为什么AVG(antivirus)将Dev-C ++生成的可执行文件检测为病毒? [英] Why does AVG(antivirus) detect an executable produced from Dev-C++ as a virus?

问题描述

我创建了一个默认的Dev-C ++项目，而不是通常的 return 0; ，它具有 return EXIT_SUCCESS; ，并且在编译和运行该项目时，我收到了警报我的防病毒文件指出可执行文件是病毒.

I created a default Dev-C++ project and instead of the usual return 0;, it had return EXIT_SUCCESS; and upon compiling and running it, I was alerted by my antivirus that the executable was a virus.

我用Visual C ++，Eclipse和Codeblocks尝试了相同的代码，他们都成功地编译了….所以我有点困惑.

I tried the same code with Visual C++, Eclipse and Codeblocks and they all compiled it successfully … so I am a bit confused here..

—当其他相似的宏运行正常时，为什么AVG会将行代码 return EXIT_SUCCESS; 从Dev-C ++生成的可执行文件检测为病毒?

— Why does AVG detect executables produced from Dev-C++ with the line return EXIT_SUCCESS; as a virus when other similar macros work perfectly fine?

推荐答案

AVG为什么将我的C ++程序标记为病毒?

例如，这是AVG检测为病毒的C ++程序:

Why is AVG labeling my C++ program a virus?

For example, here is a C++ program that AVG detects as a virus:

#include <cstdlib>
#include <iostream>
using namespace std;
int main(int argc, char** argv) {
    cout << "done";
    return 0;
}

运行可执行文件，我得到带有以下文本的AVG弹出窗口:

Running the executable, I get AVG popup window with this text:

AVG Resident Shield Alert
Threat detected!
File name: c:\Documents and Settings\eleschinski\Desktop\workspace\CppApplication_2\dist\Debug\MinGW-Windows\cppapplication_2.exe
Threat name:  Trojan horse Agent3.CJAI (More Info)
Move to Vault (Reccommended)
Go to file
Ignore the threat

AVG的屏幕截图:

AVG防病毒程序是一种在计算机上运行的程序，该程序使用启发式和其他不精确的算法来识别哪些程序具有有害的恶意程序.AVG将可执行文件的内容作为输入，并确定程序不安全.

AVG antivirus is a program that runs on your computer that uses Heuristics and other imprecise algorithms to identify which programs have unwanted evil agendas. AVG is taking as input the contents of your executable file, and decided that your program is unsafe.

防病毒编写者正在使用枚举错误策略来识别恶意软件中的世界，现在又回来咬他们，因为这是解决恶意软件问题的错误方法.枚举不良的一个问题是误报，这是您现在遇到的问题.

Antivirus writers are using the Enumerating Badness strategy to identify malware in the world, and it is coming back to bite them because this is the wrong approach to the problem of detecting malware. One problem with Enumerating Badness is the false positives, the problem you experience now.

步骤1.首先，您要非常确定AVG抱怨的文件是什么.为此，请转到AVG->工具"菜单->扫描文件".选择在威胁窗口中定义的有问题的可执行文件或文件.AVG将立即扫描文件，并建议将其添加到Vault中.此时，您可以知道AVG认为仅此文件就是恶意软件.

Step 1. First you want to be very sure what file that AVG is complaining about. To do this, go to AVG -> Tools menu -> scan file. Choose the offending executable or file defined in your threat window. AVG will scan the file instantly and recommend to add it to the vault. At this point you can know AVG thinks this file alone is the malware.

第2步.获得关于此恶意软件/病毒文件的第二意见，更好的是，获得50个独立的第二意见.转到网站 https://www.virustotal.com ，在那里您可以免费上传文件，并且如果大多数人认为是，它将被大约50种不同的防病毒程序进行分析.病毒，那么AVG做得很好.但是，如果只有少数杀毒软件将您的文件标记为恶意文件，则AVG可能会误报.

