Why does AVG mark my C ++ program with a virus?
For example, here is a C ++ program that AVG detects as a virus:
#include <cstdlib> #include <iostream> using namespace std; int main(int argc, char** argv) { cout << "done"; return 0; }
Running the executable, I get an AVG popup with this text:
AVG Resident Shield Alert Threat detected! File name: c:\Documents and Settings\eleschinski\Desktop\workspace\CppApplication_2\dist\Debug\MinGW-Windows\cppapplication_2.exe Threat name: Trojan horse Agent3.CJAI (More Info) Move to Vault (Reccommended) Go to file Ignore the threat
Screenshot of what AVG does:
Summary of what's going on here?
AVG antivirus is a program that runs on your computer that uses heuristics and other inaccurate algorithms to determine which programs have unwanted evil plans. AVG accepts the contents of your executable file as input and decides that your program is unsafe.
Anti-virus authors use the Enumerating Badness strategy to detect malicious programs in the world, and it comes back to bite them, because this is the wrong approach to the problem of malware detection. One problem with enumerating Badness is false positives, the problem you are experiencing right now.
Steps to better understand the problem:
Step 1 .. First you want to be sure which AVG file is complaining about. To do this, go to AVG β Tools β scan file. Select the executable file or the file specified in your threat window. AVG instantly scans a file and recommends adding it to the repository. At this point, you may know that AVG considers this file to be malware.
Step 2. Get a second opinion on this malware / virus file, however, get 50 independent second opinions. Go to the website https://www.virustotal.com , where you can download your file for free, and it will be analyzed with about 50 different antivirus programs, if most of them consider it to be a virus, then AVG succeeded. But if only a few antiviruses mark your file as evil, then it is possible that AVG has a false positive.
Step 3. A simple way to convince AVG that your C ++ program is safe is to add the C ++ instruction: system("pause"); at the beginning of your C ++ program and recompile and re-run. For me, AVG then warns me about it, I click ignore, and then it lets me run it anyway. Also, try using "return 1" instead of "return 0" at the end of your main function. This will allow you to run it. If this seems strange, it is. Virus writers are smarter than antivirus authors, forcing antivirus software to see many false positives.
Step 4. See if you can whitelist your program. Go to the Virus Vault in AVG. AVG β History menu β Virus storage. Find the positions that represent your offensive C ++ program and release them from the virus repository or whitelist them and try again.
Decision:
Option 1: Confirm that virus writers win the war against antivirus software. Itβs easier to hide something than to examine everything and reveal all the trouble. AVG cannot tell the difference between a legitimate virus and some of the C ++ program you just created. Get new antivirus software or get an operating system that doesn't need antivirus software (linux), or get along with antivirus software and keep many offline backups outside the company.
Option 2: Tell AVG to stop analyzing files with the .EXE extensions. WARNING this will reduce the ability of AVG to protect your computer from real viruses and malware. Go to the AVG console β Tools β Advanced settings β Antivirus β Resident Shield β Expert settings. You will see a text box with the label: "always scan files with the following extensions." Remove the EXE; from this text box. Save and try restarting your program. AVG will no longer complain about your something.exe executable file.
Option 3: Spell your C ++ program until it is no longer marked by a virus. Add some #include libraries, with the exception of some others. A random change can make all the differences in AVG, making your file malign.
and if anyone from AVG is interested in pursuing this error, here is a false positive executable for the above