Menu
I'm a bit rusty in C, but I've come across this strange problem:
I wrote this program:
#include <stdio.h>
main()
{
int n;
n=1;
while (n>0)
{
puts("Write a number: ");
scanf(" %d",&n);
printf("This is the number you wrote: %d\n", n);
}
}
Apparently there are absolutely no syntax errors, and for what I could understand, neither was any compiling error. It compiled and built perfectly. Now, if I switch this line:
puts("Write a number: ");
with this one:
printf("Write a number: ");
it compiles with no errors but when the compiled object launches, it immediately stops and an anti-virus warning pops up saying it identified a trojan horse. Before taking any conclusions, I built it several times and after getting the same message I scanned it in virustotal.com and this was the result.
Well I know puts is actually more correct than printf given the objective, but still it should work just fine...
What's wrong here?
I'm using AVG anti-virus, and Pelles C to compile.
Thanks in advance.
582
In the Windows Search, search for "Windows Security" and open the app. In the left-sidebar, click Virus & threat protection. In the right-hand pane, click Manage settings. Under Exclusions, click Add or remove exclusions.
Any virus that tries to avoid detection by antivirus software is considered a stealth virus. A stealth virus has an intelligent architecture, making it difficult to eliminate it completely from a computer system.
Scan the EXE with an Antivirus Perhaps one of the quickest ways to tell if a file is a virus is by scanning it with your antivirus. Windows has several free antiviruses you can install. These antivirus programs usually allow you to right-click on the questionable file and select to scan it.
Antivirus software is a class of program designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems.
It's a false positive, obviously. The generated machine code just happens to resemble code that is in the malware database. This has nothing to do with the use of puts().
72
Anti virus software work on signatures which are basically known patterns in executable code used by virus software.
Some virus in the wild has a similar pattern to the printf version of code you wrote (I searched all of the people who did flag you as a virus, unfortunately none of them publish what their signature files are checking for). Due to the fact you should never call printf with one argument it is likely many anti-virus software providers may use that as part of their signature process.
The two options you have are don't call printf with a single argument (which you shouldn't anyway) or submit your program as a false positive to the antivirus vendors that said your program was a virus and they may update their signatures to rule out your program as a false positive.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
