Jump to content

AutoHotKey False Positive?

Recommended Posts

I just recently downloaded and installed AutoHotKey, which can help remap keys and automate tedious tasks on Windows. It is open source and appears to be a completely legitimate program.

I believe MBAM gave me a false positive. Here is the log (ran in Dev mode):

Malwarebytes' Anti-Malware


Database version: 6814

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

6/8/2011 7:12:14 PM

mbam-log-2011-06-08 (19-12-04).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 46620

Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\program files (x86)\autohotkey\Compiler\autohotkeysc.bin (Trojan.Logger) -> No action taken. [b9e521f9f7095fa17126cbb214f0fb05]

Official site:


The file in question is attached as a ZIP.

I did a search for "AutoHotKey" on these forums. Although I found one guy who used it and some malware that "incorporates" it as some sort of component, there does not seem to be a case of someone downloading the real program for everyday purposes and then getting an MBAM warning.


Share this post

Link to post
Share on other sites

The new Malwarebytes free version ( says this is a trojan:

C:\Program Files\AutoHotkey\Compiler\AutoHotkeySC.bin

What I have currently installed is:



I think it's a false positive. I've had this program installed for a while, and nothing has ever been detected.

The new Malwarebytes free version icon in Task Bar also has a number by it, 33591187 ... that seems different.

I did the

Run \ mbam.exe /developer

I set the suspected trojan to Ignore, went to Main Menu, and it said if I did that, I'd lose the log ... there was no other way to get out of it - so I don't see how to get the log file to post here.

I don't have WinZip, should I just upload the .bin file? It's only 412 KB.

Share this post

Link to post
Share on other sites

Thank you for reporting this. No need for a sample. I have a copy of said file. It shall be fixed in the next update.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.