Visual Studio 2015 Community - Trojan HEUR/QVM03.0.Malware.Gen

Question

I created a very simple Windows form project in Visual Studio 2015, with only 1 button, that shows 1 message box on click.

I compiled it and sent the file the file to a friend, but he scanned it with Virustotal, where the result was this. One AV detects it as HEUR/QVM03.0.Malware.Gen.

What is the problem here?

Answer 1

At the time of this post, activating Enable ClickOnce security settings and setting the Build Configuration to Release will avoid all false positives. Of course, nothing stop Qihoo or another AV vendor to later naively flag all .EXE as malware.

Answer 2

Virus Total scans the uploaded file with a lot of different antivirus products. Some of these product are good, some are great, but some are also poor. This is the reason why some of these products will give a false positive on even a simple Windows Forms application.

Some antivirus vendors go as far as detecting any executable (*.exe file) as "malware" or "suspicious" if it does not have a digital signature. This is a very bad approach and a lot of independent developers have had problems because of this. It is easy for a big company which creates some commercial software to acquire and buy a digital certificate, which will be used to sign software, but this is very big problem for an independent developer working on a freeware app.