Content
AutoHotKey
- Type
- Program
- SubType
- Win32
- Discovery Date
- 05/21/2007
- Minimum DAT
- 5035 (05/21/2007)
- Updated DAT
- 5342 (07/18/2008)
- Minimum Engine
- 5.1.00
- Description Added
- 05/21/2007
- Description Modified
- 07/14/2008 1:58 AM (PT)
Tab Navigation
Characteristics
AutoHotKey is a script language for Microsoft Windows allowing a user to automate basic actions like accessing files, modifying the registry, launching applications or downloading files. It also allows to define new keyboard and mouse shortcuts.
AutoHotKey scripts can be run on systems where the AutoHotKey interpreter is installed or compiled as standalone binaries.
Malicious programs generated with AutoHotKey are generally compiled as standalone binaries, allowing them to run even if the AutoHotKey interpreter is not installed.
AutoHotkey compiled binaries are always packed, allowing to hide malicious code, and making them potentially undesirable in corporate environments.
Such binaries are likely to have a size greater than 200KB.
Several worms written in the AutoHotKey language have been seen in the wild.
Removal
All Users:
Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:
1.Disable System Restore (Windows ME/XP only).
2.Update to current engine and DAT files for detection and removal.
3.Run a complete system scan.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
General repair may be unsuccessful in some instances. If this occurs, please submit a sample for further evaluation.
Aliases
Aliases
-
N/A