Compiled C executable is detected as a virus by windows defender - c++

I had compiled a simple hello world program in C with the MinGW compiler using the command line. As it had finished compiling, windows defender popped up and detected a virus (Trojan:Win32/Fuery.C!cl).
#include <stdio.h>
#include <stdlib.h>
int main() {
printf("Hello World");
return 0;
}
https://imgur.com/a/05yDjw5
I had taken action on this (Removed) as windows defender suggested, but when I compile again the same happened, multiple times.
I had downloaded an AntiVirus (Malwarebytes) and scanned my whole system and it detected some registry key errors, but not this.
I've tried compiling C++ files too, but windows defender did not detect any virus there. This only happens when I compile in C.
I've also tried checking the compiled executable at VirusTotal.
https://www.virustotal.com/gui/file/476d47215dad80db49c9fd508ab5e10e5aeb5b623248ca156830a28b70affe5f/detection
I tried CodeBlock's MinGW compiler and 0 engines detected it. (Same C file)
https://www.virustotal.com/gui/file/8ba4b0fa24b1b6b69152acce2353fcca8447bbecbfc4e5ec48d33cc75d94f2f1/detection
EDIT: I deleted the path variable of C:/MinGW and added CodeBlock's MinGW compiler. I then used the command line to compile the same C file again and had uploaded the .exe file to VirusTotal. This time, 0 engines detected. So I have come to the conclusion that, the MinGW compiler that I had installed was creating this problem.
https://www.virustotal.com/gui/file/34d383f6c09f897d8c9a44ed0e7850574320e50fdf439eeb1f06705fdcc95386/detection
I don't know why this happens. Is there a malware in my computer that affects my C programs or is this a false detection?

There is no malware, it is a false positive. The executable generated by your version of MinGW looks very similar to a particular virus.
To avoid the problem, add the directory where you build your code to the list of exclusion in the antivirus.
Also consider using mingw-w64 instead of mingw.org .

I came across with the same problem, compiler tdm gcc v9.2.
The following compilation triggers a warning (kaspersky).
gcc temp.c -o temp.exe
The following does not
gcc -O3 temp.c -o temp.exe
Where temp.c is
#include <stdlib.h>
#include <stdio.h>
#include <math.h>
int main() {
int a, b;
scanf("%d %d", &a, &b);
printf("mod %4d, %4d is %4d\n", a, b, a%b);
return 0;
}
The same code with g++ passes the test with both compilations. The antivirus software does not detect the same virus elsewhere but only in temp.exe (first compilation).

I may have solved my problem.
This is what I did: I removed the PATH Variable of C:\MinGW and added CodeBlock's MinGW compiler (CodeBlocks/MinGW/bin). I used the command line to compile the same C file, and had uploaded the .exe to VirusTotal. No engines detected this file!
https://www.virustotal.com/gui/file/34d383f6c09f897d8c9a44ed0e7850574320e50fdf439eeb1f06705fdcc95386/detection
So I have come to a conclusion that, MinGW was the compiler that was causing this problem. I have removed it.
However, I am not quite sure if this problem is FULLY solved. There is still a possibility of malware affecting my executable (or perhaps not). I cannot be sure.
If anyone has any answers, please comment or answer

I ran into this after installing MinGW on 01-08-20(dd-mm-yy).
For me it was also Windows Defender, the way to - hopefully temporarily- get rid of this is to add an exception for the folder your compilation output will reside in.
The Microsoft website states these steps to add an exclusion:
Go to Start > Settings > Update & Security > Windows Security > Virus & threat protection.
Under Virus & threat protection settings, select Manage settings, and then under Exclusions, select Add or remove exclusions

I had a similar problem. I figured out that the following dll was missing: mingw32-libmingwex-dll. Once I installed it via "MinGW Installation Package", I didn't have the problem anymore.
I hope this can help others.

Since you wrote that program and you know it isn't actually a Trojan, it's obviously a false positive. You should submit the file to them at https://www.microsoft.com/wdsi/filesubmission so they can figure out why it's triggering the false positive and fix it. (If it happens with everything you compile, just sending them one will suffice.) In the meantime, you should add an exclusion to Windows Defender for the folder that you compile your executables in.

