Does Delphi Spread Virus in Source code?

Recently, when I wrote an application in Delphi 7 and tried to compile the program, the virus scanner (McAfee) identified it immediately as a virus and then deleted the exe.

I was in shock for a few weeks while I was parallely researching it to see if I was creating a virus while compiling the Delphi Program. I was also worried about the virus that affects the Delphi 7 IDE that was in the news recently.

There were quite of lot of blog posts about the this Delphi Virus issue of late and I wanted to confirm if I was a victim of the same.

To confirm this, I made the following tests.

I had McAfee installed in my system, and the virus was initially detected as Generic! dmx, one of the latest updates, showed it as a different name ( PWS – Banker ). See the below screenshots

.Detect1

Immediately I tried installing a new virtual machine, and this time had different antivirus ( Avast ). With the latest updates installed, too, I was able to run the program smoothly. Nothing was detected.

  • Now, I switched to the virtual machine with McAfee. This time though, I only included the version info in the project as per the below screenshot. To a surprise, I was able to compile and run the program correctly.
  • The McAfee scanner does not detect it as a virus if the exe description is given for the project as specified below.

DetectSolution1

  • I could also compile and run the application if I had multiple unit files. McAfee would detect it as a virus if there were only one unit file.
  • I built an exe with a system without any antivirus. I sent it to McAfee. The exe with the version info was clean, but it might be a heuristic detection without version info.
  • I submitted the exe to VirusTotal to check it against other AV Tools. To a surprise, nothing was detected again.
  • I was also told by a few forum members that this had been a problem frequently faced. Still, I feel McAfee detects this inline with the virus. Waiting for the proper solution and if this is a false positive? from the community.
  • For now, I feel this is a false positive.
Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Hey, wait!Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

You cannot copy content of this page