为什么 AVG(防病毒)会检测到由 Dev-C++ 生成的可执行文件?作为病毒?

发布于 2024-12-13 04:12:42 字数 312 浏览 1 评论 0原文

我创建了一个默认的 Dev-C++ 项目,它不是通常的 return 0;,而是 return EXIT_SUCCESS;,在编译和运行它时,我的防病毒软件提醒我:该可执行文件是病毒。

我用 Visual C++、Eclipse 和 Codeblocks 尝试了相同的代码,它们都成功编译了它......所以我在这里有点困惑......

- 为什么 AVG 使用 return EXIT_SUCCESS; 行检测从 Dev-C++ 生成的可执行文件当其他类似的宏工作得很好时,代码>作为病毒?

I created a default Dev-C++ project and instead of the usual return 0;, it had return EXIT_SUCCESS; and upon compiling and running it, I was alerted by my antivirus that the executable was a virus.

I tried the same code with Visual C++, Eclipse and Codeblocks and they all compiled it successfully … so I am a bit confused here..

— Why does AVG detect executables produced from Dev-C++ with the line return EXIT_SUCCESS; as a virus when other similar macros work perfectly fine?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

我不咬妳我踢妳 2024-12-20 04:12:42

为什么 AVG 将我的 C++ 程序标记为病毒?

例如,以下是 AVG 检测为病毒的 C++ 程序:

#include <cstdlib>
#include <iostream>
using namespace std;
int main(int argc, char** argv) {
    cout << "done";
    return 0;
}

运行可执行文件,我会看到带有以下文本的 AVG 弹出窗口:

AVG Resident Shield Alert
Threat detected!
File name: c:\Documents and Settings\eleschinski\Desktop\workspace\CppApplication_2\dist\Debug\MinGW-Windows\cppapplication_2.exe
Threat name:  Trojan horse Agent3.CJAI (More Info)
Move to Vault (Reccommended)
Go to file
Ignore the threat

AVG 功能的屏幕截图:

在此处输入图像描述

摘要,这里发生了什么?

AVG 防病毒程序是在您的计算机上运行的程序,它使用启发式和其他不精确的算法来识别哪些程序具有不需要的邪恶议程。 AVG 将可执行文件的内容作为输入,并确定您的程序不安全。

防病毒作者正在使用枚举恶意策略来识别世界上的恶意软件,并且它会回来咬他们,因为这是检测恶意软件问题的错误方法。枚举不良情况的一个问题是误报,这就是您现在遇到的问题。

更好地了解问题所需采取的步骤:

第 1 步首先,您需要非常确定 AVG 所抱怨的文件是什么。为此,请转至 AVG ->工具菜单->扫描文件。选择威胁窗口中定义的违规可执行文件或文件。 AVG 将立即扫描文件并建议将其添加到保管库。此时您可以知道 AVG 认为该文件本身就是恶意软件。

第 2 步。 获得有关此恶意软件/病毒文件的第二意见,更好的是,获得 50 个独立的第二意见。访问网站 https://www.virustotal.com,您可以免费上传您的文件,大约 50 个不同的防病毒程序将对其进行分析,如果大多数人认为它是病毒的话AVG就做得很好了。但是,如果只有少数防病毒软件将您的文件标记为恶意文件,则 AVG 可能会出现误报。

步骤 3. 让 AVG 相信您的 C++ 程序是安全的一个简单方法是在 C++ 程序的开头添加 c++ 语句:system("pause");并重新编译并重新运行。对我来说,AVG 然后会警告我,我单击“忽略”,然后它会让我运行它。另外,尝试在主函数末尾使用“return 1”而不是“return 0”。它会让你运行它。如果这看起来很奇怪,确实如此。病毒编写者比防病毒编写者更聪明,他们可以让防病毒软件发现许多误报。

第 4 步。查看是否可以将您的程序列入白名单。进入AVG中的“病毒库”。平均值 ->历史菜单->病毒库。找到代表您的违规 C++ 程序的行项目,并将其从病毒库中释放,或将其列入白名单,然后重试。

解决方案:

选项 1:承认病毒编写者正在赢得与防病毒软件的战争。隐藏某些东西比调查一切并发现所有不好的地方更容易。 AVG 无法区分合法病毒和您刚刚创建的某些 C++ 程序。获取新的防病毒软件,或者获取不需要防病毒软件的操作系统(Linux),或者完全不使用防病毒软件并保留大量离线异地备份。

选项 2:告诉 AVG 停止分析带有 .EXE 扩展名的文件。警告这会降低 AVG 保护您的计算机免受真正病毒/恶意软件侵害的能力。进入AVG控制台->工具->高级设置->防病毒->居民盾 ->专家设置。您将看到一个带有标签的文本框:“始终扫描具有以下扩展名的文件”。从该文本框中删除 EXE;。保存并尝试重新运行您的程序。 AVG 将不再抱怨您的 some.exe 可执行文件。

选项 3: 修改您的 C++ 程序,直到它不再被标记为病毒。添加一些#include 库,排除其他一些库。一个无关紧要的更改可能会导致 AVG 判定您的文件是恶意的。

如果 AVG 的任何人有兴趣追查此错误,这里是误报可执行文件以上

Why is AVG labeling my C++ program a virus?

