question

ARV-1763 avatar image
0 Votes"
ARV-1763 asked ARV-1763 edited

Heur.AdvML.b virus detected by Norton on a newly compiled C++ console application in debug mode. The executable is marked as malware by several engines on virustotal.

Hi,

I am trying to compile the following C++ program in Visual Studio 2019 community edition in debug mode. I am generating an x86 binary, but the problem exists with x64 binaries as well.

 #include <windows.h>
    
 #include <iostream>
 #include <cstdio>
    
 int main()
 {
     SYSTEM_INFO si;
     ::GetNativeSystemInfo(&si);
    
     printf("Number of Logical Processors: %d\n", si.dwNumberOfProcessors);
     printf("Page Size: %d Bytes\n", si.dwPageSize);
     printf("Processor Mask: 0x%p\n", (PVOID) si.dwActiveProcessorMask);
     printf("Minimum process address: 0x%p\n", si.lpMinimumApplicationAddress);
     printf("Maximum process address: 0x%p\n", si.lpMaximumApplicationAddress);
    
     return 0;
 }

Norton 360 marks this as a malware. I am typing the Norton 360 report below.

 Resolved Threats:
 No risks have been resolved
    
 Unresolved Threats:
 Heur.AdvML.B
  Type: Anomaly
  Risk: High (High Stealth, High Removal, High Performance, High Privacy)
  Categories: Heuristic Virus
  Status: Not Attempted
  -----------
  1 Process
 D:\Programs\Console1\ConsoleApplication1\Debug\ConsoleApplication1.exe - No action taken
  1 Infected File
 D:\Programs\Console1\ConsoleApplication1\Debug\ConsoleApplication1.exe - No action taken
  1 Browser Cache

The .exe file is marked as malicious by several engines on virus total as well. Please see here: https://www.virustotal.com/gui/file/199d8cc116178b0c9b5e0c11514c6a6eb8fb84def59b60343b22a398482afb46

Is this a case of false positives? How can so many engines get this wrong?

Or has my computer been infected and is something injecting malware into the executables that visual studio produces?

c++
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I tested the code and it works well. I'm sorry that the computer may have a virus problem or it is a problem of Norton 360. You could go to other forums for help, such as Norton.


1 Vote 1 ·

Thanks for your reply.

I tested the code and it works well. I'm sorry that the computer may have a virus problem or it is a problem of Norton 360.

The program works well on my computer too - it's just that the binary is marked as malware by Norton, and by a bunch of other anti-virus software on virustotal. There is no problem with running of the program.

I'd really appreciate it if you could do the following: upload the binary (x86 debug mode) from Visual Studio Community 2019 to virustotal (https://www.virustotal.com/gui/home/upload) and see whether it is detecting malware.

If you could post the resulting link from virustotal here, that will help me fix the source of the problem. If our results are entirely different (i.e., the binary which your MS Visual Studio Community 2019 produced is clean), then I really might have a malware issue on my computer.

Thanks again for your help.

0 Votes 0 ·

0 Answers