C language program is detected as a virus
Solution 1
Looks like a false-positive. Because modern viruses use polymorphism to hide from anti-virus programs, the anti-virus program has to report even partial matches, and apparently your compiler with the given source code produces a partial match to that malware.
Solution 2
Virus scanners use heuristics and signatures to detect vulnerabilities. False positives are unavoidable. Your program seems to trigger the heuristic. Presumably its checksum, file size or other characteristics match a known virus. This is seconded by the fact that a small change is sufficient to resolve the problem.
EDIT Calling your application Virus.exe is a pretty unfortunate choice, and I'd presume it will trigger most virus scanners quickly (although it's certainly not a perfect name for a real virus ...).
Solution 3
See http://www.viruslist.com/en/viruses/encyclopedia?virusid=1857 .
My guess is that Antivir scans through text strings that DOS/Candy contains, and since the one in the second piece of code is like the one it's looking for, Antivir detects the compiled executable as a virus.
Solution 4
I think you have a real virus somewhere, that perhaps have modified the standard libraries :D Or simply the antivirus detects a pattern in the executable.
Sagar Kothari
iOS App Developer, Android App Developer, ReactJS Developer, Flutter
Updated on July 09, 2022Comments
-
Sagar Kothari almost 2 years
#include<stdio.h> #include<conio.h> union abc { int a; int x; float g; }; struct pqr { int a; int x; float g; } ; void main() { union abc b; struct pqr c; clrscr(); b.a=10; textbackground(2); textcolor(6); cprintf(" A = %d",b.a); printf("\nUnion = %d",sizeof(b)); printf("\nStructure = %d",sizeof(c)); getch(); }
I have saved this program as virus.cpp. I am using Turbo C compiler to compile this program and run from Turbo C (Ctrl + F9).
I am using Windows 7 and I have installed Avira AntiVir virus system.
When I tried to run above program, it creates a worm (DOS/Candy). I believe there is nothing wrong in program.
Now here is something special. Execute the same program with following difference. Here the only difference is space between
\n
:#include<stdio.h> #include<conio.h> union abc { int a; int x; float g; }; struct pqr { int a; int x; float g; } ; void main() { union abc b; struct pqr c; clrscr(); b.a=10; textbackground(2); textcolor(6); cprintf(" A = %d",b.a); printf("\n Union = %d",sizeof(b)); printf("\n Structure = %d",sizeof(c)); getch(); }
The difference is only \n and space. My question is, why is my simple program is detected as virus?
Here is another code sample, this time for C++:
#include<iostream.h> #include<conio.h> class A { int a,b; public: A() { a=0;b=0; } A(int x) {a=x; b=0; } A(int x,int y) { a=x; b=y; } ~A() { cout<<"All things are deleted."; } void get() { cout<<"\nA = "<<a; cout<<"\nB = "<<b; } }; void main() { A a1(5,10); clrscr(); a1.get(); getch(); }
When I run this program it gives "Virus Warning" - Even it is not an virus. Now, the tragedy is when you remove destructors, it won't detect it as virus.
Here is the screen shot and similar question:
C Language - \n - creating virus
The question is how, and why?
-
James McNellis about 14 yearsJust out of curiosity: why are you using a 20 year old compiler?
-
Johannes Schaub - litb about 14 yearsNo doubt, this virus evolves from the undefined behavior in your code.
-
Alok Singhal about 14 yearsYour compiler is converting your program to a virus because you used
void main
. :-) -
Sagar Kothari about 14 years@James McNellis - Your comment is great. But we have to have to follow this compiler strictly - Just because it is in our University syllabus. ( Yes, it looks ridiculous - but it is the fact. We are forced to follow the syllabus instructions ). I know today many other compilers are available. But I had no choice. Because In practical examination we have to give our exam on turbo c only.
-
-
stakx - no longer contributing about 14 years... and maybe the fact that the OP calls his programs
VIRUS
andVIRUS2
helps to get the anti-virus software to think that it's found a virus...? -
Sagar Kothari about 14 yearsHey ! You might use other name also. I had too many programs on my disk for my exam preparation - I just named it like this just because - I wanted to identify it easily. You might choose other name - then also it will detect it as virus.
-
Sagar Kothari about 14 yearsNo - It's not there. I need answer - not any assumptions. I have verified too many times. First I formatted entire computer - Installed os & then first antivirus system & then turbo c. Even After this - it is detecting my program as virus.