What kind of non-lethal code usually triggers an antivirus? (false positives)
Asked Answered
V

2

6

I don't know why, but I've had no problem before and now all of a sudden, this really old, terrible, newbie program that I wrote a long time ago, triggers Malwarebytes... :(

This question is not a duplicate, since the program in question is in (ANSI) C and NOT Delphi...

Here is a virus total scan (5 / 45)

Jotti's malware scan (1 / 22)

Here is my crappy old source code :P

#include <stdio.h>
#include <string.h>
/* This script is by Joe DF*/
main()
{
    char input[999];
    int charcount = 100;
    gets(input);
    printf("%d\n", strlen(input));
    printf("%d", numlen(charcount));
}

numlen(int num)
{
    char temp[999];
    sprintf(temp, "%d", num);
    int count = strlen(temp);
    return count;
}

This could be just a simple mistake... but why? To me this seems harmless! Even if this is just a mistake, what usually triggers a false positive? Is it simply the file's signature? Timestamp?

Ventose answered 23/4, 2013 at 4:59 Comment(2)
Have you tried running this program on a freshly installed OS?Coyne
@AnishRam will try soon...Ventose
E
0

I believe your compiled code was corrupted by the virus, replicating as itself. This has nothing to do with your code. If you compile your code again, and rescan, the malware warning will be gone.

Epithelioma answered 23/4, 2013 at 5:4 Comment(6)
well, actually i immediately recompiled it, ran it and right-a-way Malwarebytes had prevented execution and said "Trojan.Menti"... unless i have a virus hiding somewhere... hmm i running a full system scan right now! :OVentose
You can also try compiling it in some other machine. But yeah, getting rid of the virus is important.Epithelioma
hmm, its weird, if i compile another C program i recently made.. it seems to be clean... so i think that probably, it is simply a false positive... hmmVentose
I doubt if the creator of a virus infecting your computer would be intelligent enough to create a modified C compiler that could modify the executables it produces to have a self-replication process that emulates the malignant nature of a virus. But then again, virus-smiths are tricky fellows.Hunyadi
@KeshavSaharia, the classic example is Reflections on Trusting Trust by Ken Thompson.Rickie
@KeshavSaharia: Seen it for real. It was much simpler than that. It modified the binary to infect binaries. It wasn't any kind of smarts. A file copy program would have been infected to infect every binary it copied.Pretense
I
-1

If you are sure your code is not malicious and it's false positive you should get a certificate and sign your application and it really works!

Most of times virus total flag empty exe produced by compiler like 1 to 5... But when you sign your code with a valid certificate they will be gone!

Imaginative answered 27/6, 2021 at 21:55 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.