Answer the question
In order to leave comments, you need to log in
Why is the compiled program detected by the total virus?
I made a console application with Discord RPC support ( guide ) to make animated statuses in the DS. They asked me to upload the .exe, I sent it, to which they sent me a screen with VT with 9 detections, mostly "Gen:Variant.Razy.837297". I didn’t find anything by name, except that they write “delete a super dangerous trojan, it will burn the computer”. How to fix it so that there are no questions?
Answer the question
In order to leave comments, you need to log in
Modern antiviruses not only compare signatures with a database. They also keep statistics on the number of times each startup file has been used.
And if your file has been launched by very few users, and there are few feedback from them, it will be considered insecure.
In your case, it may be the wrong name, but the reason is the same.
False alarm. Antiviruses look for viruses by their signatures. And just so it happened that in some virus there are the same bytes as in your compiled program.
You can try another compiler, other compilation parameters (for example, a different level of optimizations). You can try to rewrite some piece of code.
You can send complaints to anti-virus companies, maybe they will clean up the database, but this is not accurate.
A match with the base, or a heuristic, or indeed a virus.
I had a real case when a friend wrote a utility and distributed it to other friends, supported it. The fact that the antivirus swears, asked to be ignored, such as a false positive. It became interesting to me what kind of virus the antivirus found, and I began to dig (by the name of the virus). It turned out that this virus really existed, it sat in the compiler itself and infected all compiled programs. I had to tell him later, and this acquaintance even seemed to be a little offended, because I made him look like a sucker.
Well, look at the giants. For example, DrWeb and Kaspersky. If they are silent, then other antiviruses most likely have a false positive. Antivirus can be tuned to "better overprotected than underprotected", such settings are not suitable for home use, but they are suitable for organizations where only popular and time-tested software is desirable. In addition, if the name of the virus contains the word "suspicious", then this once again indicates that the virus was not found, but the heuristic worked.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question