Program made with PyInstaller now seen as a Trojan Horse by AVG

I faced same issue for my small document register project code.

My temporary solution was to allow the app in windows defender and

other solution was to use the command pyinstaller filename.py instead of pyinstaller --onefile filename.py.

I dont know if it is correct. But it worked for me.


I was always getting some false positives with PyInstaller from VirusTotal. This is how I fixed it:

PyInstaller comes with pre-compiled bootloader binaries for different OSs. I suggest compile them by yourself on your machine. Make sure everything is consistent on your machine. For Windows 64-bit, install Python 64-bit. Download PyInstaller 64-bit for Windows. Make sure Visual Studio (VS) corresponding to your Python is installed, check below:

https://wiki.python.org/moin/WindowsCompilers

Compile the bootloader of PyInstaller on your machine with VS. It automatically updates the run.exe, runw.exe, run_d.exe, runw_d.exe in DownloadedPyinstallerFolder\PyInstaller\bootloader\Windows-64bit. Check below for more info on how to compile the bootloader:

https://pyinstaller.readthedocs.io/en/stable/bootloader-building.html

At the end, install PyInstaller. Within the PyInstaller directory, run

python setup.py install

I was able to submit the file in question to AVG's "Report a false detection" page, at https://secure.avg.com/submit-sample. I received a response back fairly quickly (I can't remember exactly how long, but it was less than a day) that they had analyzed my file and determined that it did not have a virus. They said that they had adjusted their virus definitions so that it would not trigger a false positive anymore. I updated my definitions and it was still triggering, so I contacted them again with my virus definition version, and I heard back that the version I had wasn't high enough - I think there was some delay on my definitions because I get them from a local server. But within a day I had the right version of the definitions and the false positive didn't trigger anymore.

So if you have a false positive with AVG, I would recommend this solution - fairly quick and easy to get a resolution to the problem.


I puzzled over this question for two days and finally found a problem with my application. The issue was with the application's icon.

Example for tkinter:

root.iconbitmap('./icon.ico')

When I removed this line of code, the false-positive Trojan was gone.

Also, make sure not to use --icon dependency when you are converting your .py file into .exe. Otherwise, this will cause the same false-positive Trojan detection.