C++

Forum

 
AVG - Malware Detected - O_O

Dec 18, 2010 at 2:54am
gabrielsaraiva (27)
AVG started warning that the application I'm developing is a virus. Just because it copies itself to C: \ Windows \ System \ razor and creates a startup key in the registry with his name.

Ok Ok! All viruses do, but my program is not a virus. I was very hurt by AVG. = (


Any tip?
Dec 18, 2010 at 3:09am
blackcoder41 (1426)
what function do you use to copy to write to registry? also what is your compiler? I'll try to help.
Dec 18, 2010 at 4:21am
gabrielsaraiva (27)
I'm Using CodeBLocs IDE on Windows using GNU GCC,
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
BOOL instalarNoRegistro(){

    //Verifica se a chave de inicialização existe.

    LONG retorno;
    DWORD tipo;

    HKEY chave;

    char valor[TAMANHO_CAMINHOS];
    char wft[MAX_PATH];

    char instalacao[] = {"C:\\Windows\\system\\razor\\razor.exe"};

    RegOpenKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",&chave);
    retorno = RegQueryValueEx(chave,NOME,NULL,&tipo,(LPBYTE)wft,&valor);

    LONG sucesso;

    if(retorno == ERROR_SUCCESS){
        if(strcmp(valor,"C:\\Windows\\system\\razor.exe")){
            char chaveRazor[] = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\RAZOR";
            RegDeleteKey(HKEY_LOCAL_MACHINE,chaveRazor);
            sucesso = RegSetValueEx(chave,NOME,0,1,(LPBYTE)wft,strlen(instalacao));
        }
    }else{
        sucesso =  RegSetValueEx(chave,NOME,0,1,(LPBYTE)instalacao,strlen(instalacao));
    }

    RegCloseKey(chave);
    if(sucesso)return TRUE;
    return FALSE;

}

void instalar(){
    mkdir();
    mkdir(CAMINHO_LOGS);
    int res = CopyFile(CAMINHO_EXECUTAVEL,"C:\\Windows\\system\\razor\\razor.exe",0);
    if( res ){
         instalarNoRegistro();
    }
}
Dec 18, 2010 at 6:24am
firedraco (6245)
It's probably complaining because you are inserting yourself into the startup and also copying your file into the windows system files (both things viruses might do to startup automatically or avoid detection)
Dec 18, 2010 at 2:55pm
blackcoder41 (1426)
firedraco is probably right, also try moving your registry path to a string table (resource file), Though I also have some experience with MingW(GCC) detected as virus. Tell us if you have any luck :)
Dec 18, 2010 at 5:15pm
closed account (3pj6b7Xj)
Now that I read this post it makes you wonder...what does exactly virus code look like? I really don't want to know but its just one of thoose things that makes you curious to want to know....id rather not be the cat killed by curiosity.
Dec 19, 2010 at 5:56am
gabrielsaraiva (27)
Sorry, my english sucks, but from what I understand you want to know what my program does? Correct? Well actually this program is like a "manager or a manager of activities of the students signed" I'm developing for a secondary school. I need it to start with the system to activate other programs that students use and to set some configuraçãoes necessary.


Sorry if this has not been asked
Dec 19, 2010 at 11:37am
Kyon (912)
Well, couldn't you just turn off the AV-software, add that program to the list manually and turn it back on, assuming that you have developer / administrator rights.
Dec 19, 2010 at 5:55pm
Computergeek01 (5613)
First of all why are you adding your application to C:\Windows\... anything? Programs go in Program Files, even those that manage other programs. Also you should be installing your application as a service NOT dropping it into (it seems) the HKLU\... which would only be effective for the current user, I reccomend NOT installing it in "All Users" as this is also seen as "viral behavior".

You should be aware that applications started from Current Version\Run execute asynchronously so there is no guarentee that your program will start up in time to manage anything the students are doing. This is a big reason to install it as a service.

Personally I think you're doing too much work, from your description so far this can be done much faster and a crap load easier from M$ Active Directory Group Policy.

EDIT: By the way, Kyon has it right. I've seen this requirment enough times from "proffessional" companies to know that this is the standard way this situation is dealt with.
Last edited on Dec 19, 2010 at 6:21pm
Dec 20, 2010 at 2:13am
gabrielsaraiva (27)
I'm starting in C, i'm making this software just for get new skills in C, it will never be actually used. Just is a thing that I dream... I've liked the idea of use software as a Service, and Install in Program Files. I will try this, and check if the AVG shut up. hheh Thaks.

Dec 20, 2010 at 3:08pm
Computergeek01 (5613)
Sorry about my tone, it gets to me when we get sysadmins (which I mistook you for) in here who are trying to "reinvent the wheel". Let us know if you have more questions
Dec 23, 2010 at 3:59pm
gabrielsaraiva (27)
Thanks, i've change this things (system -> program files) and avg has stoped =D

Sorry for the bad english =/
Topic archived. No new replies allowed.