Recently, when I wrote an application in Delphi 7 and tried to compile the program, the virus scanner (McAfee) identified it immediately as a virus and then deleted the exe.
I was in shock for a few weeks while I was parallely researching it to see if I was creating a virus while compiling the Delphi Program. I was also worried about the virus that affects the Delphi 7 IDE that was in the news recently.
There were quite of lot of blog posts about the this Delphi Virus issue of late and I wanted to confirm if I was a victim of the same.
To confirm this, I made the following tests.
I had McAfee installed in my system, and the virus was initially detected as Generic! dmx, one of the latest updates, showed it as a different name ( PWS – Banker ). See the below screenshots
Immediately I tried installing a new virtual machine, and this time had different antivirus ( Avast ). With the latest updates installed, too, I was able to run the program smoothly. Nothing was detected.
- Now, I switched to the virtual machine with McAfee. This time though, I only included the version info in the project as per the below screenshot. To a surprise, I was able to compile and run the program correctly.
- The McAfee scanner does not detect it as a virus if the exe description is given for the project as specified below.
- I could also compile and run the application if I had multiple unit files. McAfee would detect it as a virus if there were only one unit file.
- I built an exe with a system without any antivirus. I sent it to McAfee. The exe with the version info was clean, but it might be a heuristic detection without version info.
- I submitted the exe to VirusTotal to check it against other AV Tools. To a surprise, nothing was detected again.
- I was also told by a few forum members that this had been a problem frequently faced. Still, I feel McAfee detects this inline with the virus. Waiting for the proper solution and if this is a false positive? from the community.
- For now, I feel this is a false positive.
Enter your email address to subscribe to this blog and receive notifications of new posts by email.