For example, here is a C++ program that AVG detects as a virus:

#include <cstdlib>
#include <iostream>
using namespace std;
int main(int argc, char** argv) {
    cout << "done";
    return 0;
}

Running the executable, I get AVG popup window with this text:

AVG Resident Shield Alert
Threat detected!
File name: c:\Documents and Settings\eleschinski\Desktop\workspace\CppApplication_2\dist\Debug\MinGW-Windows\cppapplication_2.exe
Threat name:  Trojan horse Agent3.CJAI (More Info)
Move to Vault (Reccommended)
Go to file
Ignore the threat

Screenshot of what AVG does:

enter image description here

Summary, What's going on here?

AVG antivirus is a program that runs on your computer that uses Heuristics and other imprecise algorithms to identify which programs have unwanted evil agendas. AVG is taking as input the contents of your executable file, and decided that your program is unsafe.

Antivirus writers are using the Enumerating Badness strategy to identify malware in the world, and it is coming back to bite them because this is the wrong approach to the problem of detecting malware. One problem with Enumerating Badness is the false positives, the problem you experience now.

Steps to take to get a better understanding of the problem:

Step 1. First you want to be very sure what file that AVG is complaining about. To do this, go to AVG -> Tools menu -> scan file. Choose the offending executable or file defined in your threat window. AVG will scan the file instantly and recommend to add it to the vault. At this point you can know AVG thinks this file alone is the malware.

Step 2. Get a second opinion about this malware/virus file, better yet, get 50 independent second opinions. Go to the website https://www.virustotal.com, there you can upload your file for free, and it will be analyzed by about 50 different antivirus programs, if the majority of them think it is a virus, then AVG has done well. But if only a few antiviruses label your file as evil, then it's possible that AVG has a false positive.

Step 3. An easy way to convince AVG that your C++ program is safe is to add the c++ statement: system("pause"); in the beginning of your C++ program and recompiling and re-running. For me, AVG then warns me about it, I click ignore, then it lets me run it anyway. Also, try using 'return 1' instead of 'return 0' at the end of your main function. It will let you run it. If that seems bizarre, it is. Virus writers are smarter than antivirus writers by getting antivirus software to see to many false positives.

Step 4. See if you can white-list your program. Go into the "Virus Vault" in AVG. AVG -> History menu -> Virus Vault. Find the line items that represent your offending C++ program and release them from the virus vault, or white list them, and try again.

Solutions:

Option 1: Acknowledge that the virus writers are winning the war against antivirus software. It's easier to hide something than it is to survey everything and spot all badness. AVG can't tell the difference between a legitimate virus and some c++ program you just made. Get new antivirus software, or get an operating system that doesn't need antivirus software (linux), or go without antivirus software all together and keeps lots of offline offsite backups.

Option 2: Tell AVG to stop analyzing files with .EXE extensions. WARNING this will decrease AVG's ability to protect your computer from real viruses/malware. Go to AVG console -> Tools -> Advanced Settings -> Anti Virus -> Resident Shield -> Expert Settings. You will see a textbox with a label: "always scan files with the following extensions". Remove the EXE; from that textbox. Save and try re-running your program. AVG will no longer complain about your something.exe executable.

Option 3: Fiddle with your C++ program until it stops being labelled a virus. Add some #include libraries, excluding some other ones. An inconsequential change could make all the difference in AVG deciding your file is malignant.

and if anyone from AVG is interested in chasing this bug down, here is the false positive executable for the above

幸福还没到 2024-12-20 04:12:42

也许会让整个事情看起来更轻松AVG 不知何故不喜欢(可能)旧版本的 gcc(因为 Dev-C++ 不再开发)和空程序的组合。

Maybe this will lighten the whole thing as it seems that AVG somehow doesn't like the combination of a (probably) older version of gcc (As Dev-C++ isn't on development anymore) and an empty program.

浅笑轻吟梦一曲 2024-12-20 04:12:42

当你谷歌“define EXIT_SUCCESS”时,你会看到它应该是“0”。

尝试使用 IDA Pro Disassembler + Hex Rays Decompiler 反编译您的可执行文件,看看到底发生了什么:)

When you Google "define EXIT_SUCCESS" you will see that it should be "0".

Try to decompile your executable file using IDA Pro Disassembler + Hex Rays Decompiler and see what is really going on there :)

也只是曾经 2024-12-20 04:12:42

我遇到了类似的问题。

为什么:我不知道

如何避免:请阅读下面

快速解决方案:不影响您的防病毒软件对外界的访问

您知道您的代码在哪个驱动器中...

您知道您的可执行文件将在哪个驱动器中获得生成[因为我们可以配置它]

将其放入您的防病毒例外列表中。

输入图片此处描述

瞧..
不再有弹出窗口

I faced similar issue.

Why : I do not know

How to avoid : Please read below

Quick solution : Without affecting your antivirus for outside world

You know in which drive your code is...

You know in which drive your executable will get generate [since we can configure that]

Put it in your antivirus exception list.

enter image description here

Voila..
no more pop ups

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文