Step 2. Get a second opinion about this malware/virus file, better yet, get 50 independent second opinions. Go to the website https://www.virustotal.com, there you can upload your file for free, and it will be analyzed by about 50 different antivirus programs, if the majority of them think it is a virus, then AVG has done well. But if only a few antiviruses label your file as evil, then it's possible that AVG has a false positive.

第3步.一种使AVG确信您的C ++程序安全的简单方法是在以下内容的开头添加c ++语句: system("pause"); 您的C ++程序，然后重新编译并重新运行.对于我来说，AVG随后会警告我，我单击忽略"，然后无论如何我都可以运行它.另外，请尝试在主函数末尾使用返回1"而不是返回0".它会让您运行它.如果这看起来很奇怪，那就是.通过使防病毒软件看到许多误报，病毒编写者比防病毒编写者更聪明.

Step 3. An easy way to convince AVG that your C++ program is safe is to add the c++ statement: system("pause"); in the beginning of your C++ program and recompiling and re-running. For me, AVG then warns me about it, I click ignore, then it lets me run it anyway. Also, try using 'return 1' instead of 'return 0' at the end of your main function. It will let you run it. If that seems bizarre, it is. Virus writers are smarter than antivirus writers by getting antivirus software to see to many false positives.

第4步.查看是否可以将程序列入白名单.进入AVG中的病毒库".AVG->历史记录"菜单->病毒库".找到代表您有问题的C ++程序的行项目，并将其从病毒库中释放，或将其列入白名单，然后重试.

Step 4. See if you can white-list your program. Go into the "Virus Vault" in AVG. AVG -> History menu -> Virus Vault. Find the line items that represent your offending C++ program and release them from the virus vault, or white list them, and try again.

选项1:确认病毒编写者正在赢得反病毒软件的战争.隐藏事物要比调查所有事物并发现所有缺陷要容易得多.AVG无法分辨合法病毒和您刚刚制作的某些c ++程序之间的区别.获取新的防病毒软件，或获取不需要防病毒软件(linux)的操作系统，或完全不使用防病毒软件，并保留大量离线脱机备份.

Option 1: Acknowledge that the virus writers are winning the war against antivirus software. It's easier to hide something than it is to survey everything and spot all badness. AVG can't tell the difference between a legitimate virus and some c++ program you just made. Get new antivirus software, or get an operating system that doesn't need antivirus software (linux), or go without antivirus software all together and keeps lots of offline offsite backups.

选项2::告诉AVG停止分析扩展名为.EXE的文件.警告这将降低AVG保护您的计算机免受真实病毒/恶意软件的侵害.转到AVG控制台->工具->高级设置->防病毒-> Resident Shield->专家设置.您将看到一个带有标签的文本框:始终扫描具有以下扩展名的文件".从该文本框中删除 EXE; .保存并尝试重新运行您的程序.AVG将不再抱怨您的something.exe可执行文件.

Option 2: Tell AVG to stop analyzing files with .EXE extensions. WARNING this will decrease AVG's ability to protect your computer from real viruses/malware. Go to AVG console -> Tools -> Advanced Settings -> Anti Virus -> Resident Shield -> Expert Settings. You will see a textbox with a label: "always scan files with the following extensions". Remove the EXE; from that textbox. Save and try re-running your program. AVG will no longer complain about your something.exe executable.

选项3:弄弄C ++程序，直到不再被标记为病毒为止.添加一些 #include 库，但不包括其他一些库.无关紧要的更改可能会使AVG完全不同，从而确定您的文件是恶性的.

Option 3: Fiddle with your C++ program until it stops being labelled a virus. Add some #include libraries, excluding some other ones. An inconsequential change could make all the difference in AVG deciding your file is malignant.

，如果来自AVG的任何人有兴趣追查此错误，请此处为误报可执行文件以上

这篇关于为什么AVG(antivirus)将Dev-C ++生成的可执行文件检测为病毒?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！