C# 应用程序被检测为病毒
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20168/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
C# application detected as a virus
提问by Justin Bennett
Regarding the same program as my question a few minutes ago... I added a setup project and built an MSI for the program (just to see if I could figure it out) and it works great except for one thing. When I tried to install it on my parent's laptop, their antivirus (the free Avast Home Edition) set off an alarm and accused my setup.exe of being a Trojan.
几分钟前,关于与我的问题相同的程序......我添加了一个设置项目并为该程序构建了一个 MSI(只是为了看看我是否能弄清楚),除了一件事外,它运行良好。当我试图将它安装在我父母的笔记本电脑上时,他们的防病毒软件(免费的 Avast Home Edition)触发了警报并指责我的 setup.exe 是木马。
Does anyone have any idea why this would be happening and how I can fix it?
有谁知道为什么会发生这种情况以及我该如何解决?
采纳答案by jsight
Indeed, boot from a clean CD (use a known good machine to build BartPEor something similar) and scan your machine thoroughly. Another good thing to check, though, would be exactly which virus Avast! thinks your program is. Once you know that, you should be able to look it up in one of the virus databases and insure that your software can't contain it.
实际上,从干净的 CD 启动(使用已知良好的机器来构建BartPE或类似的东西)并彻底扫描您的机器。但是,另一个需要检查的好事情是 Avast 到底是哪种病毒!认为你的程序是。一旦知道这一点,您应该能够在其中一个病毒数据库中查找它并确保您的软件无法包含它。
The odds are that Avast! is just getting a false positive for some reason, and I don't know that there's much you can do about that other than contacting Avast! and hoping for a reply.
很有可能是 Avast!只是由于某种原因得到了误报,我不知道除了联系 Avast 之外,您还有什么可以做的!并希望得到答复。
回答by Greg Hurlman
The very first thing to do would be to scan your build PC for viruses.
首先要做的是扫描您的构建 PC 是否有病毒。
回答by Chris Miller
I would do what jsight suggested and make sure that your machine did not have a virus. I would also submit the .msi file to Avast's online scannerand see what they identified as being in your package. If that reports your file as containing a trojan, contact Avast and ask them to verify that your .msi package does contain a trojan.
我会按照 jsight 的建议进行操作,并确保您的机器没有病毒。我还会将 .msi 文件提交给Avast 的在线扫描仪,并查看他们在您的包裹中识别出的内容。如果报告您的文件包含木马,请联系 Avast 并要求他们验证您的 .msi 包是否包含木马。
If it doesn't contain a trojan, find out from Avast what triggered their scanner. There may be something in your code that matches a pattern that Avast looks for, They may be able to adjust their pattern to ignore your file or you could tweak your code so that it doesn't trigger their scanner.
如果它不包含特洛伊木马程序,请从 Avast 找出触发其扫描程序的原因。您的代码中可能有某些内容与 Avast 寻找的模式相匹配,他们可能能够调整他们的模式以忽略您的文件,或者您可以调整您的代码以使其不会触发他们的扫描程序。
回答by jl23x
I don't know “Avast”, but in Kaspersky if the configuration is set to high almost every installer fires an alarm (iTunes, Windows Update, everything) especially if the installer modify some registry key or open a port. If avast checks for behavior and your program open a port probably that's be the cause.
我不知道“Avast”,但在卡巴斯基中,如果配置设置为高,几乎每个安装程序都会触发警报(iTunes、Windows 更新等),尤其是在安装程序修改某些注册表项或打开端口时。如果 avast 检查行为并且您的程序打开了一个端口,这可能就是原因。
回答by DavidWhitney
Rebuild the setup file, check the exact file size. Check the exact file size of the "suspected" setup file.
重建安装文件,检查确切的文件大小。检查“可疑”安装文件的确切文件大小。
If the source code hasn't changed and the two file sizes are different, there's a pretty good chance it got contaminated in transit.
如果源代码没有改变并且两个文件大小不同,那么它很有可能在传输过程中受到污染。
I'd do that as a bit of a sanity check first.
我会先做一个健全的检查。
