Hi!
I did a weekly scan with Trend Micro Internet Security (TMIS). On my desktop and on my two laptops. I got virus warnings two different PortableApps installers I had downloaded.
The first was for GnuCashPortable. The file "oxf201.dtd" was listed as having a virus.
The second was for AbiWordPortable. The file "AbiWord.profile" was listed as having a virus.
It was also the same virus for both according to TMIS; "TROJ_Generic.DIT"
I don't know if anyone else had any warnings like this. I was surprised; I've had no problems with anything I've downloaded from PortableApps.Com. I hope it's just a matter of TMIS being overzealous. But I got rid of those two just to be on the safe side. Can't be too careful and all that.
Anywyay, just thought I'd bring that to your attention, just in case there really is a nasty virust lying about in those files...
MM
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
try doing different virus scans with different anti-virus programs such as ClamWin Portable found here and see what happens. I think sometimes, the anti-virus program mistakes files for viruses. I use both symantec and ClamWin Anti-Virus for my virus scans whenever one thinks it has found a virus.
Trend Micro has again been having false positive issues this week on a couple packages. You should report the error to them (they don't allow publishers to report errors).
This seems to happen a lot with Trend Micro.
Sometimes, the impossible can become possible, if you're awesome!
This mornings update turned a previously unnoticed TruecryptPortable by NeoRame, into a spyware or virus. "Contains recognition pattern of the SPR/Autoit.Gen program". I see the Autoit name there and know about the autoit (false positive virus)issues. I don't use this, but with the several known false positive detections, (apps mentioned here, btw) that I already have, are really annoying.
that you anti-virus sofware brands all auto-it apps as possible viruses, the correct solution is not to stop using autoit, which is just a programming language, after all, but to demand that your AV supplier fix their broken product...
If they are unwilling or unable to do so, move to another anti-virus product.
A good chunk of antivirus apps flag most AutoIT scripts as viruses/malware. AutoIT is popular for malware. Since it's just the AutoIT EXE with the script tacked onto the end of it (and it allows you to encrypt said script with no way for an end user or antivirus product to analyze it) the signature is the same for the base AutoIT EXE and most malware. That's why AutoIT is highly discouraged here. We only have two apps that use it. Xenon, which is switching to C++ for version 2. And JkDefrag Portable, which will hopefully switch, too.
Sometimes, the impossible can become possible, if you're awesome!
It is unfair of AVs, or anyone else, to ban something because .01% of it's users use it maliciously. Guns kill and they are not banned. Cigarettes kill and they aren't banned. Malware can be written in numerous languages should all compilers be banned? Banning is too simplistic a way to control something.
Ed
It's a simple reason, really. From a technical perspective, the malware and the handy autoit script you've 'compiled' is the same code when analyzed by an antivirus or antimalware utility. This is due to the fact that all autoit scripts aren't actually compiled. It's just the autoit exe with the script stuck to the end of it.
So, an antivirus company would have to manually analyze the autoit script attached. But, they can't because autoit lets you encrypt the script so it is unreadable. So, the situation could be solved by the autoit developers giving everyone the ability to actually analyze the script that will run before running it, but they won't. The only choice, really, is to ditch it all.
And since this is the reality of the landscape in terms of antivirus/antimalware and autoit, we actively discourage its use. There are plenty of alternatives that don't have this issue. Many are open source, too.
Sometimes, the impossible can become possible, if you're awesome!
How does one contact TrendMicro about false positives... I noted a few days back that I received a false positive from TM after updating notepad++ to 5.2, but I could not find any way to submit a false positive. Do you think it is because it is my work PC and I don't have permissions thereto?
/s/ When life turns your dreams to dust, vacuum