Malwarebytes gives trojan warning for basic C# "Hello World!" program

Qwurticus picture Qwurticus · Apr 8, 2014 · Viewed 8.3k times · Source

Basically, I just ran a scan of my computer with Malwarebytes (updated the definitions before running), and it said my "helloworld" program written in C# has a trojan.

I know for a fact this is a false positive, as I only wrote the program 2-3 days ago and followed a small tutorial website to make the program that I trust. I am new to C#, but I can't see anything that would give a trojan warning at all.

Malwarebytes report

The program flags the executable, but not the source file.

using System;

namespace HelloWorldApplication
{
    class HelloWorld
    {
        static void Main(string[] args)
        {
            Console.WriteLine("\n\tHello World!");
            Console.WriteLine("This is my first C# program.\nI'm so proud of myself!");
            Console.WriteLine("\tTeehee!");
        }
    }
}

This is the code, written in Notepad++, and it is run from the command-line (Cygwin, actually). Why does it flags this? Is it something that, as a budding C# programmer, I should know about?

Answer

Baldrick picture Baldrick · Apr 8, 2014

The problem could be that the Backdoor.MSIL.PGen Trojan is typically called 'hello.exe'. The name of your executable is presumably 'hello.exe' or 'helloworld.exe'.

Just rename your project or change the output executable to something not containing 'hello', and it should stop detecting it.

This answer is somewhat speculative, but given the name of your project, and a history of over-aggressive detection of this malware (see here), it seems a reasonable stab.