False positive on AutoIT and AutoIT compiled scripts

TrojWare.Win32.PSW.XYOnline.~AJ@4348811 C:\Program Files\AutoIt3\Aut2Exe\AutoItSC.bin
TrojWare.Win32.PSW.XYOnline.~AJ@4348811 C:\user_local\ProfileOpen.exe

These are part of the well known scripting toolset AutoIT, and a compiled script written using that toolset. We create a bunch of administrative tools using this. It is found in the most recent released version of CIS.


We have identified this false-positive and will be fixed in next CAV update.

Thank you for reporting.

Do you not have Scite for AutoIt installed? Because it also triggers on thehook.dll for me. (Used for the macro recorder) Oddly enough, when trying to submit the .dll, CIS gave me a message that this was already on the safelist and I couldn’t submit it. So apparently D+ was already aware of its benign nature, but not the AV…

Anyway, I sent them in a few days ago. It’s good to hear it’s now remedied. :slight_smile:

False Positive has been fixed in our DB version ‘973’

Thanks for reporting .


I thought sureshk said AutoItSC.bin was added to the safe list and would be in DB version 973.

It comes up again now, but as a different name…

Hi HeffeD,

The false positive was fixed with the latest base update