Malwarebytes gives trojan warning for basic C# "Hello World!" program - c#

Basically, I just ran a scan of my computer with Malwarebytes (updated the definitions before running), and it said my "helloworld" program written in C# has a trojan.
I know for a fact this is a false positive, as I only wrote the program 2-3 days ago and followed a small tutorial website to make the program that I trust. I am new to C#, but I can't see anything that would give a trojan warning at all.
The program flags the executable, but not the source file.
using System;
namespace HelloWorldApplication
{
class HelloWorld
{
static void Main(string[] args)
{
Console.WriteLine("\n\tHello World!");
Console.WriteLine("This is my first C# program.\nI'm so proud of myself!");
Console.WriteLine("\tTeehee!");
}
}
}
This is the code, written in Notepad++, and it is run from the command-line (Cygwin, actually). Why does it flags this? Is it something that, as a budding C# programmer, I should know about?

The problem could be that the Backdoor.MSIL.PGen Trojan is typically called 'hello.exe'. The name of your executable is presumably 'hello.exe' or 'helloworld.exe'.
Just rename your project or change the output executable to something not containing 'hello', and it should stop detecting it.
This answer is somewhat speculative, but given the name of your project, and a history of over-aggressive detection of this malware (see here), it seems a reasonable stab.

The answer by Baldrick is likely correct, but there is also another possibility: There are viruses which search for random executables on the system and modify them by inserting their own code into them (this is, in fact, the original definition of "computer virus"). When you find that an executable which you know is trustworthy suddenly is reported as infected, you might be dealing with such a virus.
But unless your virus scanner reports other executables as the same virus, this is unlikely.

I just figured this out: change the "Guid" in AssemblyInfo.cs a little, then try again.
That worked for me.

Related

Mono cannot access file even though linux shell can without root

this might be a wrong place to ask this (but I think its right place since it involves programming).
So I got a raspberry pi zero for our school project. I SSH'd into it to check out what it can do with it. I made some research about how to use the GPIO pins on this card.
Basically:
$ echo 17 > /sys/class/gpio/export
$ echo out > /sys/class/gpio/gpio17/direction
$ echo 1 > /sys/class/gpio/gpio17/value
$ echo 17 > /sys/class/gpio/unexport
Enables GPIO pin 17 and writes digital 1 into it and 'unexport's it, no root is needed.
I also wanted to try out some of the languages in this card. I tried python, C# and Rust without a problem (even though rust compiles very slow, it works). So I started using my favourite language C# with mono. Installing it and compiling a basic program wasn't a big deal, It works.
So I write this:
using System;
using System.IO;
namespace Program
{
public static class Program
{
public static void Main()
{
if (Directory.Exists("/sys/class/gpio/gpio17/"))
File.WriteAllText("/sys/class/gpio/unexport", "17");
File.WriteAllText("/sys/class/gpio/export", "17");
File.WriteAllText("/sys/class/gpio/gpio17/direction", "out");
File.WriteAllText("/sys/class/gpio/gpio17/value", "1");
}
}
}
Basically, if it finds the 17 pin open, 'unexport' it then re-export it, set as output and write digital 1.
Compilation:
mcs program.cs -out:program.exe -debug && ./program.exe
Output:
Unhandled Exception:
System.UnauthorizedAccessException: Access to the path "/sys/class/gpio/gpio17/direction" is
denied.
What? How? It works with sudo mono ./program.exe and no it doesn't with mono ./program.exe
Sure, I can always use wiringPi or python but I am curious about this one and couldn't find an answer. It doesn't make sense to me. /sys/class/gpio/gpio17 is a symbolic link and I tried to access to original path too with no luck.
What might be the problem here?
Guesses:
You unexport it first, then export it and immediately access it, I had in the past several time problems on some OS e. g. deleting a file and immediately creating it again, add a waiting time (not really clean code, but if it works)
check the difference of the files/folders with linux command "ls -la" or more
call the shell command, that worked, from C# via e. g. Process class
Some few times Mono did not work like C# on Windows, a workaround had to be found
try to open a stream to these files and leave them open? Or even a pipe is possible to these files?

