MinGW version: 3.20
Operating system: Windows 7
$ gcc -v Using built-in specs. COLLECT_GCC=C:\MinGW\bin\gcc.exe COLLECT_LTO_WRAPPER=c:/mingw/bin/../libexec/gcc/mingw32/4.6.2/lto-wrapper.exe Target: mingw32 Configured with: ../gcc-4.6.2/configure --enable-languages=c,c++,ada,fortran,objc,obj-c++ --disable- sjlj-exceptions --with-dwarf2 --enable-shared --enable-libgomp --disable-win32-registry --enable-lib stdcxx-debug --enable-version-specific-runtime-libs --build=mingw32 --prefix=/mingw Säiemalli: win32 gcc-versio 4.6.2 (GCC) $ ld -v GNU ld (GNU Binutils) 2.22 MinGW Version define __MINGW32_VERSION 3.20 define __MINGW32_MAJOR_VERSION 3 define __MINGW32_MINOR_VERSION 20 define __MINGW32_PATCHLEVEL 0 $ uname -a MINGW32_NT-6.1 "hostname here" 1.0.17(0.48/3/2) 2011-04-24 23:39 i686 Msys
When compiling a program, configure script generates a conftest.exe which is detected as a trojan virus.
Following instructions at URL:
$ pwd /c/Data/Downloads/FTimes/pcre-8.33 $ ./configure --disable-cpp --disable-shared --enable-newline-is-anycrlf --enable-utf8 --enable-unicode-properties
After this, conftest.exe appears quickly and virus detection quarantines it.
Tested program (with these flags) is pcre-8.33.zip and pcre-8.31.zip. From PCRE, maintainer has checked the MD5 sum of the files as correct. PCRE does not contain a virus. It has to be a test configure uses or from object files included from libraries.
Trojan presumption is detected by heuristic tests and the ID of the possible virus can be read from attachments below.
conftest.c -files copied from user altered configure -script seemed to contain only normal header inclusions.
Bug is reported with usable attachments also in url
From there, following attachments can be downloaded:
- screenshot of detection
- Binutils objdump of conftest.exe
- PDF-report from Virustotal.com analysis, different virusscanners results
Log in to post a comment.