CODEWITHSUNDEEP
c
Sachin Jain
Sachin Jain

Reputation: 188

C program Accidental Making Virus..?Why

#include <conio.h>
#include <stdlib.h>

main() {
    printf("hello");
    getchar();
}

When I compile the above code the created binary is detected by the AVG Antivirus that immediately delete it.

I got the Threat: Trojan Horse BackDoor.Generic16.BOCF

Why I am Getting It...?

Upvotes: 3

Views: 212

Answers (3)

wallyk
wallyk

Reputation: 57784

I haven't heard of this occurring, but perhaps your C runtime library is infected? This could cause every program produced by static library linking to have the virus. To test this, recompile and link using "dynamic library linking".

While a false positive is a possibility, I doubt it would be detected in a new program created. (Unless it is a peculiar AV package.)

Run a full virus scan of all your files to check. Or switch to an operating system which is less subject to virus attack (Linux, MacOS, etc.) so you don't have to run anti-virus software.

Upvotes: 0

CHIMBO8275
CHIMBO8275

Reputation: 1

I have copied your code exactly and run it successfully in my terminal on my Mac. I would have to say that your problem is that you are creating an executable that is being picked up by your anti-virus software.

Upvotes: 0

Rahul Tripathi
Rahul Tripathi

Reputation: 172528

I agree with paulm and NetVipeC as this looks like a false positive. A false positive is any normal or expected behavior that is identified as anomalous or malicious. The term false positive is used when antivirus software wrongly classifies an innocuous file as a virus.

You may check for details

The major problem that false positives create is that they can easily drown out legitimate IDS alerts. A single rule causing false positives can easily create thousands of alerts in a short period of time. If the assumption is made that an analyst can review one alert every five minutes, the analyst can review around 100 alerts per day. Reviewing one alert every five minutes is too fast for thorough analysis but we can assume that some alerts will not require thorough analysis lowering the average time for analysis. Looking at these numbers it is obvious that only a small number of false positives can drown out legitimate alerts. The alerts for rules that causing repeated false positives are often ignored or disabled.

Upvotes: 3

Related Questions