2008.06.02 -
> Authentium 5.1.0.4 2008.06.01 W32/Malagent
> Avast 4.8.1195.0 2008.06.01 Win32:Trojan-gen {Other}
> AVG 7.5.0.516 2008.06.02 -
> BitDefender 7.2 2008.06.02 -
> CAT-QuickHeal 9.50 2008.05.31 -
> ClamAV 0.92.1 2008.06.02 -
> DrWeb 4.44.0.09170 2008.06.02 -
> eSafe 7.0.15.0 2008.06.01 suspicious Trojan/Worm
> eTrust-Vet 31.4.5837 2008.05.30 -
> Ewido 4.0 2008.06.01 -
> F-Prot 4.4.4.56 2008.06.01 W32/Malagent
> F-Secure 6.70.13260.0 2008.06.02 -
> Fortinet 3.14.0.0 2008.06.02 -
> GData 2.0.7306.1023 2008.06.02 Win32:Trojan-gen
> Ikarus T3.1.1.26.0 2008.06.02 Trojan.Win32.Autoit.D
> Kaspersky 7.0.0.125 2008.06.02 -
> McAfee 5307 2008.05.30 -
> Microsoft 1.3520 2008.06.02 Backdoor:Win32/Agent
> NOD32v2 3150 2008.06.01 archive damaged
> Norman 5.80.02 2008.05.30 -
> Panda 9.0.0.4 2008.06.01 -
> Prevx1 V2 2008.06.02 Malicious Software
> Rising 20.47.00.00 2008.06.02 Trojan.Win32.Malagent.a
> Sophos 4.29.0 2008.06.02 -
> Sunbelt 3.0.1139.1 2008.05.29 -
> Symantec 10 2008.06.02 Trojan Horse
> TheHacker 6.2.92.331 2008.06.02 Trojan/Agent.lf
> VBA32 3.12.6.6 2008.06.01 -
> VirusBuster 4.3.26:9 2008.06.01 -
> Webwasher-Gateway 6.6.2 2008.06.02 -
>
> Additional information
> File size: 43387 bytes
> MD5...: d8dfa157a09614c969373b7e421c103c
> SHA1..: 2a41c4c0c9aedddda57294753895a2bda3b1d4fd
> SHA256: 49b9816a6ab562cf961e19afcc2d2d262aed16037e9d4aaeb42ae821b1e36e2d
> SHA512:
>
d1f6471aa004ef111036ef0148cc839010beee73fe60bfec4c482a1e2d3e3b93<BR>03e7bd65
> 481ff297a02d230591aabd3b1f6daa199a3a589be3c201ff0edee04f
> PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John
> Reiser
> PEInfo: PE Structure information<BR><BR>( base
data )<BR>entrypointaddress.:
> 0x448b30<BR>timedatestamp.....: 0x3e00c9ca (Wed Dec 18 19:17:30
> 2002)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name
> viradd virsiz rawdsiz ntrpy md5<BR>UPX0 0x1000 0x3f000 0x0 0.00
> d41d8cd98f00b204e9800998ecf8427e<BR>UPX1 0x40000 0x9000 0x8e00 7.88
> 804e3e6f0857bd94c28fb9701dd53cfe<BR>.rsrc 0x49000 0x2000 0x1400 3.36
> 34885b13bf5439c8135e7c8eaab09eea<BR><BR>( 6 imports ) <BR>>
KERNEL32.DLL:
> LoadLibraryA, GetProcAddress, ExitProcess<BR>> ADVAPI32.dll:
> RegCloseKey<BR>> comdlg32.dll: GetOpenFileNameA<BR>> GDI32.dll:
> GetStockObject<BR>> SHELL32.dll: Shell_NotifyIconA<BR>> USER32.dll:
> IsIconic<BR><BR>( 0 exports ) <BR>
> Prevx info:
>
http://info.prevx.com/aboutprogramtext.asp?PX5=D9CDF6517B5FFD83A9E7002E360C5D0036ABE1DD
> packers (Kaspersky): UPX, Autoit
>
>
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:exEisT3wIHA.4912@TK2MSFTNGP03.phx.gbl...
> > From: "Jim" <invalid@example.invalid>
> >
> > | Autoit is a scripting agent that is being picked up in VirusTotal as a
> > | Trojan; 10/32 or 31.25% of the listed scan engines. This is not a
virus
> or
> > | malware only it is vulnerable to malicious "script kiddies". Anyone
> familiar
> > | with this product and want to share their thoughts on this?
> > |
> >
> > Please post the URL of the Virus Total report or post the text of that
> report.
> >
> > -- 
> > Dave
> > http://www.claymania.com/removal-trojan-adware.html
> > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
> >
> >
>
>
date: Mon, 2 Jun 2008 13:49:42 -0400   author:   Jim lid

Re: Autoit    
From: "Jim" <invalid@example.invalid>

| This is URL:
| http://www.virustotal.com/analisis/798791774bb980dbf4795a0a6d2b4051
|

I can't help but state the declaration seems to be legitimate and not a False Positive.


-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
date: Mon, 2 Jun 2008 16:19:03 -0400   author:   David H. Lipman DLipman~nospam~@Verizon.Net

Re: Autoit    
ok, thanks.
I think it must be vulnerability of this Autoit; UPX packaging technology
for updates that is flagging it as Trojan/malware. BTW F-Prot was listed as
a packer and I thought this was where I picked it up. Since my first
encounter with this last week and notifying them, they have since removed
it. It is not listed at the bottom of the page now, but Kaspersky is still
listed.

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:eJHKo3OxIHA.2360@TK2MSFTNGP05.phx.gbl...
> From: "Jim" <invalid@example.invalid>
>
> | This is URL:
> | http://www.virustotal.com/analisis/798791774bb980dbf4795a0a6d2b4051
> |
>
> I can't help but state the declaration seems to be legitimate and not a
False Positive.
>
>
> -- 
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
date: Tue, 3 Jun 2008 13:06:02 -0400   author:   Jim lid

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us