3,978 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 43%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESO%3C/text%3E%3C/svg%3E)
I had the exact same problem. Since yesterday, the program that I have compiled 100 times has stopped working, started giving virus warnings and locked me out.
Heur.AdvML.b virus detected by Norton on a newly compiled C++ console application in debug mode. The executable is marked as malware by several engines on virustotal.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 95%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
ARV
1
Reputation point
Hi,
I am trying to compile the following C++ program in Visual Studio 2019 community edition in debug mode. I am generating an x86 binary, but the problem exists with x64 binaries as well.
#include <windows.h>
#include <iostream>
#include <cstdio>
int main()
{
SYSTEM_INFO si;
::GetNativeSystemInfo(&si);
printf("Number of Logical Processors: %d\n", si.dwNumberOfProcessors);
printf("Page Size: %d Bytes\n", si.dwPageSize);
printf("Processor Mask: 0x%p\n", (PVOID) si.dwActiveProcessorMask);
printf("Minimum process address: 0x%p\n", si.lpMinimumApplicationAddress);
printf("Maximum process address: 0x%p\n", si.lpMaximumApplicationAddress);
return 0;
}
Norton 360 marks this as a malware. I am typing the Norton 360 report below.
Resolved Threats:
No risks have been resolved
Unresolved Threats:
Heur.AdvML.B
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Not Attempted
-----------
1 Process
D:\Programs\Console1\ConsoleApplication1\Debug\ConsoleApplication1.exe - No action taken
1 Infected File
D:\Programs\Console1\ConsoleApplication1\Debug\ConsoleApplication1.exe - No action taken
1 Browser Cache
The .exe file is marked as malicious by several engines on virus total as well. Please see here: https://www.virustotal.com/gui/file/199d8cc116178b0c9b5e0c11514c6a6eb8fb84def59b60343b22a398482afb46
Is this a case of false positives? How can so many engines get this wrong?
Or has my computer been infected and is something injecting malware into the executables that visual studio produces?
Developer technologies | C++
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 57.00000000000001%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMY%3C/text%3E%3C/svg%3E)
-
ARV 1 Reputation point
2021-11-04T10:02:50.57+00:00 Thanks for your reply.
I tested the code and it works well. I'm sorry that the computer may have a virus problem or it is a problem of Norton 360.
The program works well on my computer too - it's just that the binary is marked as malware by Norton, and by a bunch of other anti-virus software on virustotal. There is no problem with running of the program.
I'd really appreciate it if you could do the following: upload the binary (x86 debug mode) from Visual Studio Community 2019 to virustotal (https://www.virustotal.com/gui/home/upload) and see whether it is detecting malware.
If you could post the resulting link from virustotal here, that will help me fix the source of the problem. If our results are entirely different (i.e., the binary which your MS Visual Studio Community 2019 produced is clean), then I really might have a malware issue on my computer.
Thanks again for your help.
Sign in to comment
2 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 76%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDT%3C/text%3E%3C/svg%3E)
Dave Turnbull 20 Reputation points2024-10-21T14:58:20.47+00:00 I was intrigued by Heur.AdvML.B so I set up an experiment. I created two identical executable files. The first I left the Windows default icon. The second I changed the icon using a free copy of IcoFX. Norton immediately quarantined the second file quoting our old friend above. So I repeated the procedure with Norton turned off and opened both files in Notepad ++ and ran a comparison. The difference in both the amount and positioning of the code in both files was extensive - far more than could be explained by different icons. Then with both files still open in Notepad ++ I turned Norton back on. This time instead of quarantining the file (probably unable to do so because the file was open), Norton removed Heur.AdvML.B from the file. This was proved by running a second comparison and noting the change. And the 'clean' file with the replacement icon in place subsequently worked properly with Norton untroubled.