Thread: Is there a virus in codeblocks or dev C++

  1. #1
    Registered User
    Join Date
    Jul 2014
    Location
    Central Arizona
    Posts
    61

    Is there a virus in codeblocks or dev C++

    I've only been using Code::Blocks with the mingw compiler since February of this year. I'm just a beginner and have only written a few simple programs in C++. A couple of weeks ago I uploaded a class from google to see if I could learn a bit more from them. I don't remember how this happened but somehow one of the files I was using opened with a dev C++ window. A few days later I began getting a virus signal from Norton 360 that there was a Sape Heur 1950 virus in one of my C++ programs.

    I ran a full scan and it only found some tracking cookies. A few days passed and I got the same report on another C++ program. I looked at a few other of my C++ programs and I got the same signal on about half of them. The other half ran just fine. Worried that either Code::Blocks or Dev C++ were infected I delete both from my PC.

    I've tried to upload Code::Blocks again and it keeps getting blocked by Norton 360. Since then I have been on the Norton website to make sure I don't have a virus on my PC. But none are reported.

    I don't know if either of these IDE have a virus problem or not.
    Can anyone give me some ideas on what to do next, I want to keep learning C++, but I need another (free) IDE or compiler to use.

  2. #2
    Registered User MutantJohn's Avatar
    Join Date
    Feb 2013
    Posts
    2,665
    I doubt codeblocks has a virus, tbh.

    It's Windows, who knows how you got a virus?

  3. #3
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    27,159
    Sometimes antivirus programs give false positives for programs that you compile. If your Code::Blocks installation itself is okay, and given that you know that the source code that you are compiling is not that of a virus, then you can reasonably mark your resulting executable as exempted from the antivirus.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  4. #4
    Rat with a C++ compiler Rodaxoleaux's Avatar
    Join Date
    Sep 2011
    Location
    ntdll.dll
    Posts
    203
    Not saying you do but, if you have Windows Vista, it's not your program that has a virus. Your entire OS is an interactive virus.
    How to ask smart questions
    Code:
    DWORD dwBytesOverwritten;
    BYTE rgucOverWrite[] = {0xe9,0,0,0,0};
    WriteProcessMemory(hTaskManager,(LPVOID)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtQuerySystemInformation"),rgucOverWrite,5,&dwBytesOverwritten);

  5. #5
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    Quote Originally Posted by Rodaxoleaux View Post
    Not saying you do but, if you have Windows Vista, it's not your program that has a virus. Your entire OS is an interactive virus.
    Don't be silly.

    Btw, this kind of stuff belong more in Tech Board since it isn't related to C++ (the language) at all.

    Another thing to do, just to be safe, is to take a look at all running processes, DLLS and services. If you don't recognize them and can exclude them, take at a look at the company and the digital signature. Does it have a signature? Is it valid? Do you know the company? If you trust the company and the signature is valid, you can probably trust the process. If the signature is invalid or missing, then purge the program or files unless you are REALLY sure you can trust it. Do the same for any DLL files that might be loaded into memory. I would recommend you to use Sysinternals autoruns to get this information. It shows DLLs injected into every program, as well as other things.
    Last edited by Elysia; 10-30-2014 at 02:42 PM.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  6. #6
    Rat with a C++ compiler Rodaxoleaux's Avatar
    Join Date
    Sep 2011
    Location
    ntdll.dll
    Posts
    203
    Quote Originally Posted by Elysia View Post
    Don't be silly.
    I can't help it. It's encoded into my DNA.

    On topic though: False positives run rampant with some basic, unoptimized code. I think I remember seeing a post somewhere about a hello world program getting reported as a worm. How they have any of the same behaviour at all or any kind of relevant signatures is beyond me, but I know about as much about heuristics as I know about thermonuclear physics.

    I can't necessarily "recommend" ignoring it considering malware is no laughing matter, but I can say that I myself would ignore it.
    How to ask smart questions
    Code:
    DWORD dwBytesOverwritten;
    BYTE rgucOverWrite[] = {0xe9,0,0,0,0};
    WriteProcessMemory(hTaskManager,(LPVOID)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtQuerySystemInformation"),rgucOverWrite,5,&dwBytesOverwritten);

  7. #7
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    Quote Originally Posted by Rodaxoleaux View Post
    I can't help it. It's encoded into my DNA.
    Then rip it out and replace it with void DNA!
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  8. #8
    Ultraviolence Connoisseur
    Join Date
    Mar 2004
    Posts
    555
    You should read this:
    http://www.ece.cmu.edu/~ganger/712.f...1-thompson.pdf

    If you're getting virus reports "out of the blue" you definitely have malware or something of that kind...unlikely that it's in Code::Blocks or your compiled programs but it is entirely possible.