Looking to launch a local exe on a remote machine without having the resurces on the remote machine

So I have built some code, it's quite simple basically it stops all active input from keyboard and mouse until a text file of a certain name appears in the C:\Temp directory. It also has a manifest file to run it as administrator on start up.
So I found something that on the surface looks like it fulfils my needs of being able to do this task however upon running it I found out that the project has been compiled in x86 and does not run on my x64 machine. Here is the reference to the project if anyone would like to look into it, it's a very smartly designed piece of code that does an interesting objective. It also explains clearly enough what I am trying to accomplish.
So after implementing this (and failing) I have setup a couple other avenues to try, one is VBA through excel with the VBA copying itself to and from the machines in a list and running itself, then there is using VBS to write the entire code as a txt file on the target machine change the extension and then execute it remotely. I have just started researching these but I imagine the problems of running as an administrator amongst other things will crop up again to be dealt with. To be honest though I would really prefer to do this in C# only as that is the language I'm trying to go further in so I'm interested in this challenge. If anybody knows of a similar library of code or application I could look into to achieve what I'm trying I would appreciate being pointed in the right direction.
I would try and be more specific about what libraires/API's im trying to implement but the truth is I don't know what libraries I need to even interact with to get what I want. My goal is to have C# executable code on my machine and a tool that can run that executable on another machine.
Thanks
Thanks to the help in comments from #Nick.McDermaid I was able to correctly open and build the project I was trying to download. Unsure what caused the issue previously with me not being able to open and interact with the code but now I have it I shall pursue this avenue further to accomplish my goal.
As an addendum one other avenue I tried for executing code remotely was through VBS where I used
set svcproc=getobject("winmgmts:{impersonationLevel=impersonate}!\\"&MachineName & "\root\cimv2:win32_process")
scmd="""C:\Program Files\Internet Explorer\iexplore.exe"" -framemerging ""https://gifyu.com/images/Boo-Ghost-Gif.gif"""
'scmd="C:\Windows\notepad.exe"
iret=svcproc.create(scmd,null,null,pid)
set svcproc=nothing
to execute something that existed on the remote machine but I ran into a LOT of security policy issues where I could launch the process but I couldn't bring it to the foreground as the Malware tracker on the machine thought it was an attack and quashed it immediately.

Does not contain a static 'Main' [BUT IT DOES?]

I'm following quill18creates C# tutorial series on youtube. I'm on video #3, where we start discussing classes and the main.cs script to execute code.
I've copied his example verbatum and started the project EXACTLY as he did in xamarin studio but no matter what, the compiler does not seem to want to accept the code.
Code:
using System; // We need the standard .NET library for many things
namespace DodgeGame
{
class DodgeGameMain
{
static void Main()
{
}
}
}
C:\Users\Aspen\Documents\Projects\DodgeGameSolution\DodgeGame\CSC:
Error CS5001: Program does not contain a static 'Main' method suitable
for an entry point (CS5001) (DodgeGame)
I've noticed that his Xamarin Studio is detecting a "document outline" while mine just says "an outline is not available for the current document". I've tried to save as. the file but that didn't change a thing. So what's going on?
You'll notice from this pic it's not displaying the class in green either:
Change the Output Type under the Project > Properties to that of a “Class Library”. By default, this setting may have been set to a “Console Application”.
OKAY! So props to Victor Leontyev for suggesting to make a clean solution.
I exited, deleted the project. Remade it and this time upon creating the empty file, I checked "add to project" this time. It was off by default for some reason and wasn't even an option at the time the tutorial was made.
This solved all the problems and copy/pasting the code back in seemed to find the classes and compile correctly. A very simple oversite that caused so many problems. Doh'

