Virustotal 将我的程序的 32 位版本标记为恶意软件 [英] Virustotal flag 32 bit version of my program as malware

问题描述

我遇到了一件很奇怪的事情.我用 C# 编写了一个非常简单的程序，并尝试构建它的 32 位和 64 位版本.64 位版本工作正常，但每当我尝试构建 32 位版本时，我的防病毒软件都会将其删除.我已经将这两个文件上传到了virustotal:

I've run into a very odd thing. I wrote a pretty simple program in C#, and tried to build a 32bit and a 64bit version of it. The 64bit version works fine, but whenever i try to build the 32bit version, my antivirus software removes it. I've uploaded both files to virustotal here:

32位: https://virustotal.com/da/file/fdb3d2870ce876b49eb5d9371fc0b133b7657ddd994603777a42a47f3eb09d8b/分析/1461779525/

64 位: https://virustotal.com/da/file/83334954cb0baef30153ca8bdfa900b64fef33f1983899c9e54e9156b72df00c/analysis/1461779699/

为什么?它的代码完全相同，唯一的区别是在 x64 和 x86 构建之前我在它们之间切换.

Why? its completely the same code, and the only difference is that i switched between x64 and x86 before they were build.

推荐答案

从代码中删除 P/Invokes 后，您可以将项目设置为 AnyCPU.这样你就不需要 x86 和 x64 构建.

You could set your project to AnyCPU after removing the P/Invokes from your code. That way you don't need a x86 and a x64 build.

除了使用以下几行外，我在您的项目中没有看到任何看起来不正常的内容:

I don't see anything in your project which looks off, except the use of the following lines:

    [DllImport("psapi.dll")]
    static extern int EmptyWorkingSet(IntPtr hwProc);

    static void MinimizeFootprint()
    {
        EmptyWorkingSet(System.Diagnostics.Process.GetCurrentProcess().Handle);
    }

    ... 

    GC.Collect();
    MinimizeFootprint();

考虑到您的小型应用程序，确实不需要手动调用垃圾收集器并调整工作集.使用它存在已知问题.

Given your small application there really should be no need to call the Garbage Collector manually and to tweak the workingset. There are known issues with using it.

当你用完刷子后，只需清理它们:

Instead just clean up your brushes when you're done with them:

private void DrawResistor(PaintEventArgs e)
{
    Graphics g = e.Graphics;
    SolidBrush brs;

    //Første farve
    g.DrawLine(Pens.Black, 130, 35, 130, 109);
    g.DrawLine(Pens.Black, 140, 35, 140, 109);
    using (brs = new SolidBrush(this.Controls.Find(Farver[0], false)[0].BackColor))
    {
        g.FillRectangle(brs, 131, 35, 9, 75);
    }

    //Anden farve
    g.DrawLine(Pens.Black, 160, 44, 160, 100);
    g.DrawLine(Pens.Black, 170, 44, 170, 100);
    using (brs = new SolidBrush(this.Controls.Find(Farver[1], false)[0].BackColor))
    {
        g.FillRectangle(brs, 161, 44, 9, 56);
    }

    //Tredje farve  
    if (comboBox1.SelectedIndex != 0)
    {
        g.DrawLine(Pens.Black, 190, 44, 190, 100);
        g.DrawLine(Pens.Black, 200, 44, 200, 100);
        using (brs = new SolidBrush(this.Controls.Find(Farver[2], false)[0].BackColor))
        {
            g.FillRectangle(brs, 191, 44, 9, 56);
        }
    }

    //Fjerde farve
    g.DrawLine(Pens.Black, 220, 44, 220, 100);
    g.DrawLine(Pens.Black, 230, 44, 230, 100);
    using (brs = new SolidBrush(this.Controls.Find(Farver[3], false)[0].BackColor))
    {
        g.FillRectangle(brs, 221, 44, 9, 56);
    }

    //Femte farve
    g.DrawLine(Pens.Black, 265, 35, 265, 109);
    g.DrawLine(Pens.Black, 280, 35, 280, 109);
    using (brs = new SolidBrush(this.Controls.Find(Farver[4], false)[0].BackColor))
    {
        g.FillRectangle(brs, 266, 35, 14, 75);
    }

    //Sjette farve
    if (comboBox1.SelectedIndex == 2)
    {
        g.DrawLine(Pens.Black, 293, 35, 293, 109);
        g.DrawLine(Pens.Black, 303, 35, 303, 109);
        using (brs = new SolidBrush(this.Controls.Find(Farver[5], false)[0].BackColor))
        {
            g.FillRectangle(brs, 294, 35, 9, 75);
        }
    }
}

这篇关于Virustotal 将我的程序的 32 位版本标记为恶意软件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！