Related

Why does string type cause c++ program to not run?

I have a simple program, written in C++, on a Windows 10 machine, compiled with the MinGW g++ compiler.
I am including the <string> header, and it runs fine. When I include the string data type, it will compile, but it will not run.
The minimum amount of code to reproduce this is:
#include <iostream>
#include <string>
using namespace std;
int main() {
string greeting;
cout << "hi" << endl;
return 1;
}
Please note, this works fine:
#include <iostream>
#include <string>
using namespace std;
int main() {
//string greeting;
cout << "hi" << endl;
return 1;
}
The version of the compiler is 6.3.0
g++.exe (MinGW.org GCC-6.3.0-1) 6.3.0
I downloaded it 3 days ago, so I assume it is the most recent version. (Maybe not?)
I have googled and browsed stackoverflow for answers.
The closest question I could find, the person gave up and changed operating systems.
One other solution I found was to use Cygwin's compiler. I would rather not, as I already have a seemingly otherwise fine compiler. It seems that MinGW tools are widely used enough that I should be able to use the compiler.
Any other forum/blog/etc resources have problems about converting strings or calling string methods.
NOTE: The same exact code runs fine on Ubuntu 16.04, with the included compiler.
EDITS:
While I realize that "It does not run" is not helpful, I don't know how else to describe it. I run the compiled program, and it behaves the same as if I entered echo ''. There is no output, no indication that anything has happened. What is the most helpful way to phrase that behavior?
If I use a debugger, I get program exited with code 0xc0000139
A quick google search returns results indication that it is a problem with the compiler. Same as the comments below about my compiler version...
To compile the program, I run g++ main.cpp -o b.exe
To execute it, I run ./b.exe
Mingw has a long standing issue with certain consoles (see their faq). It might be worth checking whether it's failing to output rather than execute by e.g. redirecting to a file ./b.exe >out.txt.
After some useful comments, and much frustration, I decided to try to build the most current compiler. I caved and used Cygwin. (I really have no problem with Cygwin, I just wanted to get MinGW to work.)
I followed this site's instructions (after downloading the current source from https://gcc.gnu.org).
http://preshing.com/20141108/how-to-install-the-latest-gcc-on-windows/
Notes:
This is for an older version of gcc, but I replaced the appropriate version numbers with 8.2.0 (current at this time).
I was missing some prerequisites, and had to cd into the source directory and run ./contrib/download_prerequisites from the Cygwin terminal. It handled everything seamlessly, and while it took a little bit, I am now able to use string data types and run the program (successfully).
Don't forget the final make install command. I did, and it was a headache.
Lastly, thanks to all the helpful comments, and those that asked for clarification. When I call the mechanic, and say, "my car won't run", they ask helpful questions, and we work together to get them the relevant information they need. That's what happened above, and I learned some things (and solved my issue).
I had the same issue. I downloaded mingw a few days from sourceforge and everything complied fine except when I declared a string. Then it would show no output. Maybe it was some problem with the old version (6.3.0). I deleted all the files and re-installed using the given tutorial : https://code.visualstudio.com/docs/cpp/config-mingw . This is a newer version (8.1.0). Now it works just fine!

