Compiled executable seen as Trojan threat

Question

I've converted a very simple bat file to an EXE.

my C file looks like this:

#include <stdlib.h>
int main(int argc, char const *argv[]) {
    system("set PATH=%PATH%;%CD%\bin\ffmpeg");
    system("node server.js");
    return 0;
}

My resources.rc looks like this:

#include <windows.h>

A ICON MOVEABLE PURE LOADONCALL DISCARDABLE "favicon.ico"

I compile it using:

windres -i resource.rc -o resource.o
tcc-o mediacenterjs.exe main.c resource.o 

This works great! But Avast and several other anti-virus scanners are seeing my EXE as a threat. A "I-Worm/Nuwar.L" Trojan to be precise.

What can I change or add to the code so it won't get picked up as a virus.

Answer 1

One way to find out is to simply omit one of the lines to find out which one is triggering (or if it's both). With that said, your code isn't really very safe because it relies on the path settings of the computer to point to the correct node executable.

Also, you might want to check to see if your path settings actually persist after the first call to system runs.

Answer 2

It's simpler than you think, sometimes when we are messing with sockets as well the antivirus may complain. The same can happen if you try to change something in the system, probably it's recognizing your application as a thread not because it has a virus, but because of the behavioral analysis of the antivirus, as it has several ways to detect, such as signature, and so on.

The thing that you can do is to debug your application in order to find where is the problem, maybe it's in the system function which is asking directly to the system to change something that might be crucial to the system (the antivirus doesn't know that or does), maybe you can handle this another way using the API.