C# application detected as a virus - c#

Regarding the same program as my question a few minutes ago... I added a setup project and built an MSI for the program (just to see if I could figure it out) and it works great except for one thing. When I tried to install it on my parent's laptop, their antivirus (the free Avast Home Edition) set off an alarm and accused my setup.exe of being a Trojan.
Does anyone have any idea why this would be happening and how I can fix it?

Indeed, boot from a clean CD (use a known good machine to build BartPE or something similar) and scan your machine thoroughly. Another good thing to check, though, would be exactly which virus Avast! thinks your program is. Once you know that, you should be able to look it up in one of the virus databases and insure that your software can't contain it.
The odds are that Avast! is just getting a false positive for some reason, and I don't know that there's much you can do about that other than contacting Avast! and hoping for a reply.

I would do what jsight suggested and make sure that your machine did not have a virus. I would also submit the .msi file to Avast's online scanner and see what they identified as being in your package. If that reports your file as containing a trojan, contact Avast and ask them to verify that your .msi package does contain a trojan.
If it doesn't contain a trojan, find out from Avast what triggered their scanner. There may be something in your code that matches a pattern that Avast looks for, They may be able to adjust their pattern to ignore your file or you could tweak your code so that it doesn't trigger their scanner.

I don’t know “Avast”, but in Kaspersky if the configuration is set to high almost every installer fires an alarm (iTunes, Windows Update, everything) especially if the installer modify some registry key or open a port.
If avast checks for behavior and your program open a port probably that’s be the cause.

Rebuild the setup file, check the exact file size.
Check the exact file size of the "suspected" setup file.
If the source code hasn't changed and the two file sizes are different, there's a pretty good chance it got contaminated in transit.
I'd do that as a bit of a sanity check first.

The very first thing to do would be to scan your build PC for viruses.

Related

Looking to launch a local exe on a remote machine without having the resurces on the remote machine

So I have built some code, it's quite simple basically it stops all active input from keyboard and mouse until a text file of a certain name appears in the C:\Temp directory. It also has a manifest file to run it as administrator on start up.
So I found something that on the surface looks like it fulfils my needs of being able to do this task however upon running it I found out that the project has been compiled in x86 and does not run on my x64 machine. Here is the reference to the project if anyone would like to look into it, it's a very smartly designed piece of code that does an interesting objective. It also explains clearly enough what I am trying to accomplish.
So after implementing this (and failing) I have setup a couple other avenues to try, one is VBA through excel with the VBA copying itself to and from the machines in a list and running itself, then there is using VBS to write the entire code as a txt file on the target machine change the extension and then execute it remotely. I have just started researching these but I imagine the problems of running as an administrator amongst other things will crop up again to be dealt with. To be honest though I would really prefer to do this in C# only as that is the language I'm trying to go further in so I'm interested in this challenge. If anybody knows of a similar library of code or application I could look into to achieve what I'm trying I would appreciate being pointed in the right direction.
I would try and be more specific about what libraires/API's im trying to implement but the truth is I don't know what libraries I need to even interact with to get what I want. My goal is to have C# executable code on my machine and a tool that can run that executable on another machine.
Thanks
Thanks to the help in comments from #Nick.McDermaid I was able to correctly open and build the project I was trying to download. Unsure what caused the issue previously with me not being able to open and interact with the code but now I have it I shall pursue this avenue further to accomplish my goal.
As an addendum one other avenue I tried for executing code remotely was through VBS where I used
set svcproc=getobject("winmgmts:{impersonationLevel=impersonate}!\\"&MachineName & "\root\cimv2:win32_process")
scmd="""C:\Program Files\Internet Explorer\iexplore.exe"" -framemerging ""https://gifyu.com/images/Boo-Ghost-Gif.gif"""
'scmd="C:\Windows\notepad.exe"
iret=svcproc.create(scmd,null,null,pid)
set svcproc=nothing
to execute something that existed on the remote machine but I ran into a LOT of security policy issues where I could launch the process but I couldn't bring it to the foreground as the Malware tracker on the machine thought it was an attack and quashed it immediately.

