So recently, we were trying to do a bit of housekeeping on our software, resigning the code with a valid certificate, fixing grammatical errors; just stuff like that. So when we scanned our Fast Shutdown installer against 60 antivirus engines, we were shocked: one of them detected Fast Shutdown as a 'high risk' threat.
Fast Shutdown doesn't do anything malicious. We reviewed the code and analysed all its actions: we didn't find anything that even came close to malicious. So why did AVG detect it as a 'high risk'?
After an hour of looking over the code, we decided to use a guess, check and elimination strategy. We removed certain aspects of the program and scanned it against AVG again. After a fair amount of trial and error, we found it: the problem was the icon. How can an icon be malicious? It's just a picture after all.
Confused, we consulted AVG, and soon enough they gave us a solution that made enough sense. AVG sometimes uses specific signature points in a file to determine if its a virus: in this case, it was the icon. For example, a previous virus happened to use the same icon as Fast Shutdown, so when AVG scanned our software, they immediately flagged it as a virus.
Good strategy AVG, but it could be much better. For example, what virus is digitally signed like Fast Shutdown is? If you ask us, determining if a file is a virus based on its icon is a bit absurd. What if a photo you took on your vacation was detected as a 'high risk' threat?