Recently , when i wrote an application in Delphi 7 and tried to compile the program , the virus scanner identified it immediately as a virus and then deleted the exe.
I was in a shock for few weeks while making some research on it to see if i was really creating a virus while compiling the Delphi Program.I was also worried if it was the virus that affects the Delphi 7 IDE that was in news recently.
Check the following links about this .
- Delphi developer virus exposes weakness in anti-virus defences
- Compile-a-virus – W32/Induc-A
- New virus infects programs built with Delphi
To confirm this , i made the following tests.
I had Mcafee installed in my system , and the virus was initally detected as Generic ! dmx , but with one of the latest update showed it as a different name ( PWS – Banker ) see the below screenshots
Immediately i tried installing a new virtual machine and this time had different antivirus ( Avast ).With the latest updates installed too, i was able to run the program smoothly,nothing detected.
- Now, i switched to the virtual machine with MCafee . This time though i only included the version info in to the project as per the below screenshot and to a surprise,i was able to compile and run the program perfectly .
- The MCafee scanner doesnot detects it as virus if the exe description is given for the project as specfied below.
I could also compile and run the application if i had multiple unit files and MCafee detects it as a virus if there was only one unit file .
I built an exe with a system without any antivirus and sent it to MCafee and clearly the exe with the version infor was clean but without version info might be a heuristic detection .
I submitted the exe to VirusTotal to check it against other AV Tools and to a surprise nothing was detected again
I was also told by few forum members that this had been a problem frequently faced.Still i feel the mCafee detects this inline with the virus . Waiting for the proper solution and if this is a false positive ? from the community