    The thing about infecting a compiler (as described in the linked paper above) you can inject code into any compiled program that compiler compiles. This means the reading the source code of your own program is not safe, because an infected compiler injects code into it during compilation. It could even detect if you're compiling another compiler and inject a its own code into that compiler so that compiler continues to infect other programs....this means even the source code of the compiler itself is untrustworthy unless compiled with a known trustable compiler (But how can you know that any compiler is not infected already??)

    Unlikely that this is what's happening on your system...but I couldn't help but mention it due to the relation of your problem.

  9. #9
    Registered User
    Join Date
    Jul 2014
    Location
    Central Arizona
    Posts
    61
    Hurray! My Windows 7 PC is clean again. What ever you want to call them (bugs, worms, virus, malware) are no fun!!
    I have no idea how my PC got infected but copying even parts of programs is a worry these days.

    I'm not sure why I was getting a virus report when I only ran the C++ programs I had written earlier. They all worked fine before the bug was detected, and the only input on them was from me, its weird. Then some programs ran just fine and others were infected.

    When I tried to reinstall CodeBlocks with the early version of the MinGW compiler (I think 4.7). My PC kept rejection it, I don't know why. So I decided to try the latest version 4.8.1 and it loaded just fine.

  10. #10
    Registered User
    Join Date
    Jun 2005
    Posts
    6,815
    Quote Originally Posted by papagym177 View Post
    I have no idea how my PC got infected but copying even parts of programs is a worry these days.
    I'm sure, if you think about it, you'll work out why. Any browsing of compromised sites, clicking on links in email, transfers via sneaker-net, installing software, etc will do it. Connecting to the internet with an account that has administrative access (which a lot of people do on windows machines) you're just inviting drive-by malware. Same if you use the "normal" default settings for firewalls and other protective means - which often equate to "convenient for you or the developer and insecure".

    A lot of free software has an additional payload. Heck, I disable automatic updates of Java from Oracle (do manual updates on a regular basis) since the default install leaves an additional payload (browser modification) I don't want. Not technically malware, but still.

    In my experience Code::Blocks, mingw, dev-C++ are among the products not associated with such problems - so far. If you obtain them from a reliable source ....

    Basically, paranoia is the rule for software, documents, etc going on your machine. Assume they are out to get you until you've proven otherwise. If you assume all is okay by default, you'll be bitten eventually.
    Last edited by grumpy; 10-31-2014 at 04:59 PM.
    Right 98% of the time, and don't care about the other 3%.

    If I seem grumpy or unhelpful in reply to you, or tell you you need to demonstrate more effort before you can expect help, it is likely you deserve it. Suck it up, Buttercup, and read this, this, and this before posting again.

  11. #11
    Registered User
    Join Date
    Jul 2014
    Location
    Central Arizona
    Posts
    61
    You brought up some interesting points here Grumpy. I'll certainly disable the automatic updates. Even Adobe and Google will add a lot of unwanted menu items if your not careful.

  12. #12
    Registered User
    Join Date
    Jun 2005
    Posts
    6,815
    Quote Originally Posted by papagym177 View Post
    I'll certainly disable the automatic updates.
    I'm certainly cautious of automatic updates. That doesn't mean they're all bad though - just that the responsibility for your machine is yours, even if every supplier of software you use is well-intentioned and capable. There are some that I do enable (e.g. operating systems, security suites) but that was after satisfying myself that they do reasonable things, and (for example, based on their relevant policies) probably would continue to do so. If you do disable automatic updates, set up a schedule whereby you check for updates manually and apply. Monthly, if not more often.
    Right 98% of the time, and don't care about the other 3%.

    If I seem grumpy or unhelpful in reply to you, or tell you you need to demonstrate more effort before you can expect help, it is likely you deserve it. Suck it up, Buttercup, and read this, this, and this before posting again.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Need help with codeblocks
    By SilverClif in forum Windows Programming
    Replies: 6
    Last Post: 05-24-2011, 05:12 AM
  2. using codeblocks
    By torquemada in forum Tech Board
    Replies: 7
    Last Post: 04-20-2011, 08:57 PM
  3. Codeblocks.
    By Kitt3n in forum C++ Programming
    Replies: 5
    Last Post: 05-16-2010, 01:50 PM
  4. C programming with codeblocks
    By caleb kennedy in forum C Programming
    Replies: 3
    Last Post: 09-25-2009, 08:29 AM
  5. problem with codeblocks
    By gnanasenthil654 in forum C++ Programming
    Replies: 2
    Last Post: 08-10-2009, 02:30 AM