0

I have developed an application that does the following:

(Using System.IO) Create, modify, and delete files

(Using DotNetZip) Extract downloaded zip files

(Using System.Net) Download files from a private server

(Using System.Reflection) Extract embedded dll and exe files onto the application's directory.

(Using System.Diagnostics) Start external processes such as the browser, and FontReg.exe for registering system fonts (is also the same file embedded into the application)

Many of these features can run on application startup. Which one of these (or all?) are causing the application to be detected as a virus, specifically a trojan? My guess is the embedding of another exe is the major one.

Avast and windows defender (at least the ones I know are) detect it as a trojan. Windows defender says it is a Trojan: Win32/Spursint.F!cl https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan%3AWin32%2FSpursint.F!cl&threatid=2147717281&enterprise=0

Willster419
  • 114
  • 1
  • 7
  • 2
    Your hunch is probably right. I too would guess that the embedding of a dll/exe is detected by your AV as potentially malicious. –  Apr 29 '17 at 00:11
  • What product is detecting it as a trojan and what exactly is it reporting? – David Schwartz Apr 29 '17 at 00:12
  • 1
    Sounds like very suspect behavior, what is the use case? – Aluan Haddad Apr 29 '17 at 00:12
  • You have to be more specific. My shot would be that you are creating and deleting files multiple times and this behaviour may sometimes be caught as suspicious by your anitivirus – NicoRiff Apr 29 '17 at 00:41
  • To be more specific, it is a modpack installer for a game, hence the downloading, extracting, and modifying files. If you need the github code I can provide that too. The products that are detecting it are Windows Defender and avast. (At least the ones I know are) Updated the post to put what it is detecting – Willster419 Apr 29 '17 at 00:54

1 Answers1

2

I figured out the issue. I was having it download direct exe files using system.net, which under many antivirus and malware programs would detect it as a virus. Simple solution was to put the exe in a zip and download it that way.

Willster419
  • 114
  • 1
  • 7