Macros
In November 2007, we experienced an unusual event in which Symantec AntiVirus started detecting all of the AutoIt scripts used and being tested in the department as the W32.Blastclan worm. This turned out to be a false positive. This is the result of a malicious individual using the same AutoIt scripting program to write a virus. Once the virus software makers discover this virus, they add its "signature" to their virus definition files. The problem is the signature will appear in nearly all AutoIt scripts, causing the virus detection software to think that every script is a match. It will of course find real viruses, but at the same time it will disable and remove hundreds (maybe thousands) of legitimate AutoIt scripts.
The workaround to the problem we had in November 2007 was solved by upgrading to a newer version of AutoIt and recompiling the scripts. Another solution would involve sending the script and source code to Symantec and hope they provide a fix. In any case, this seems to be a rare occurrence, but please keep this in mind if your AutoIt scripts suddenly disappear and Symantec AntiVirus is sending you lots of those friendly "Aha, I found a virus!" messages.
For further information: Are my AutoIt EXEs really infected?
