CopyFile() Reports a False Positive (Trojan)
CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 3 of 3

Thread: CopyFile() Reports a False Positive (Trojan)

  1. #1
    Join Date
    Jun 2009
    Posts
    65

    CopyFile() Reports a False Positive (Trojan)

    Well, I was making a standalone app (I almost always make stand-alones) when I thought it'd be cool to add a Save App option.

    I used the CopyFile() function to copy the running exe to another exe depending upon the user's choice. As it turns out Kaspersky Antivirus is flagging my app as trojan (wth?!).

    I found out when I comment out the CopyFile() code, it's marked as clean but upon adding the CopyFile() it's again flagged as trojan.

    I wanna know is there any workaround for this (I hate my formatting app being framed as a trojan) or it should be reported to the antivirus?

    I'm pretty well aware it's a trojan-like (or worm-like) activity to be copying itself, but what if I want to treat my standalone as a file being able to save copies on a Flash Drive or something.
    AFAIK trojan's copy their binary data over other files header while I'm just simply copying the file.

    Any help is appreciated.

    Regards,
    Nisheeth Barthwal

  2. #2
    Join Date
    Apr 1999
    Posts
    27,424

    Re: CopyFile() Reports a False Positive (Trojan)

    Quote Originally Posted by nbaztec View Post
    I wanna know is there any workaround for this (I hate my formatting app being framed as a trojan) or it should be reported to the antivirus?

    I'm pretty well aware it's a trojan-like (or worm-like) activity to be copying itself, but what if I want to treat my standalone as a file being able to save copies on a Flash Drive or something.
    I think the issue is that the file you're copying is not just a mere data file -- it is an executable being copied to another executable (a running executable at that).
    AFAIK trojan's copy their binary data over other files header while I'm just simply copying the file.
    Yes, AFAYK (As Far As You Know), these are the only ways. But are you sure? Who knows what trojans are doing now to be malicious?

    Just go to Kasperskey and try to convince the people there that you are not doing something malicious. They are the experts, let them hear what you're trying to accomplish.

    Regards,

    Paul McKenzie

  3. #3
    Join Date
    Mar 2011
    Posts
    46

    Re: CopyFile() Reports a False Positive (Trojan)

    Try copying the file to something innane like a ".dat" file then try renaming after see if they really are good at monitoring.

    The reason it may work is it would have to link the two actions you copying then you renaming the same file which is not that trivial given the two events may be well seperated.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Azure Activities Information Page

Windows Mobile Development Center


Click Here to Expand Forum to Full Width

This is a CodeGuru survey question.


Featured


HTML5 Development Center