Upgrading Application using InstallShield

This is the situation I have:
I created an installer. It has python scripts, executable, and other file types. In the installer, I run a C# executable as a custom action, after registering the product. The C# executable moves the files into different locations (i.e. a text document will be moved to My Documents). I understand I can do this without the custom actions, but I was not aware of that when I created the installer.
Now, after I have distributed the software, users are running into small bugs. For instance, there is a bad if check in one of the python scripts.
Question Is there a way to fix the portion of the python script/executable/text document that is broken, and simply update those files (without having to redistribute the software to the users, and having them reinstall it)?
A patch probably won't help you. If the locations are fixed within the install, a minor upgrade could do the trick, if you make all the files that need to stay the same "never overwrite" (unless the custom action ignores this, then things might get difficult).
If the locations are determined during the execution of the custom action, or the locations are based on user input during the install, then you have a problem if you haven't saved the location paths (in the registry, for example). I don't think you want a custom action to scan all the drives of the computer just to find the files.
If the files are put in their new locations by the custom action, windows installer probably won't see them as key files and probably won't "repair" them in any scenario. If the fixes are few, you might be better of distributing the files separately with a clear instruction, in stead of spending many hours on a difficult new custom action.
Cheers, B.
I'm sorry, apparently I missed the trigger that you had placed a comment.
If this is this something you would like to know, look at this table. It shows when to use major, minor or small fix (patch).
Hope it helps.
Cheers!
http://helpnet.installshield.com/installshield17helplib/MajorMinorSmall.htm

Visual studio 2010 empties the file on crash

I got a really bad problem while working on visual studio 2010. Accidently the power plug switched off and when I started the computer again the file was completly empty. I tried out following things:
I opened it in notepad and other couple of editors and it was empty.
I then opened it in Hex Editor. Hex editor shows that all bytes are set to 0.
I programatically read the file and it also showd all bytes set to 0.
Checked "Documents\Visual Studio 2010\Backup Files\" for my project and it was empty.
The file size is still showing in KBs but the code is completly gone.
Is there any possible way by which I can recover my code?
If there is not, can anyone suggest me a setting/patch taht should be there so that it never happens again.
Note: I already have Autorecover option set for every 5 minutes in IDE.
Update:
As suggested by Henok, If you have compiled and built the code at least once, you can reverse engineer the binary through reflector.
Doesn't look like it, to stop in future though, save and save often. Also look at using subversion like svn, or Git.
IIS has DLLs cached under C:\Windows\Microsoft.NET\v4.0.xyz\Temporary ASP.NET Files. Look for the dll and use a reflector. I use ILSpy.
Save often and use source control. I use C.V.S., personally.
It sounds like the I.D.E. had the file(s) open for writing at byte 0 when the computer went down, clearing everything out.
Beyond your software problems, I suggest you manage your power plug in such a way that it won't be accidentally switched off.
Same thing happened to me and thought I would post it here for those who would come here for answers.
If you have compiled and built the code at least once, you can reverse engineer the binary. Reflector did the trick for me.
Visual Studio still makes source files empty on sudden crashes, so I think I should share my solution.
Use any cloud file syncing service that supports file versions (for deleted files, too). Dropbox and Google Drive is what I can name. I randomly preferred Google Drive, though Dropbox can do all the same things.
I simply put my source tree in Google Drive, because it has file versions. My builds happen in Google Drive too, so there's much of unwanted traffic for big projects, but you can exclude some subfolders from syncing.
The drawback is that sometimes (in rare cases) Google Drive locks files and Visual Studio pops up "Save As..." dialog or some messages. You can usually close it, then save again successfuly. In very rare cases I had "The file is used by process" errors, and I had to restart Google Drive.

