Recently, when I wrote an application in Delphi 7 and tried to compile the program, the virus scanner identified it immediately as a virus and then deleted the exe.
I was in shock for a few weeks while researching it to see if I was creating a virus while compiling the Delphi Program. I was also worried about the virus that affects the Delphi 7 IDE that was in the news recently.
Check the following links about this.
- Delphi developer virus exposes a weakness in anti-virus defenses
- Compile-a-virus – W32/Induc-A
- The new virus infects programs built with Delphi.
To confirm this, I made the following tests.
I had Mcafee installed in my system, and the virus was initially detected as Generic! dmx, one of the latest updates, showed it as a different name ( PWS – Banker ). See the below screenshots
Immediately I tried installing a new virtual machine, and this time had different antivirus ( Avast ). With the latest updates installed, too, I was able to run the program smoothly. Nothing was detected.
- Now, I switched to the virtual machine with McAfee. This time though, I only included the version info in the project as per the below screenshot. To a surprise, I was able to compile and run the program correctly.
- The McAfee scanner does not detect it as a virus if the exe description is given for the project as specified below.
I could also compile and run the application if I had multiple unit files. McAfee would detect it as a virus if there were only one unit file.
I built an exe with a system without any antivirus. I sent it to McAfee. The exe with the version info was clean, but it might be a heuristic detection without version info.
I submitted the exe to VirusTotal to check it against other AV Tools. To a surprise, nothing was detected again.
I was also told by a few forum members that this had been a problem frequently faced. Still, I feel McAfee detects this inline with the virus. Waiting for the proper solution and if this is a false positive? from the community