Oh my, I laughed a lot reading these postings about viruses. It's nothing new that Autoit based executables are recognized as malicious. These false positives can occur if UPX is used while compiling or some bad guys published hundreds of viruses based on same autoit version, you can read more about it in official Autoit forums: http://www.autoitscript.com/forum/topic/34658-are-my-autoit-exes-really-infected/ http://www.libraries.psu.edu/psul/cataloging/techresources/macros/autoit_docs/false_positives.html The problem with Autoit is that all executables compiled with same Autoit Version are very similar. In each autoit executable an autoit interpreter and lots of standard functions are included. That means that each autoit executable contains 80% identical data and only 20% self written source code. Antivirus companies create something like fingerprints of parts from these executables to recognize other modified programs containing same virus. So it can happen that these fingerprint is taken from part that is common for every script compiled with autoit version x. That expalins too why there can be differences between program versions of beencode editor. Sometimes older false positives are corrected by antivirus updates, sometimes they are not (because devs don't contact all companies). Sometimes there are no or very less viruses published with compiler version, so there are no or very less false positives. Sometimes there are a lot. With using upx there is the same problem. It's a common compression algorithm used by many compilers not only autoit. False positives can occur too if program acts like many viruses, for example sending data via internet, accessing/writing registry, using remote access features or calling some dll functions of windows. So for example the tool "puty" is often recognized as a virus. Things like that are normaly recognized by heurisitic virus search, meaning they don't can find a signature in database, but they find behaviour suspicious. Some antivirus tools do a good job some do a bad job. So if some small and unknown antivirus tool says this is a virus you should not trust blindly in it. If majority does not detect anything you can be relative sure that there is nothing to detect. If you are unsure send file to the biggest companies to reevaluate it and check again some weeks later. If you are very paranoid don't use closed source software at all and use only open source instead. So you can review source code and compile it yourself. To show how funny some results can be i wrote a very simple script containing all available standard includes and compiled it with UPX ans max compression: Sourcecode: #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Compression=4 #AutoIt3Wrapper_UseX64=n #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** #include <Array.au3> #include <AVIConstants.au3> #include <BorderConstants.au3> #include <ButtonConstants.au3> #include <Clipboard.au3> #include <Color.au3> #include <ColorConstants.au3> #include <ComboConstants.au3> #include <Constants.au3> #include <Crypt.au3> #include <Date.au3> #include <DateTimeConstants.au3> #include <Debug.au3> #include <DirConstants.au3> #include <EditConstants.au3> #include <EventLog.au3> #include <Excel.au3> #include <File.au3> #include <FileConstants.au3> #include <FontConstants.au3> #include <FrameConstants.au3> #include <FTPEx.au3> #include <GDIPlus.au3> #include <GDIPlusConstants.au3> #include <GuiAVI.au3> #include <GuiButton.au3> #include <GuiComboBox.au3> #include <GuiComboBoxEx.au3> #include <GUIConstants.au3> #include <GUIConstantsEx.au3> #include <GuiDateTimePicker.au3> #include <GuiEdit.au3> #include <GuiHeader.au3> #include <GuiImageList.au3> #include <GuiIPAddress.au3> #include <GuiListBox.au3> #include <GuiListView.au3> #include <GuiMenu.au3> #include <GuiMonthCal.au3> #include <GuiReBar.au3> #include <GuiRichEdit.au3> #include <GuiScrollBars.au3> #include <GuiSlider.au3> #include <GuiStatusBar.au3> #include <GuiTab.au3> #include <GuiToolbar.au3> #include <GuiToolTip.au3> #include <GuiTreeView.au3> #include <HeaderConstants.au3> #include <IE.au3> #include <ImageListConstants.au3> #include <Inet.au3> #include <IPAddressConstants.au3> #include <ListBoxConstants.au3> #include <ListViewConstants.au3> #include <Math.au3> #include <Memory.au3> #include <MemoryConstants.au3> #include <MenuConstants.au3> #include <Misc.au3> #include <NamedPipes.au3> #include <NetShare.au3> #include <Process.au3> #include <ProcessConstants.au3> #include <ProgressConstants.au3> #include <RebarConstants.au3> #include <RichEditConstants.au3> #include <ScreenCapture.au3> #include <ScrollBarConstants.au3> #include <Security.au3> #include <SecurityConstants.au3> #include <SendMessage.au3> #include <SliderConstants.au3> #include <Sound.au3> #include <SQLite.au3> #include <SQLite.dll.au3> #include <StaticConstants.au3> #include <StatusBarConstants.au3> #include <String.au3> #include <StructureConstants.au3> #include <TabConstants.au3> #include <Timers.au3> #include <ToolbarConstants.au3> #include <ToolTipConstants.au3> #include <TreeViewConstants.au3> #include <UDFGlobalID.au3> #include <UpDownConstants.au3> #include <Visa.au3> #include <WinAPI.au3> #include <WinAPIError.au3> #include <WindowsConstants.au3> #include <WinNet.au3> #include <Word.au3> MsgBox(0,"I am a virus","eicar loves me and pentagon sucks") This script only contains a simple harmless msgbox. Compile it as IamAvirus.exe and let's check results: http://www.virustotal.com/file-scan/report.html?id=7fa3dccc2047d0fb84c4c69dfb17fa130a542d62c88a8bc5b184864cff7300dc-1313492952 K7AntiVirus 9.109.5017 2011.08.15 Trojan SUPERAntiSpyware 4.40.0.1006 2011.08.16 Trojan.Agent/Gen-Goo