« previous next »
Pages: [1]   Go Down

Author Topic: When I compile a program, Avast tells me it's a virus.  (Read 2965 times)

0 Members and 1 Guest are viewing this topic.

ArgosyEigh

  • Guest
When I compile a program, Avast tells me it's a virus.
« on: April 06, 2009, 01:48:55 AM »
Writing a program in C to open a PE format executable, dump the different sections of content(Headers, .idata,.text, etc...) into a bunch of .bin files.

 Whenever I compile the program On-Access protection tells me program 'contains a sample of Win32:Agent-DFS[trj]!'. Re-scanning it after it's compiled or trying to run it does the same.

Pretty sure it's not an infected compiler, since my entire computer computer scans clean, no other program I compile causes warning, and program only scans bad if I add certain lines I've made sure are safe to the program.

So my question is, what could be causing this? Program doesn't alter memory space of another program, alter registry or system files, etc...Will padding the program executable to increase its size stop problem?
Logged

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89295
  • No support PMs thanks
Re: When I compile a program, Avast tells me it's a virus.
« Reply #1 on: April 06, 2009, 02:56:22 AM »
You could also check the offending/suspect file (compiler and a couple of the compiled files) at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ArgosyEigh

  • Guest
Re: When I compile a program, Avast tells me it's a virus.
« Reply #2 on: April 07, 2009, 09:02:55 AM »
VT found nothing, turns out Avast was probably just reacting to a segfault I hadn't caught in the code. Yeah, I feel dumb.

/facepalm @ self  :-[

Thanks for the help.
Logged

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89295
  • No support PMs thanks
Re: When I compile a program, Avast tells me it's a virus.
« Reply #3 on: April 07, 2009, 04:44:28 PM »
What not even avast on the VT results ?

Thought that isn't unusual to not have avast detect on VirusTotal when it does so on your system. VT isn't able to update the VPS in real time as the user is and this is often the cause. Remember the point of submitting it to VT is to see what the other scanners find.

If avast is still detecting it on your system and you have checked that the code doesn't have any faults then submit to avast for further analysis, info in the how to report and exclude link.

Welcome to the forums.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security
Pages: [1]   Go Up
« previous next »