Prey's download link claims to have "Trojan.Win32.AutoHK.bi" with it..

34 views
Skip to first unread message

Daniel

unread,
Dec 7, 2009, 11:22:05 AM12/7/09
to Prey-Security
just an FYI

MKH

unread,
Dec 8, 2009, 8:18:42 PM12/8/09
to Prey-Security
Please read the several post on this issue

On Dec 7, 11:22 am, Daniel <danielfinne...@gmail.com> wrote:
> just an FYI

MKH

unread,
Dec 8, 2009, 9:43:00 PM12/8/09
to Prey-Security
It is a false positive.

The beauty of an open source program is that you can see the coding.
If you fear the current cron.exe, look at the coding. If you see
nothing wrong (and there isn't), then compile your own script. You
will see that your script will be detected by antivirus.

The way anti-viruses work:

1) Heuristics--Base on program action
2) Reports- Users reporting the program.
3) Others

As you can see this is not a heuristics issue seeing that the pop-ups
are occurring now, and not during the first days if the release.
So it must be reports. Originally, this started with Kaspersky anti-
virus. (*It appears that an idiot reported it*).

Once one program detects it as malware, other virus programs tend to
mimic the false positives of their competitors (to claim that they are
no less in detection).

However, some virus programs like Microsoft Security Essentials, and
Norton have yet to call this malware--because their testing proves
otherwise.

I am not saying Kaspersky, Avast or AVG is crappy, I am just stating
that in the realm of competition, false positives spread like hot
cakes.

Hope I helped clear the air.

Tomás Pollak

unread,
Dec 21, 2009, 9:50:12 AM12/21/09
to Prey-Security
Yes, as MHK says, this is a false positive.

There's nothing wrong with Prey or with the cron.exe file. In fact,
nothing has changed with the download link since we released 0.3.3.

The problem has to do with the cron.exe file in Windows, which we use
to keep Prey checking for the device's state (as Windows' Task
Scheduler proved not to be the best solution). The antivirus programs
detect the file cron.exe as "AutoHK.bi" (for "AutoHotKey Binary")
since it is written over AHK, but it certainly is not a trojan since
the only thing the program does is to run Prey between your defined
delay in minutes. In other words, cron.exe is an AHK binary but it
certainly does nothing strange or wrong.

The complete source code is available here:

http://github.com/tomas/prey/blob/master/distribution/windows/cron.ahk

I already contacted all the major antivirus software companies and
hopefully we'll get a response from them soon. If anyone wants to give
a hand, you can write to Mcaffee or Kasperksy and let them know that
you're a user of Prey and you're having trouble with the new virus
definitions as well.

Thanks!
Tomás

Reply all
Reply to author
Forward
0 new messages