Best IT Recipes

Fix antivirus detection of my software

I wrote a program (Mimer 1.1 - http://sourceforge.net/projects/mimer/files/ ), and after 3000 downloads I found out that my own Nod32 Antivirus detects my program as a Win32 / Agent.NFIWJLP Trojan. My program has a C ++ routine that makes a system hook for monitoring keyboard and mouse movements and events in the system (similar to a key logger, but this is not what it did).

Does anyone recommend anything for me to prevent my program from being uninstalled by user antivirus software?

What my program does is that it can simulate user interaction with a PC at a scheduled time.

+30
java c ++ antivirus keyboard-hook virus
Aug 20 '10 at 19:06
source share
7 answers

Contact ESET and report an error. If a new version appears, do it again. The only way to find out.

As an example, the AutoHotkey community has the same problem.

Edit:

I scanned DoNotRun.exe on Scan4You.net and found it is 9/32 AV. (see report )

  • Arcavir
  • Avira AntiVir
  • COMODO Internet Security
  • IKARUS Security
  • Kaspersky Anti-Virus
  • ESET NOD32
  • A-bar
  • VBA32 Antivirus

It will take age to contact all of them, but there are several alternatives. You could use malicious cryptor to hide the file (most likely a bad idea, depending on how you approach it), but it won’t last forever, or you can try changing your C source to omit the detected parts, or use a higher language.

+20
Aug 20 '10 at 19:08
source share

You should contact ESET (the company located behind NOD32) using the contact form. If you indicate that you are having a problem with Threat/Error Messages , you can indicate that you found the Harmless file flagged as threat .

+10
Aug 20 '10 at 19:13
source share

It is best to write an email to the authors of the antivirus and tell them about it falsely.

Most good antivirus companies respond to such emails, removing the detection. However, if your program is detected by signatures written for another virus, you may have a hard time convincing them to change their detection signatures or move your program to their cleanset.

What you can do immediately is to somehow tell users that your program can be detected by antiviruses as a virus. This way they will be warned and they can make sure that they are not deleted. If your program is open source, everyone can verify that it is not doing anything wrong.

+8
Aug 20 '10 at 19:08
source share

In addition to contacting ESET, it may be worth contacting some other antivirus providers, such as Avast, Kapersky, etc.

If one of the programs picks this up, the likelihood that others will also be.

+6
Aug 20 '10 at 19:10
source share

You can also try some methods, such as packing your application using UPX or using an application such as Smart Assembly to change how the entire EXE is saved. Certainly does not hurt to try

+5
Aug 20 '10 at 19:26
source share

Antivirus software uses heuristics to determine if a file is a virus or not based on its actions. The system hook on the keyboard and mouse will definitely display as a flag.

I don’t think you should package your program because it will also raise a flag. Your software is open source, so you just need to include a notification in README that informs users that some AV devices detect it due to system interception and provide the line / file where this code is located.

+1
Aug 21 '10 at 15:11
source share

Many honest developers have problems due to sloppy antivirus software. See also: How to prevent false positive virus alarms on my software?

Imagine that for every false positive they show, you are losing a potential customer. Perhaps we can team up against such antivirus products and make them more careful about false positive alerts, even to get some revenue for the sales we lose because of them.

0
Nov 21 '10 at 12:13
source share


More articles:


All Articles