gcc and clang under msys2 cannot resolve includes with absolute paths

I try to get tests generated by the cxxtest framework working under a MinGW environment managed by mysys2. The tool generates C++ files with absolute paths. However, gcc seems to be unable to resolve this absolute paths.
Here is a minimal example to demonstrate the problem:
// file1.h
#include <iostream>
inline void hallo() { std::cout << "Hallo\n"; }
// main.cpp
#include "/home/phil/example/file1.h"
int main()
{
hallo();
return 0;
}
The file exists (at least the msys2 shell resolves the path):
$ ls /home/phil/example/file1.h
/home/phil/example/file1.h
... but calling g++ results in this error:
$ g++ main.cpp
main.cpp:1:38: fatal error: /home/phil/example/file1.h: No such file or directory
#include "/home/phil/example/file1.h"
^
compilation terminated.
Same error with clang.
Under a full Linux environment, the example works. It also works if I replace the absolute path by a relative one (#include "file1.h").
So, I assume the problem lies in the layer over Windows that is responsible to resolve paths. Not sure whether I should report it as a bug to the msys2 project, or whether it is a known problem. If it is a known problem, are there any workarounds (like setting -I options)?
(If possible, I would like to avoid replace the absolute paths, as they are in generated code by the cxxtest framework. Technically, running a postprocessing step on the generated files would be possible but seems like a hack in the long run.)
Since you are running compilers that use MinGW-w64 as their runtime environment, they don't recognize POSIX-style paths like that. I think they actually interpret the root directory "/" to be "C:\". Other than that, they would only recognize native Windows-style paths.
I recommend that you pass the argument -I/home/phil/example to your compiler from some program running in the msys-2.0.dll POSIX emulation runtime environment (e.g. /usr/bin/bash or /usr/bin/make). The msys-2.0.dll runtime will then convert that argument to use a native Windows path so the compiler can understand it, and statements like #include <file1.h> will work. Alternatively, you might try putting a Windows-style path in your source code, e.g. the path should start with C:\.
Note however that having absolute paths in source code or build scripts is a bad idea since it makes it harder to build the code on a different computer. You could consider using environment variables or relative paths.
Try using the MinGW compiler that Cygwin provides as a package. (In other words, forget the MSYS environment; work under Cygwin, but build the code as before, in the MinGW style.)
Then you should be able to have include references /home/phil; it will just resolve to C:\Cygwin\home\phil or wherever your Cygwin root is.
Actually, it might be possible under MSYS also (which, after all, is just the descendant of an old for of Cygwin). You just have to figure out what /home/phil is referring to, create that tree and work under there.

fatal error: iostream: No such file or directory 3

A number of answers to this exact error have been put upon this website but I am quite the beginner to C++ and Code::Block so i'm afraid I do not understand them.
I have been following a very simple C++ tutorial that started me out with one simple program that I was told to copy and paste into the compiler.
#include <iostream>
using namespace std;
int main()
{
cout<<"HEY, you, I'm alive! Oh, and Hello World!\n";
cin.get();
return 1;
}
I actually did not write any of this code so my own syntax errors cannot be an issue. Basically that means I'm out of ideas for troubleshooting. Any ideas as to why I can't run this?
Okay so saving the file as a .cpp worked for the building, but when my program actually runs nothing appears in the menu that pops up in which, I assume, the text is supposed to appear. Again, I'm decent at troubleshooting but this code has been confirmed to work by thousands of others and there must be something else wrong.
Save your file in .cpp format instead of .c format which is default for Code::Blocks. Your workspace(that is the file where you saved this code in) will be renamed to xyz.cpp and you can easily check this fact in the tab.Furthermore, change the cout and cin statements to std::cout and std::cin.
Just to make sure we are on the same page.Goto Settings>>>Compiler.Selected compiler should be GNU GCC compiler. Goto Toolchain Executables tab and autodetect the compiler's installation directory (should be something like CodeBlocks\MinGW).
Code::Blocks compiles using some built-in .dlls and i have sometimes found it needed the dll in the folder with the compliled .exe
if not that, try the console application template
i use TDM-GCC it compiles fine.

