關於 SM Converter 報毒的事情...

最近有使用者來信告知 360 會將 SM Converter 報毒，原則上這個軟件從 1.010 版之後就沒更新了，之前沒這個問題現在才有，所以比較可能的原因是由於防毒軟件更新病毒碼而產生的問題。當然這會產生疑慮，畢竟警報是一直在響的。我個人只能針對自己的源碼部分做保證沒有這方面的問題...事實上那些源碼的開發也超出我的能力(完全沒概念，所以根本寫不出來)，但是我是利用 Autoit 作開發與封裝，所以這部分我是沒辦法完全了解，但就我自己所使用的防毒軟體 (小紅傘) 是沒有報毒的情況。

查了一下 Autoit 官網上的文章，似乎這件事情已不是新鮮事了，將原文節錄在這裡讓有疑慮的朋友可以了解。

Are my AutoIt EXEs really infected?

If you have been using AutoIt for any length of time you will know that it is a great, and powerful scripting language. As with all powerful languages there comes a downside. Virus creation by those that are malicious.

AutoIt has no virii installed on your system, and if a script you have created has been marked as a virus, (and you're not malicious) then this is a false positive. They found a set of instructions in an AutoIt EXE out there somewhere, took the general signature of the file, and now all AutoIt EXE's are marked (or most of them). This can be due to several reasons.

• AutoIt is packed with UPX. UPX is an open source software compression packer. It is used with many virii (to make them smaller).
• Malicious scripter got the AutoIt script engine recognized as a virus.

And I am sure there are more ways your executable could be marked, but that covers the basics.

Now I am sure you are wanting to know what you can do to get back up and running without being recognized as a virus. You have to send in a report to the offending AV company alerting them to the false positive they have made. It never hurts to send in your source code along with a compiled exe, to help them realize their mistake.

..............底下還有另一位使用者所詢問的文章

Malwarebytes actively believes AutoIt is malware

I wanted to drop by and point out some goings-on with what is, in my opinion as a PC repair tech, the #1 malware removal solution, Malwarebytes' Anti-Malware, versus false detections of compiled AutoIt scripts. As of the definitions around the beginning of this month, Malwarebytes is now flagging nearly all compiled AutoIt EXEs as "BackDoor.Bifrost".

The worst part about it is, they refuse to change their stance about detecting AutoIt executables as malware/PUPs. I haven't yet gotten a reply to my request for "reconsidering" this decision. It's a pretty bad deal, considering AutoIt is no different from any of the hundreds of other programming languages out there (BTW, congrats on that, AutoIt team! Excellent work on that).

I wanted to bring this to the AutoIt community's attention, see what you all think of it. I'm just one person and it seems like I'm the only person that has a problem with AutoIt being blanketed with the "malware" definition. Maybe the AutoIt team can help the Malwarebytes team with the detection of malware written with AutoIt... instead of just calling it all malware!

如果以上面這位網友的敘述，我想只要我是使用 Autoit 來開發程序，會被報毒的機率就是存在的.... So... 看起來面對這個報毒的情況我目前是無能力可解的，這部分是比較抱歉。