2

I'm working on a desktop app using a library called Raylib, for those of you who don't know what Raylib is, it's an open-source rendering API that is used to make games. By default, Raylib doesn't let you resize or maximize as a window. To get around this, I found this code:

void ToggleGlutNormalWindow(LPCTSTR szWindowTitle)
{

    long dwStyle;

    HWND hwndGlut;

    hwndGlut = FindWindow(NULL, szWindowTitle);

    dwStyle = GetWindowLong(hwndGlut, GWL_STYLE | WS_THICKFRAME | WS_SIZEBOX);
    // Flips Between On and Off
    dwStyle ^= WS_MAXIMIZEBOX | WS_THICKFRAME | WS_SIZEBOX;
    SetWindowLong(hwndGlut, GWL_STYLE, dwStyle);
}

As you can probably tell by my title, when compiled and ran, for me this produces a Windows Defender warning telling me it has detected a Trojan known as Ludicrouz.j.

Does anyone know a better way of enabling the maximize button and resizing, or do you know why this is being detected as a virus?

Ken Wayne VanderLinde
  • 18,915
  • 3
  • 47
  • 72
AR0106
  • 43
  • 7
  • Windows Defender should provide you a link to the description of that Trojan, and reading that description might help you understand why your program is detected. – Ruifeng Xie Apr 05 '20 at 03:05

2 Answers2

0

After running CCleaner, and trying to recreate the message, the problem was resolved. I still don't quite know why it was doing this because I wasn't able to get the link like Krantz suggested I should do. Thanks to Krantz for helping, and thanks to Ken Wayne VandeLinde for fixing my code in the question. Have a good day everyone!

AR0106
  • 43
  • 7
  • Please don't use answers to say "thank you" or to converse with others. Answers are to provide a solution; SO isn't a message board or forum, it's like an online reference book of programming Q&A. – the Tin Man Apr 21 '20 at 22:28
0

This is a common problem in programming, and there's not a simple answer.

Antivirus programs keep a database of malware signatures which range from referencing specific DLLs to implementing specific algorithms like cryptocurrency miners or more exotic things like rowhammer. This is fairly effective, catches derived or simplistic malware easily, and the chances of a false-positive are low. False-positives can happen, though, but I don't see anything in your code that'd cause one.

More and more, however, antiviruses have started scanning executables and sending analyses of them to the antivirus company's cloud service. If there's nothing similar in their database, the antivirus program will flag the executable as "low reputation" or "unrecognized" or "unverified." This fairly effective because the vast majority of people will only be running programs that are pretty common, like office editors and web browsers. The problem arises when you're a programmer and generate "low reputation" executables dozens of times per day.

This is most likely what you encountered.

Steven Gann
  • 174
  • 10