Pelles C forum

C language => Windows questions => Topic started by: daniel_bingamon on March 13, 2017, 12:12:59 PM

Title: 360 Total Security False Malware Indication
Post by: daniel_bingamon on March 13, 2017, 12:12:59 PM

I use this compiler on a regular basic and just recently a program I wrote a long time ago was reported to have malware.  Now, the .zip file is the same file I uploaded to my website, I thought maybe someone got into it and add some malware payload.   So, I made a totally new compilation with a couple bug fixes while I was in the code and made a new zip and uploaded it to the site.     This ONLY occurs with 360 Total Security Antivirus, which an end user is using.

BTW - My desktop is secured with ESET NOD32 and is running fine with no indications of virus.  I'm reasonably sure the PC is not infected.

It is listing HEUR/QVM20.1.55BF.Malware.Gen.

Is it possible that one of the Pelles Libraries code has been used by someone making malware and this section of library is being used as the signature?
I can't get an answer back (two email) from the 360 Total Security people, they are ignoring my requests.

The program TWCalc (for calculating toneholes on Pennywhistles) is here:  http://kingsmills.us/twcalc/twcalc.htm
I don't understand why this is happening, there is no intent to have any malware in this.

Title: Re: 360 Total Security False Malware Indication
Post by: jj2007 on March 13, 2017, 12:36:10 PM

Quote from: daniel_bingamon on March 13, 2017, 12:12:59 PM

It is listing HEUR/QVM20.1.55BF.Malware.Gen.

Don't worry, your program is fine - this is just a false positive from a crappy AV. There is a dedicated sub-forum over at the Masm32 site (http://masm32.com/board/index.php?board=23.0). These guys should be thrown in jail for the damage they are causing.

If you need to convince your end user, upload your file to https://virusscan.jotti.org/en-US/scan-file and show the result to that user. Or point them to False Positives Sink Antivirus Ratings (http://www.pcmag.com/article2/0,2817,2481367,00.asp) (360 crapware is not even listed there).

Typical result for my RichMasm editor (http://masm32.com/board/index.php?topic=5314.0): Scan finished. 2/18 scanners reported malware (https://virusscan.jotti.org/en-US/filescanjob/718m51ajmm) - probably because it's a packed executable, really, really suspicious 8)

Title: Re: 360 Total Security False Malware Indication
Post by: TimoVJL on March 13, 2017, 01:45:55 PM

- sometimes debug-info gives false alarms.
- using MT multithreaded CRT gives less false alarms.

Title: Re: 360 Total Security False Malware Indication
Post by: daniel_bingamon on March 14, 2017, 07:14:31 PM

Thanks for the comments.  I do have the debugger turned on, I'll try turning it off.
I'll look into the other stuff as well.