Accidentally created a virus?

Yes, my team experienced this, perhaps half a dozen every 2-3 years with Sophos in a corporate setting. So very rarely, but it happens.

Our IT nerd started demanding that I look through all the 1.5M lines of code in our application to “make him leave,” but he didn’t drag out this line too much ...

In fairness, it should be said that he was initially worried that our clients might also receive such a warning, but we only ever saw it when exe was created from the IDE on the developer's computer, never in exe exe release on the test window or in another place.

Personally, this happens so rarely that we don’t worry about it.

This happened to me with deployed code. The next update for the scanner solved the problem. Some cretin wrote a virus using the same compiler, and the signature was part of the runtime library, and not in hostile code.

This is not so rare when using non-standard compilers or when creating unusual low-level materials: I remember creating false positives when I was developing the OS: AntiVir did not like some of my flat binary files.

Recently, a message about such a problem has appeared on the tinyCC mailing list , which retains AVG.

I have never seen this, having done most of the development in C ++ and .NET using Visual Studio (starting from version 1.5 to 2010).

I have only seen this with assemblers. For example, MASM32 actually warns people that it can run anti-virus scanners, since EXEs are so small (and / or some viruses are written to be mounted). My McAfee scanner prevented some of the sample programs as viruses.

This should only happen for antivirus scanners that have a suspicious viewing mode.

In some applications, if I use RtlVclOptimize.pas, Avira antivirus reports that I created a virus.

plus what others say, modern antivirus programs increase the level of viruses if your programs also use some “suspicious” APIs (for example, URLdownloadFile or other API related bindings). if you use google delphi RAT FUD API undetectable, you will find many interesting topics.

Some antivirus programs even designate a batch file as a virus and cannot be sure that it is not. It is rather annoying if this file is part of a third-party library, and a virus alert is triggered every time TortoiseSVN checks it. I ended up disabling the antivirus scanner, deleting the file and committing. (Without turning off the scanner, I could not even do this :-()

A few years ago, every time we updated GNU Linker from mingw sources and started distributing it with our compiler, we received several reports that vivusscanners classified ld.exe as a virus. (.exes writing.exes ...)

I would not call it “false positive” because, strictly speaking, this is not true, and antivirus software is by no means “guilty”.

I am 99% sure that this is a heuristic analysis, valid (I am sure it detects your executable file as something like win32.virus.generic strings - note the general, this is a sign that this is not his db signature, but rather was detected heuristic), and being a heuristic and all, it does not give you any guarantee that everything that it finds is malicious, it just tells you that the executable is suspicious from its point of view.

The easiest solution for this is to simply add an exception for your file by name (it is always the same name, right?). If you are not comfortable, you should probably create your own antivirus software before taking action so that you can skip the file manually.

In general, I found that coding in windows with antivirus software is somewhat annoying (don't do this a lot these days, but still), especially if the specified software is in "paranoid mode." Annoying, although it is inevitable (IMO).

It happened to me. The hook keyboard will run almost any heuristic software for scanning AV messages to record a key registrar. There are probably many other system calls that will also make it. Decision. Try reconfiguring your code or contacting the AV manufacturer to include your software in the exclusion list.

I remember another weird one:

File marked as suspicious. The only thing the file was .OBJ! The .EXE file containing the code contained in the .OBJ was not considered a problem.

If you have problems with false positives, there is a VirusTotal online service that will help you check your file against the number of anti-virus engines.
This is a free service, and currently it can run antivirus scans with almost 40 antivirus engines.

Many honest developers have problems due to sloppy antivirus software. See also: How to prevent false positive virus alarms on my software?

Imagine that for every false positive they show, you are losing a potential customer. Perhaps we can team up against such antivirus products and make them more careful about false positive alerts, even to get some revenue for the sales we lose because of them.