Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AVG Access Denied warning when running the simplest C++ program

Tags:

c++

iostream

g++

antivirus

I am running a very simple C++ program:

#include <list>
#include <vector>

int main(int argc, char **args) {

}

I go to the command prompt and compile and run:

g++ whatever.cpp
a.exe

Normally this works just fine. It compiles fine, but when I run it it says Access Denied and AVG pops up telling me that a threat has been detected Trojan Horse Generic 17.CKZT. I tried compiling again using the Microsoft Compiler (cl.exe) and it runs fines. So I went back, and added:

#include <iostream>

compiled using g++ and ran. This time it worked fine.

So can anyone tell me why AVG would report an empty main method as a trojan horse but if the iostream header is included it doesn't?

UPDATE:

I added a return statement to the main method and now I find that I only get the error if I return 0. Any other return value and it seems to work fine.

What's going on here?

like image 522
DaveJohnston Avatar asked Jun 17 '10 22:06

DaveJohnston

2 Answers

You're not the first person to encounter false positives by antivirus software.

What probably happened is that the antivirus heuristics tripped up on the standard runtime libraries present in your programs, since malware uses them as well. Of course, legitimate software uses them too! The fact that it didn't trip up on iostream probably means that iostream isn't very popular among malware writers.

like image 152
In silico Avatar answered Nov 02 '22 17:11

In silico

If you only want to overcome the problem as fast as possible,
just put the folder of the executables into AVG's whitelist.

My preferred steps:

  1. For safety's sake, you should send your executable
    to an online virus/malware scanner like these:
    • www.virustotal.com : VirusTotal - Free Online Virus and Malware Scan
    • virusscan.jotti.org/en : Jotti's malware scan

  2. if they report 'false positive', then insert the path of the compiled executables
    into AVG's whitelist, so it doesn't scan that folder. I'm not conversant with AVG,
    but every antivirus has an option to exclude files from scan.

  3. If you're brave enough, debug the executable and find the causing call.

  4. An alternative solution may be to virtualize a lightweight linux system,
    install gcc (with g++, of course) on it, and use that "g++ dedicated environment"
    to develop your commandline apps.

// The 1st step is a sum-up of this conversation.
// If you send me the source and the 'infected' executable that you compiled, then I'll check it.
// The missing return statement in the (C++) main function means returns 0.

like image 42
ch0kee Avatar answered Nov 02 '22 17:11

ch0kee
Sign in to Comment

Related questions

Boost graph libraries: setting edge weight values
Eclipse CDT: Import source / header files into my new project, without duplicating them
Throwing a C++ exception after an inline-asm jump
How to detect missing font characters
Force to reimplement a static function in inherit classes
c++ profiler that can attach to a running process?
What is the rationale to not allow overloading of C++ conversions operator with non-member functions
Asynchronous event loop design and issues
How to sign XML document or verify XML document signature with C++?
Quick question regarding Conditional Compilation (ifndef)
Can I add Boost source+header files to my own (Open Source) project? [closed]
How to address thread-safety of service data used for maintaining static local variables in C++?
Using gprof with sockets
C++ Iterators and inheritance
Impersonate SYSTEM (or equivalent) from Administrator Account
#define far, #define near Windef.h [duplicate]
How can I use C++ code to interact with PHP? [closed]
Debugging in QtCreator using MSVC2017 compiler
User defined literal arguments are not constexpr?
How to replace all occurrences of one character with two characters using std::string?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!