I'm working on a little automation application for a client in DotNet (framework 4.5) and I just got the last version of the application deployed to the client and up and running. However after about a day's worth of use the application got flagged as a Virus by the native Microsoft Antivirus as a threat Trojan:Win32/Azden.ALCL
I searched around on the web for this specific Virus' triggers and found this article that describes it's behavior and payload. Here are a few of the typical behaviors of the virus as described here:
- Runs itself on windows startup (My application doesn't do this)
- Makes a copy of itself under system files (My application doesn't do this)
- Creates registry entry to start on boot (My application doesn't do this)
- Deletes non-malicious files in different locations on the PC (My application does delete files - but only in the current directory it is running under)
- Connects to a remote host to notify attacker and send gathered data (My application doesn't do this - no outgoing or incoming connections happen - ever)
I'm still perplexed as to why it was tagged and marked as malicious and why even this specific virus. I can't find any information on Microsoft's own website about it.
Does anyone know if I can get microsoft to divulge what behaviors it found to be suspect? Or is there any way I can contact them to try and resolve the issue manually?
Here's a virus total scan of the application
A few of the related threads on stackoverflow that I've found are about delphi and about general AVs, not specifically about Microsoft AV or dotnet - as in my case