C++ runtime errors in CodeBlocks when printing strings with cout <<

I recently started using CodeBlocks and began encountering odd runtime errors which I have traced back to printing strings using cout <<. For example, even the following..
#include <string>
#include <iostream>
int main()
{
std::string str;
str = "Hi!";
std::cout << str << std::endl;
return 0;
}
results in an error. It will compile fine (using Borland) but when I run it I get a pop up window saying 'test.exe has stopped working' and in the console I get the message:
Process returned -1073741819 (0xC0000005) execution time : 1.526 s
Press any key to continue.
It compiles and runs fine in MS Visual C++ and with G++ in Ubuntu.. any thoughts would be greatly appreciated!
Cheers,
Weatherwax
My one-off comment ended up helping solve the problem so here it is packaged up as an answer for future users:
This guy had a similar issue and it ended up being a linker issue which he
fixed. The fix is the last post in the thread, although reading the
whole thread could be useful for you.
Long Story short: Borland compiler is a bit dated and annoying to use. Ended up being a linker issue within borland. Better off using a different compiler like GCC/G++ or Visual Studio compiler.
This answer is here to elaborate on the root cause of the issue.
The reason for your crashing program is because the wrong runtime library is being linked. Specifically, your example is compiled as a single threaded object file(the default) but the linking step is using the multithreaded cw32mt.lib runtime -- the "mt" suffix at the end means multithreaded.
The solution is to make sure the runtime your program is compiled to use matches with the runtime you're linking against. A few ways to do this.
Important bcc32 compile switches:
-tW Windows GUI program. WinMain() is expected
-tWC Windows Console program. main() is expected. default.
-tWR Use dynamically linked runtime. Absence implies static runtime linkage.
-tWM Use multithreaded runtime. Absence implies single thread.
Compiling your example program as single threaded like this works:
bcc32 -oexample.obj -c example.cpp
ilink32 -ap example.obj c0x32, example.exe,, cw32.lib import32.lib,,
or you can compile it as multithreaded like this(note the -tWM switch matching up with cw32mt.lib):
bcc32 -tWM -oexample.obj -c example.cpp
ilink32 -ap example.obj c0x32, example.exe,, cw32mt.lib import32.lib,,
A third approach that is easier and less error prone is to not call the linker yourself. Instead, let the compiler drive the linker indirectly(similar to gcc):
bcc32 -tWM -oexample.obj -c example.cpp
bcc32 -tWM example.obj -eexample.exe
For your simple example, it can even be shortened to:
bcc32 -eexample.exe example.cpp
Lastly, you can pass the -tW switch multiple times. For example, this command compiles your example as a console program with multithread support and dynamic runtime linkage:
bcc32 -tWM -tWR -tWC -eexample.exe example.cpp
The produced example.exe executable is much smaller and its import table has an entry for CC3250MT.DLL confirming that the borland runtime is dynamically linked.
We should not assume that a non-functioning program is caused by nonconformity to the standard or a bug in the tool we're using without first investigating user error as a potential cause (even though in this case it's tempting to do so). In the OP's case, the code::block IDE didn't have the right commands setup for the toolchain being used.

AVG Access Denied warning when running the simplest C++ program

I am running a very simple C++ program:
#include <list>
#include <vector>
int main(int argc, char **args) {
}
I go to the command prompt and compile and run:
g++ whatever.cpp
a.exe
Normally this works just fine. It compiles fine, but when I run it it says Access Denied and AVG pops up telling me that a threat has been detected Trojan Horse Generic 17.CKZT. I tried compiling again using the Microsoft Compiler (cl.exe) and it runs fines. So I went back, and added:
#include <iostream>
compiled using g++ and ran. This time it worked fine.
So can anyone tell me why AVG would report an empty main method as a trojan horse but if the iostream header is included it doesn't?
UPDATE:
I added a return statement to the main method and now I find that I only get the error if I return 0. Any other return value and it seems to work fine.
What's going on here?
You're not the first person to encounter false positives by antivirus software.
What probably happened is that the antivirus heuristics tripped up on the standard runtime libraries present in your programs, since malware uses them as well. Of course, legitimate software uses them too! The fact that it didn't trip up on iostream probably means that iostream isn't very popular among malware writers.
If you only want to overcome the problem as fast as possible,
just put the folder of the executables into AVG's whitelist.
My preferred steps:
For safety's sake, you should send your executable
to an online virus/malware scanner like these:
www.virustotal.com : VirusTotal - Free Online Virus and Malware Scan
virusscan.jotti.org/en : Jotti's malware scan
if they report 'false positive', then insert the path of the compiled executables
into AVG's whitelist,
so it doesn't scan that folder.
I'm not conversant with AVG, but every antivirus
has an option to exclude files from scan.
If you're brave enough, debug the executable and find the causing call.
An alternative solution may be to virtualize a lightweight linux system,
install gcc (with g++, of course) on it, and use that "g++ dedicated environment"
to
develop your commandline apps.
// The 1st step is a sum-up of this conversation.
// If you send me the source and the 'infected' executable that you compiled, then I'll check it.
// The missing return statement in the (C++) main function means returns 0.