Page 1 of 2
(fixed)avast says my program is a virus :S WTF???
Posted: Tue Oct 06, 2009 2:05 am
by Lil Margin
Avast Fixed it 
Hey,
I wanted to try irrlicht 1.6 for a spin and was working my way off...and as i usally do i test my program every 10 seconds and this is my code
#include <irrlicht.h>
using namespace irr;
using namespace core;
using namespace scene;
using namespace video;
using namespace io;
using namespace gui;
#ifdef _IRR_WINDOWS_
#pragma comment(lib, "Irrlicht.lib")
#pragma comment(linker, "/subsystem:windows /ENTRY:mainCRTStartup")
#endif
int main(int argc, char** argv)
{
IrrlichtDevice *device =
createDevice( video::EDT_SOFTWARE, dimension2d<u32>(640, 480), 16,
false, false, false, 0);
IVideoDriver* driver = device->getVideoDriver();
ISceneManager* smgr = device->getSceneManager();
IGUIEnvironment* guienv = device->getGUIEnvironment();
IAnimatedMesh* sidmes = smgr->getMesh("../../media/sydney.md2");
IAnimatedMeshSceneNode* sidnode = smgr->addAnimatedMeshSceneNode( sidmes );
IAnimatedMesh* ninjmes = smgr->getMesh("../../media/ninja.b3d");
IAnimatedMeshSceneNode* ninjnode = smgr->addAnimatedMeshSceneNode( ninjmes );
if (sidnode)
{
sidnode->setMaterialFlag(EMF_LIGHTING, false);
sidnode->setFrameLoop(0, 310);
sidnode->setMaterialTexture( 0, driver->getTexture("../../media/sydney.bmp") );
}
if (ninjnode)
{
ninjnode->setMaterialFlag(EMF_LIGHTING, false);
ninjnode->setMaterialTexture( 0, driver->getTexture("../../media/lastfuckingtest.bmp") );
}
smgr->addCameraSceneNodeFPS();
while(device->run())
{
driver->beginScene(true, true, SColor(0,200,200,200));
smgr->drawAll();
guienv->drawAll();
driver->endScene();
}
device->drop();
return 0;
}
while linking avast goes "wooooooo wooooooo wooooo a virus has been detected"
and it sayed it was a Win32:Tibia-AD [Trj]
why does it do that
Posted: Tue Oct 06, 2009 2:24 am
by Alpha Omega
Norton did that to me because i had a [] in the name. Maybe avast is just pro and sees that your subconsciously writing malicious software illusively disguised as Irrlicht code?? If that is the case one would have to justify the indefinite paradox of which is greater, the computer or the virus it created?
Posted: Tue Oct 06, 2009 2:42 am
by Josie
You know, if it's your code you're compiling, and you're using libraries that you've built yourself (or you're sure came from a reliable source, like irrlicht's repo ), then you usually can just tell the av to shove it- Your exe is fine- You didn't write a virus in it, therefore it isn't one.
Posted: Tue Oct 06, 2009 3:12 pm
by d3jake
The problem then lies later when the exe is distributed. Then that user may not know that it is not intended to be a virus.
I dunno what may be causing the detection...
Posted: Tue Oct 06, 2009 3:37 pm
by randomMesh
Lil Margin wrote:lastfuckingtest
If i was Avast, i would have complained too.
Posted: Tue Oct 06, 2009 4:02 pm
by Lil Margin
lmao i was really pissed at that time and i named the .bmp that XD
Posted: Tue Oct 06, 2009 4:30 pm
by sRc
I see you posted it on the Avast forum too, and they're fixing it. and you're not so little there as you are here
anyway, a lot of trojan detection works, because trojans can be packaged in so many different ways, by heuristics. it examines and if it sees something that seems to match something in the database, it will trigger, but that also means there can be a good amount of false positives as well. things written in Delphi specifically are notorious for triggering false positives, just because of the way the Delphi compiler works. you just need to provide them a sample to show there is no infection, and they can update and improve their heuristics detection appropriately
Posted: Tue Oct 06, 2009 4:42 pm
by Lil Margin
I see you posted it on the Avast forum too, and they're fixing it. and you're not so little there as you are here Laughing
lmao, hahahahaha that one made my day
Posted: Tue Oct 06, 2009 7:05 pm
by bitplane
Zip the file up in a password protected archive, then send it to Avast and give them the password. Next time you get an antivirus update they will have fixed the definitions.
Posted: Tue Oct 06, 2009 8:02 pm
by Lil Margin
hmmm my avast updated and i went to try it out and i got thesame report...hmmm, i wait for another update then
Posted: Tue Oct 06, 2009 10:14 pm
by sRc
it might take a few days
Posted: Wed Oct 07, 2009 3:15 am
by Josie
Yeah. They generally tend to take their time, but false positives are important for them- it hurts their reputation more than missing some viruses.
Posted: Wed Oct 07, 2009 11:12 pm
by Lil Margin
this got solved, in the last update from today wich was on october 7 2009
Posted: Thu Oct 08, 2009 12:34 am
by Repgahroll
BTW... from now on, will any similar code not be detected as virus? (for example, other similar irrlicht app)
Or that solution only works for your specific program?
BTW(2), i don't use antivirus under Windows and i never got any kind of virus
not even a simple adware.
I just don't browse porn(under windows
), don't run binaries that i don't know, keep my system updated, and use a decent firewall (the windows (XP) built-in one sucks).
It's good to see you got your problem solved.
Posted: Thu Oct 08, 2009 5:40 am
by Sylence
Repgahroll wrote:BTW(2), i don't use antivirus under Windows and i never got any kind of virus
not even a simple adware.
How can you say you haven't got any virus when you don't have a program that would tell you otherwise?