6

I don't know why, but I've had no problem before and now all of a sudden, this really old, terrible, newbie program that I wrote a long time ago, triggers Malwarebytes... :(

This question is not a duplicate, since the program in question is in (ANSI) C and NOT Delphi...

Here is a virus total scan (5 / 45)

Jotti's malware scan (1 / 22)

Here is my crappy old source code :P

#include <stdio.h>
#include <string.h>
/* This script is by Joe DF*/
main()
{
    char input[999];
    int charcount = 100;
    gets(input);
    printf("%d\n", strlen(input));
    printf("%d", numlen(charcount));
}

numlen(int num)
{
    char temp[999];
    sprintf(temp, "%d", num);
    int count = strlen(temp);
    return count;
}

This could be just a simple mistake... but why? To me this seems harmless! Even if this is just a mistake, what usually triggers a false positive? Is it simply the file's signature? Timestamp?

Thomas Dickey
  • 51,086
  • 7
  • 70
  • 105
Joe DF
  • 5,438
  • 6
  • 41
  • 63

2 Answers2

0

I believe your compiled code was corrupted by the virus, replicating as itself. This has nothing to do with your code. If you compile your code again, and rescan, the malware warning will be gone.

Pradeep Pati
  • 5,779
  • 3
  • 29
  • 43
  • well, actually i immediately recompiled it, ran it and right-a-way Malwarebytes had prevented execution and said "Trojan.Menti"... unless i have a virus hiding somewhere... hmm i running a full system scan right now! :O – Joe DF Apr 23 '13 at 05:09
  • You can also try compiling it in some other machine. But yeah, getting rid of the virus is important. – Pradeep Pati Apr 23 '13 at 05:10
  • 1
    hmm, its weird, if i compile another C program i recently made.. it seems to be clean... so i think that probably, it is simply a false positive... hmm – Joe DF Apr 23 '13 at 05:14
  • 1
    I doubt if the creator of a virus infecting your computer would be intelligent enough to create a modified C compiler that could modify the executables it produces to have a self-replication process that emulates the malignant nature of a virus. But then again, virus-smiths are tricky fellows. – Keshav Saharia Apr 23 '13 at 05:21
  • 1
    @KeshavSaharia, the classic example is [Reflections on Trusting Trust](https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf) by Ken Thompson. – dfeuer Feb 25 '15 at 14:41
  • @KeshavSaharia: Seen it for real. It was much simpler than that. It modified the binary to infect binaries. It wasn't any kind of smarts. A file copy program would have been infected to infect every binary it copied. – Joshua Jan 22 '19 at 04:41
-1

If you are sure your code is not malicious and it's false positive you should get a certificate and sign your application and it really works!

Most of times virus total flag empty exe produced by compiler like 1 to 5... But when you sign your code with a valid certificate they will be gone!