Showing help for a command-line utility

I have a command-line utility that gets quite a bit of downloads from my site. I'm trying to show the usage when a user uses the /? or /help parameters. I have a function called ShowUsage() that has nicely formatted text on the parameters available.
I see that ShowUsage() gets called fine from Visual Studio 2008, when I'm using the command-line parameters in the project properties. However the exe does not display the help text when run from the command-line. Here's a shortened version of ShowUsage():
private static void ShowUsage()
{
Console.WriteLine(Environment.NewLine);
Console.WriteLine("Text File Splitter v1.4.1 released: December 14, 2008");
Console.WriteLine("Copyright (C) 2007-2008 Hector Sosa, Jr");
Console.WriteLine("http://www.systemwidgets.com");
Console.WriteLine("");
}
I tried a bunch of different things from my searches in Google, but none are working. I know this has to be something simple/easy, but for the life of me, I can't figure this one out.
EDIT:
The code that calls ShowUsage():
if (!Equals(cmdargs["help"], null) || !Equals(cmdargs["?"], null))
{
ShowUsage();
}
I have a class that parses the parameters into the cmdargs array. I confirmed that the parameters are in the array. It's something inside ShowUsage() that is preventing from showing the text.
I'm going to try the debug trick, and see what I find.
I'm not using Console.Out anywhere.
d03boy - Just personal preference. It makes the text less cluttered onscreen, at least to me.
EDIT #2
Ok, some more information... I'm running VS2008 in Vista Ultimate 64 bit. I just check the project properties and it is set to "Windows Application." This utility is 32 bit.
I'm going to experiment with creating a separate project in the solution that is a true console program, as some of you have advised.
Can you define "not working"? Simply not doing anything? Throwing an exception? I would expect the problem to be in the Main(...) method - i.e. ShowUsage() isn't being called. Another common issue is not rebuilding it in the correct configuration, so bin/release (or whatever) isn't updated.
Have you built the app as a console exe? i.e. is the "Output Type" = "Console Application" in project properties? It needs to be in order to access the console...
For info, I find the easiest way to do a console help screen (once it gets beyond a handful of lines) is to embed a .txt file into the exe; then I just write out the text file (perhaps still using string.Format if I want to replace tokes).
Alternatively, there is the alternative string format:
Console.WriteLine(#"
Text File Splitter v1.4.1 released: December 14, 2008
Copyright (C) 2007-2008 Hector Sosa, Jr
http://www.systemwidgets.com
");
Are you redirecting Console.Out to somewhere else?
Try throwing a System.Diagnostics.Debugger.Launch() in the ShowUsage method so you can see if it's getting hit at runtime.
Can you reproduce the issue with a simple exe, only accepting those help parameters?

C# application detected as a virus

Regarding the same program as my question a few minutes ago... I added a setup project and built an MSI for the program (just to see if I could figure it out) and it works great except for one thing. When I tried to install it on my parent's laptop, their antivirus (the free Avast Home Edition) set off an alarm and accused my setup.exe of being a Trojan.
Does anyone have any idea why this would be happening and how I can fix it?
Indeed, boot from a clean CD (use a known good machine to build BartPE or something similar) and scan your machine thoroughly. Another good thing to check, though, would be exactly which virus Avast! thinks your program is. Once you know that, you should be able to look it up in one of the virus databases and insure that your software can't contain it.
The odds are that Avast! is just getting a false positive for some reason, and I don't know that there's much you can do about that other than contacting Avast! and hoping for a reply.
I would do what jsight suggested and make sure that your machine did not have a virus. I would also submit the .msi file to Avast's online scanner and see what they identified as being in your package. If that reports your file as containing a trojan, contact Avast and ask them to verify that your .msi package does contain a trojan.
If it doesn't contain a trojan, find out from Avast what triggered their scanner. There may be something in your code that matches a pattern that Avast looks for, They may be able to adjust their pattern to ignore your file or you could tweak your code so that it doesn't trigger their scanner.
I don’t know “Avast”, but in Kaspersky if the configuration is set to high almost every installer fires an alarm (iTunes, Windows Update, everything) especially if the installer modify some registry key or open a port.
If avast checks for behavior and your program open a port probably that’s be the cause.
Rebuild the setup file, check the exact file size.
Check the exact file size of the "suspected" setup file.
If the source code hasn't changed and the two file sizes are different, there's a pretty good chance it got contaminated in transit.
I'd do that as a bit of a sanity check first.
The very first thing to do would be to scan your build PC for viruses.

Categories