Thread: my c++ project deleted by Trend Micro Antivirus! :O

  1. #1
    Registered User
    Join Date
    Mar 2012
    Posts
    34

    my c++ project deleted by Trend Micro Antivirus! :O

    Hi all,

    i compile my c++ program it was 700KB and i want it smaller not more than 400KB.. i searched the web google and find many EXE Compressor programs

    everyone that i used Trend Micro cached like a virus.. the best program called ASPack V2.28:
    Software protection download
    http://www.aspack.com/files/aspack228.zip

    but also Trend think it is a virus.. when asked in google they said Trend think it a virus because you compressed it.. is it problem?

    ok anyone know a program compress c++ exe files without warning?
    help please

  2. #2
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,413
    UPX? Anyway, do you really need this requirement? A difference of 300 KB does not seem particularly earth shattering these days.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  3. #3
    Master Apprentice phantomotap's Avatar
    Join Date
    Jan 2008
    Posts
    5,108
    O_o

    I'm going to go out on a limb and say you downloaded a patched copy of ASPack that is infected with a malicious loader.

    Soma

  4. #4
    Registered User
    Join Date
    Mar 2012
    Posts
    34
    Thanx allot laserlight.. u made me sad in my last thread.. now thanxfull
    yes i need it really..
    I used it UPX 3.08w.. but

    still saying infected when compressed it.. its TrendMicro 9.200
    anyway to encrypt from TrendMicro ? or reslove it?

  5. #5
    Registered User
    Join Date
    Mar 2012
    Posts
    34
    Quote Originally Posted by phantomotap View Post
    O_o

    I'm going to go out on a limb and say you downloaded a patched copy of ASPack that is infected with a malicious loader.

    Soma
    no it's not.. because antivirus be quiet till compressed it saying infected.. the ASPack is clean

  6. #6
    Master Apprentice phantomotap's Avatar
    Join Date
    Jan 2008
    Posts
    5,108
    Get a "better" virus locker?

    Soma

  7. #7
    Registered User
    Join Date
    Mar 2012
    Posts
    34
    Quote Originally Posted by phantomotap View Post
    Get a "better" virus locker?

    Soma
    My project is a shareware.. am not doing it just for myself
    friends and others may use it

    they would think i shared a virus..

  8. #8
    Master Apprentice phantomotap's Avatar
    Join Date
    Jan 2008
    Posts
    5,108
    If you are putting a binary online for technology savvy users to download you need a Jotti certificate of something similar.

    Soma

  9. #9
    Registered User
    Join Date
    Mar 2012
    Posts
    34
    than you SOMA
    any way to compress it in c++ ?

  10. #10
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    "If it uses a packer, it's malware."

    The above heuristic is about 99.999% accurate. You should be happy your anti-virus has this rule, it protects you from a vast number of terrible things.

    Don't use packers. Even the "professional" ones are used almost exclusively by bad guys.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  11. #11
    Master Apprentice phantomotap's Avatar
    Join Date
    Jan 2008
    Posts
    5,108
    You have a point in bringing up "Better safe than sorry!" but everything else is unnecessary "FUD".

    For the virus control software to do the job it was designed to do it has to inspect the real executable code for different bits. If the real executable code is compressed via a packer then part of the job is unpacking the real executable code. The algorithms and extra structures used by most major executable packers are well documented and widely available. For custom made packers or those using encryption layered over a packer the virus software needs to run the executable in a debugging layer or isolation mechanism of some kind.

    Again, I agree with the "Better safe than sorry!" concept, but if the "Trend Micro" software can't recognize a virus free file simply because it is packed with "UPX" (I know for certain that "Trend Micro" has the logic to unpack "UPX" files.) I wouldn't expect it to be able to recognize a file carrying a virus.

    Saying "If is uses a packer it should mark it as a virus to be on the safe side." is flawed from the outset; if the virus control software isn't capable of looking at or at least isolating the real executable code hiding beneath a packer with a known implementation it can't be trusted to look at any executable and determine if a file carries a virus.

    So, yeah, "Better safe than sorry!" is spot on; when your virus software can't look underneath a packer it can't be trusted so "Better safe than sorry!" here means installing different virus control software.