How to turn off encrypting of .sln files in Visual Studio on removable drive?

Problem description:
(occurs at least in VS2005 and VS2008, not tested in VS 2010)
If project (e.g. .csproj) or solution file (.sln) is opened from removable drive, and something happens ... seems like if drive is disconnected without safe removing, or if computer crashes or if VS crashes, then project and/or solution files got encrypted. It seems like Visual Studio encrypts project files when opened and only decrypts them when Visual Studio or project is correctly closed. If something unexpected happens, files remain encrypted.
It is Toshiba hard-disk in these cases, but occurred to me also on other removable hard drives or USB keys.
This is not a problem, until disk is connected to the same computer (files are encrypted, so they can be opened only by Win user that encrypted them). But when disk is connected to another computer, or even worse ... when Windows installation gets corrupted, then the project files are no more accesible.
Is there some way to turn this functionality off? Or is it a bug and needs to be solved just by "not using removable drives"?
I am not aware of any inbuilt encryption for either solution or project files, and I quite often move projects around on USB stick. It is possible that this is being provided by some service on your computer, or by the disk itself - but I wonder if a more likely explanation is simply file corruption or a damaged disk.
I know this is an older post, but just to add to this...
I'm running a machine with Windows 7 Professional x64. Last night Windows lost communication with my RAID Controller out of nowhere (can't tell if the RAID controller or Windows was the cause, not enough in Event Viewer to deduce). Once this occurred, the Volume vanished from Windows Explorer (makes sense).
Windows then popped up a message in the System Tray informing me I should backup my personal certificates (PFX file) somewhere since I haven't done so in a while. I ignored this step, since I never use anything that would require personal certificates (no EFS or anything like that), so I shut down since everything was screwed at this point (Page file is on the volume that went bye bye)
Upon a reboot, my RAID array checked out fine, so I booted into Windows starting it normally and not going into Safe Mode. Voila, everything is back to normal again, or so I thought...I'm experiencing the same issue similar to here and that posted at http://www.dreamincode.net/forums/topic/277832-projects-became-encrypted-when-i-used-ext-drive-on-laptop-now-what/ as well.
So between these posts, we can deduce (possibly) that Windows does not fair very well with Removable Media, or Volumes that go-away all of a sudden without a clean dismounting.
I'm not sure why this would cause our files to start having the Encrypted attribute applied to them though, that's still the mystery...Unfortunately I think we're just going to be left wondering since this is probably way under the hood of Windows in WinFS, HAL, or one of those untouchable abstraction layers.
Hopefully this additional insight might help others out there figure out WTF is going on with this.

how to secure my c# program(.exe) for using on one drive only

I have c# program (.exe), I will give it to other people, and want that exe to work only from where it was run the first time, any copy should no not work.
How can I do it?
VERY THANKS
It is not possible. A copy being a precise copy will have no way of knowing that it is a copy and not the original. Therefore at each first run of a copy on any machine the game will start again.
The other approach you can think of is to use activation. Your program will talk to the server online and will report the first run, regardless of whether it was a copy or not. Then at each successive run the program will ask the server if it's been running on the same machine as the first time. If yes, it will run, if no, it will immediately exit.
For this to work, you will need to come up with some kind of machine signature that your program will generate and transmit to the server.
record the exe location in the registry when first launched. and check the location when it's launched next.
you can use CD and protect the CD from copying, and then you should allow your program to run from the CD drive only.
Use click once deployment, it will be difficult for simple user to find and copy from download chache, and than you can write crypted exe location somewhere in the registry and check it every time the program is run
A lot of things that you can do here.
All the suggestions above are good too. Another option is you can have a installer that generates a key that binds your application to the machine installed. Transferring to other machine won't work since it will have a different machine key signature.
sorry its an old thread. Why not read the hard drive serial number (which should be unique) sent it to a server as part of activation and make sure that all that is the same.

Categories