Re: [Tinycc-devel] Fwd: Virus detected in Windows programs made bytcc.

[grischka]

> On Wed, Apr 2, 2008 at 9:46 AM, Daniel King wrote:
> 
> > I checked out the latest revision of tinycc and compiled successfully
> > with MinGW gcc 4.3.0. But virus detected by my Symantec AntiVirus when
> > I compiled hello_win.c. hello_win.exe can be fired if I disable the
> > Symantec AntiVirus.

> I think the AV applications dectect the virus may be use simple algorithm
> like just analysing the PE header for a particular signature.
> 
> Anyway, we need to check the PE output code.
> 

Well, I know TCC leaves some fields in the PE header empty, but other
linkers do too.

Also for tcc.exe itself compiled with TCC that website (below) reports OK.
Maybe it is just some pattern in the hello_win example or because it is 
so small.

--- grischka

> On Wed, Apr 2, 2008 at 9:46 AM, Daniel King wrote:
> > I checked out the latest revision of tinycc and compiled successfully
> > with MinGW gcc 4.3.0. But virus detected by my Symantec AntiVirus when
> > I compiled hello_win.c. hello_win.exe can be fired if I disable the
> > Symantec AntiVirus.
> > The virus' name is Trojan.Peacomm.D.
> > I upload the exe to http://virusscan.jotti.org/. Here was the result:
> >
> > Scan taken on 01 Apr 2008 05:39:29 (GMT)
> > A-Squared  Found nothing
> > AntiVir  Found nothing
> > ArcaVir  Found Worm.Zhelatin.Uq
> > Avast  Found nothing
> > AVG Antivirus  Found nothing
> > BitDefender  Found Trojan.Agent.AGOL
> > ClamAV  Found Trojan.Dropper-3840
> > CPsecure  Found Troj.Dropper.W32.Small.auj
> > Dr.Web  Found nothing
> > F-Prot Antivirus  Found nothing
> > F-Secure Anti-Virus  Found nothing
> > Fortinet  Found nothing
> > Ikarus  Found Email-Worm.Win32.Zhelatin.uq
> > Kaspersky Anti-Virus  Found nothing
> > NOD32  Found nothing
> > Norman Virus Control  Found nothing
> > Panda Antivirus  Found nothing
> > Rising Antivirus  Found nothing
> > Sophos Antivirus  Found Mal/Dorf-I
> > VirusBuster  Found nothing
> > VBA32  Found nothing
> >