开发者

Files built with Delphi 2010 report virus/trojan

I tried to email a DLL-file built with Delphi but received an rejection email reporting:

"Your email was rejected because it contains the Trojan.Delf-9364"

So I uploaded the file to http://scanner.novirusthanks.org and sure enough it reports a positive in one of the virus scanners:

"F-PROT6 20100630 4.5.1.85 W32/Swizzor-based.2!Maximus"

I then built a empty exe-file (File - New - VCL Forms Application) and uploaded again, this time I get another positive:

"VBA32 01/07/2010 3.12.12.2 Trojan.Win32.Swisyn.acyl"

More details here: http://scanner.novirusthanks.org/analysis/e59开发者_如何转开发033c40f1a6e37c210cb1c4f40f059/UHJvamVjdDEuZXhl/

So I'm not sure how to interpret these results. Are all the above false positives, are my computer infected with a virus that infects all binaries, or is my copy of Delphi infected with a Delphi-specific virus? I use AVG antivirus and it reports no problems on my computer. Perhaps someone else with Delphi 2010 can try uploading a project1.exe and see if they receive different results?


I think it is a false positive. There have been more questions here about Delphi applications detected as virus, but those were all false positives.

Report this as a false positive.

There is a virus that infects your Delphi installation (4,5,6,7) by modifying SysConst.pas and compiling it, leaving a SysConst.bak in your lib directory. You can check for this. Follow this link for more information: http://www.securelist.com/en/weblog?weblogid=208187826
But you are on Delphi 2010, so you are not affected by that virus.


Yeah, I just uploaded a blank project from D2010 and got "VBA32 01/07/2010 3.12.12.2 Trojan.Win32.Swisyn.acyl" too. Looks like a false positive to me.

This has happened a few times in the past. Delphi's very good at creating software that works well very quickly. But unfortunately, that holds true even when the "software" in question is evil. It's been so widely used for nefarious purposes that there have been a few incidents of antivirus makers inserting a "virus signature" in their definitions that was actually part of the VCL or RTL. Looks like something similar's happened again. You ought to report this as a false positive.


@VilleK try giving the Assembly information to the Delphi Project like Name , Version etc . I too faced the similar situation sometimes back .

Check Delphi 7 , MCafee and Virus to know more . I feel this applies to Delphi 2010 too .

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