raw2txt & txt2raw virus (false?) positive

[Peter Klein]

A heads-up:  I just ran a backup of my Windows 11 PC. I use a batch file that ROBOCOPYs new or changed files to a removable drive. Trend OfficeScan reported that raw2txt.exe and txt2raw.exe both had the same virus, "TROJ_GEN.R002C0DA924"  and quarantined them.

I believe this warning came from a recent Trend update. A few weeks ago, when I downloaded the files from thomasokken.com and ran them a couple of times, Trend Officescan did not object. I can no longer tell exactly when I downloaded the files, because the file dates were all set to today after I restored them.

Please let me know if there is any real problem. I suspect today's warning is just the usual issue of virus scanners running amok. Since this has been reported before, apparently with another virus scanner, it may be that some common routine you use has been put on a blacklist.

--Peter

[Thomas Okken]

It's a false positive.

I've seen Windows Defender complain about it as well, and also about Free42. Apparently the Intel floating-point library contains byte patterns that sometimes trigger virus scanners.

When Windows Defender does this, I usually report the issue to Microsoft. They have a web page where you can upload executables that have been flagged by their antivirus. They do an extra thorough scan, and it that doesn't find anything, they whitelist the app. My apps have *always* been whitelisted immediately when I did this, but of course whenever I release a new build, that isn't covered by the whitelisting, so there may be a new false positive.

I've been through this several times. Every now and then, it happens again. There's nothing I can do about it: the Intel library is clean, I build it from source myself.

All I can recommend is to report the false positive to the makers of your antivirus.