    And, I am well aware that no virus control software is perfect, but protected installers for "Windows" that use a signed packer to decompress certain files are common as dirt. If "UPX" confuses "Trend Micro" I can't imagine that it knows what to do with these installers beyond screaming "Virus!" just in case.

    Soma

  12. #12
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Both ASpack and UPX use techniques like IAT obfuscation and anti-debugging mechanisms which have absolutely nothing to do with compressing your executable, and everything to do with making the packer itself more difficult to reverse engineer. The packers are designed this way because the people making the packers know damn well who uses them and what they need.

    This is an arms race. On the other side, we have continuous advances in automated unpacking, such as W-X tracing. In turn, the packers invent more elaborate techniques to annoy the auto-unpackers, such as VM multi-mapping. You're kidding yourself if you think any of this has to do with providing the simple service of compressing executable files.

    Yeah, I work in this space.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  13. #13
    Master Apprentice phantomotap's Avatar
    Join Date
    Jan 2008
    Posts
    5,108
    Yeah, I work in this space.
    I don't care, but if true you should know better.

    Saying "About 99.999% of packed binaries are malicious." is "FUD". There is no argument to made for your statements.

    Look at this thread as an example; we have someone who clearly isn't all that savvy talking about how his virus control software flagged his own code as a virus. Is he going to continue to trust that software? Maybe. It will cause problems.

    I've gotten tons of "tickets" because some code I wrote was flagged as a virus. Why? Because it was game and I didn't want people cheating. I used the many of those same techniques to protect the binary copy on disc. Some people stopped trusting me because of the virus control software did not do its job. Other people stopped trusting the virus control software which resulted in infections.

    I'm all for warning people about the realities of the many, many jerks who want to cause harm. Spreading "FUD" about malicious code works for those jerks. You want to work against them don't spread "FUD"; it sends absolutely the wrong message in every conceivable way.

    [Edit]
    *shrug*

    Actually, you know what? Everything you said only serves to prove my point.

    You say it is an arms race? Okay. Then I have to ask, how much better could my advice of "Get new software if your current virus control software can't do its job." be?
    [/Edit]

    Soma
    Last edited by phantomotap; 04-27-2012 at 09:16 PM.

  14. #14
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,130
    i compile my c++ program it was 700KB and i want it smaller not more than 400KB
    This is a requirement that doesn't make any sense. 15 years ago, I would have understood packing something below 1.44mb. 10 years ago, packing something below 600mb would have been normal. Today... even packing something to fit into 9gb is hardly done anymore. There is only one scenario in which I can see packing executable code and I'm quite happy that a virus scanner will flag it.
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

  15. #15
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by phantomotap View Post
    Saying "About 99.999% of packed binaries are malicious." is "FUD". There is no argument to made for your statements.
    That is not what I said. I said that in the vast majority of cases the heuristic makes the correct decision. It is about the rate of dissemination, not the proportion.

    A possibly ridiculous example: People either wear a white shirt (not packed) or a black shirt (packed). You're in a room with 33 people who are "good" and who wear white shirts. There are another 33 people who are "good" and who wear black shirts. And another 33 people who are "bad" and wear black shirts. Everybody moves about randomly in the room, but "bad" people run while the rest walk slowly. You will bump into people. If you bump into somebody wearing a white shirt, the chance of them being bad is 0, as no bad guys wear white shirts. If you bump into somebody wearing a black shirt, you might first think the chance of them being bad is only 50%, but it is actually greater than that, because the bad guys are moving faster and thus you bump into them more frequently. Therefore "black shirt == bad" is a better heuristic than "black shirt == good," even though there are equal numbers of good and bad who wear black shirts.

    Sorry if I upset you somehow. It seems like you have had bad experiences where anti-malware software has caused you actual problems. I assure you that I don't work for an anti-virus company or any such thing, I just have experience with this in the context of a specific piece of software for which I am responsible for security, and I am just calling it as I see it. My view of the topic is necessarily a windowed one.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. 8051 micro controller programming
    By vineeth v s in forum C Programming
    Replies: 4
    Last Post: 07-19-2011, 10:08 AM
  2. Micro-controller programming basics.
    By audiofish in forum C Programming
    Replies: 4
    Last Post: 03-26-2011, 09:38 AM
  3. Micro seconddelays
    By aspirantnew in forum C Programming
    Replies: 2
    Last Post: 03-01-2006, 12:20 PM