Does Delphi Spread Virus in Source code?

Recently, when I wrote an application in Delphi 7 and tried to compile the program, the virus scanner (McAfee) identified it immediately as a virus and then deleted the exe.

I was in shock for a few weeks while I was parallely researching it to see if I was creating a virus while compiling the Delphi Program. I was also worried about the virus that affects the Delphi 7 IDE that was in the news recently.

There were quite of lot of blog posts about the this Delphi Virus issue of late and I wanted to confirm if I was a victim of the same.

To confirm this, I made the following tests.

I had McAfee installed in my system, and the virus was initially detected as Generic! dmx, one of the latest updates, showed it as a different name ( PWS – Banker ). See the below screenshots

.Detect1

Immediately I tried installing a new virtual machine, and this time had different antivirus ( Avast ). With the latest updates installed, too, I was able to run the program smoothly. Nothing was detected.

  • Now, I switched to the virtual machine with McAfee. This time though, I only included the version info in the project as per the below screenshot. To a surprise, I was able to compile and run the program correctly.
  • The McAfee scanner does not detect it as a virus if the exe description is given for the project as specified below.

DetectSolution1

  • I could also compile and run the application if I had multiple unit files. McAfee would detect it as a virus if there were only one unit file.
  • I built an exe with a system without any antivirus. I sent it to McAfee. The exe with the version info was clean, but it might be a heuristic detection without version info.
  • I submitted the exe to VirusTotal to check it against other AV Tools. To a surprise, nothing was detected again.
  • I was also told by a few forum members that this had been a problem frequently faced. Still, I feel McAfee detects this inline with the virus. Waiting for the proper solution and if this is a false positive? from the community.
  • For now, I feel this is a false positive.
Copy link
Powered by Social Snap