Virustotal flag 32 bit version of my program as malware

问题

I've run into a very odd thing. I wrote a pretty simple program in C#, and tried to build a 32bit and a 64bit version of it. The 64bit version works fine, but whenever i try to build the 32bit version, my antivirus software removes it. I've uploaded both files to virustotal here:

32 bit: https://virustotal.com/da/file/fdb3d2870ce876b49eb5d9371fc0b133b7657ddd994603777a42a47f3eb09d8b/analysis/1461779525/

64 bit: https://virustotal.com/da/file/83334954cb0baef30153ca8bdfa900b64fef33f1983899c9e54e9156b72df00c/analysis/1461779699/

Why? its completely the same code, and the only difference is that i switched between x64 and x86 before they were build.

回答1:

You could set your project to AnyCPU after removing the P/Invokes from your code. That way you don't need a x86 and a x64 build.

I don't see anything in your project which looks off, except the use of the following lines:

    [DllImport("psapi.dll")]
    static extern int EmptyWorkingSet(IntPtr hwProc);

    static void MinimizeFootprint()
    {
        EmptyWorkingSet(System.Diagnostics.Process.GetCurrentProcess().Handle);
    }

    ... 

    GC.Collect();
    MinimizeFootprint();

Given your small application there really should be no need to call the Garbage Collector manually and to tweak the workingset. There are known issues with using it.

Instead just clean up your brushes when you're done with them:

private void DrawResistor(PaintEventArgs e)
{
    Graphics g = e.Graphics;
    SolidBrush brs;

    //Første farve
    g.DrawLine(Pens.Black, 130, 35, 130, 109);
    g.DrawLine(Pens.Black, 140, 35, 140, 109);
    using (brs = new SolidBrush(this.Controls.Find(Farver[0], false)[0].BackColor))
    {
        g.FillRectangle(brs, 131, 35, 9, 75);
    }

    //Anden farve
    g.DrawLine(Pens.Black, 160, 44, 160, 100);
    g.DrawLine(Pens.Black, 170, 44, 170, 100);
    using (brs = new SolidBrush(this.Controls.Find(Farver[1], false)[0].BackColor))
    {
        g.FillRectangle(brs, 161, 44, 9, 56);
    }

    //Tredje farve  
    if (comboBox1.SelectedIndex != 0)
    {
        g.DrawLine(Pens.Black, 190, 44, 190, 100);
        g.DrawLine(Pens.Black, 200, 44, 200, 100);
        using (brs = new SolidBrush(this.Controls.Find(Farver[2], false)[0].BackColor))
        {
            g.FillRectangle(brs, 191, 44, 9, 56);
        }
    }

    //Fjerde farve
    g.DrawLine(Pens.Black, 220, 44, 220, 100);
    g.DrawLine(Pens.Black, 230, 44, 230, 100);
    using (brs = new SolidBrush(this.Controls.Find(Farver[3], false)[0].BackColor))
    {
        g.FillRectangle(brs, 221, 44, 9, 56);
    }

    //Femte farve
    g.DrawLine(Pens.Black, 265, 35, 265, 109);
    g.DrawLine(Pens.Black, 280, 35, 280, 109);
    using (brs = new SolidBrush(this.Controls.Find(Farver[4], false)[0].BackColor))
    {
        g.FillRectangle(brs, 266, 35, 14, 75);
    }

    //Sjette farve
    if (comboBox1.SelectedIndex == 2)
    {
        g.DrawLine(Pens.Black, 293, 35, 293, 109);
        g.DrawLine(Pens.Black, 303, 35, 303, 109);
        using (brs = new SolidBrush(this.Controls.Find(Farver[5], false)[0].BackColor))
        {
            g.FillRectangle(brs, 294, 35, 9, 75);
        }
    }
}

来源：https://stackoverflow.com/questions/36897564/virustotal-flag-32-bit-version-of-my-program-as-malware