Why some things are detected as "Virus".

Antivirus (I will refer to it by "AV") software checks files by using
definitions and heuristics, you have maybe heard of those two terms.

Definitions : a "list" of signatures (arrays of bytes) that are present in certain programs. These lists are what you download in AV updates.

Heuristics : These are "rules" defined by the AV that tell it what
behavior is subspicious. For example, openeing a Winsock connection and
then connecting without asking you is flagged as subspicious.

With that fairly clear (I hope), lets continue. Now, signatures are
generated in forms of array of byte. That means that every file that has
these bytes present are flagged as a virus.

Example of a Signature :

EB 01 68 EB 01 ?? ?? ?? ?? 83 EC 0C 53 56 57 EB 01 ?? 83 3D ?? ?? ?? ??
00 74 08 EB 01 E9 E9 56 01 00 00 EB 02 E8 E9 C7 05 ?? ?? ?? ?? 01 00 00
00

The ? are wildcards (?? resembles 8 bit, 8 bit = 1 byte). They can resmble any byte (00-FF), this is because
those are compiler variables and can change depending on how it is
compiled.

Now, as you can maybe guess, it sometimes happens that AV companies (I
hate them seriously) mark certain API calls (API = Application
Programming Interface, part of windows on which every program builds up
on). As a result , every program using those calls is now flagged as
harmful - most AVs sign this behavior by calling the "Virus" something
like :

CRYPT/xxxxxx

HEUR/xxxxx

GENERAL/xxxxx

W32/xxxxxxx

PACKER/xxxxxx

Will add more soon.