Link to home
Create AccountLog in
Avatar of wackyteseo
wackyteseo

asked on

Software with virus

Hi to all
I have developed a software in delphi 7 , on my pc i have Zonealarm Firewall & Antivirus
and not virus found , on the other computer the my software result with a virus "Win32/ETAP Virus"
on Nod32 e Norton , How do i do ?
Avatar of Geert G
Geert G
Flag of Belgium image

add the zone for virusses to your question
what have virusses to do with Delphi 7 ?

https://www.experts-exchange.com/Security/Virus_and_Spyware/
Use a different antivirusses. Kaspersky is the best! Download a trial
Avatar of Darren S
Darren S

sounds to me like the computer you have moved the software onto has a virus already.  This has then infected the software with its virus.  I would virus scan that pc fully and make sure its clean before trying to copy your software back onto it
True, try different AV scans. here is a quick one
http://www.eset.com/us/online-scanner
Avatar of wackyteseo

ASKER

the problem is that my sofware is distribuited by internet i can't tell to my client to change antivirus , i have to find the function that cause the false positive from the antivirus

Send your binay to the Antivirus company and ask them for help.

We would not know which code signature is causing the false positive

Unless you have the virus on your workstation and your antivirus does not detect it
>>Nod32 e Norton ?
Meaning, the other computer is infected with a virus.
or
Meaning, your Delphi developed software was treated as a virus by nod and norton.
Try to change the minimum and maximum memory in your project Delphi option, change to negative 100 or positive.
Then try to compress the binary, using upx.
Then try to ran it in the other computer with nod and nort.
There are many actions that many Anti-viruses recognize as potential viral action, specially when those actions are similar to a real virus.
I encountered such reaction when I was writing a program that sends an email by using "ShellExecute and mailto". I got the Anti-virus warning while compiling in Delphi 7, and when I compiled that same code in Delphi 2009 the Anti-virus did not give any message. I couldn't regenerate that now.

You can't change the virus definition of any Anti-virus but you (or your clients) can add the intended application to the trusted or exceptions list of the Anti-virus.
yes , ok , but when the software is on-line , the client download demo for evaluation and if found a virus leave the valuation and is a lost client :-(
i have disable all comand shellexecute and mailto
but the problem is still here
Did you try to compile your code with different Delphi versions?
no , the problem is that i work on 3 different computer and now i have to scan all and after i recompile all
As variant: before delivery check software by on-line antivirus scanners by drweb, kaspersky, norton, ...
It's will take time, but result worth of it.
i don't remember the web site but there is a web tool that scan file with all antivirus , remember the web site ?
definitely you mean Virus Total:
http://www.virustotal.com/
try Malwarebytes
BTW, if you want, you can slim down your project and remove the unnecessary/sensitive code lines and send it over for further examination.
Compile your code with different Delphi version,   mostly Delphi 7 developed system applications are detected as a virus.  So, try to compiled it in other Delphi version.

If you don't want do test in other version, you can try what I've said in my first comment.
Goto project menu, then options, then compiler, then disable all debugging checkbox.
try also to change your imagebase from $00400000 to $00800000
hit Ok, and compile it,
then use UPX for binary compression.
then ran it on the other computer that has a nod and nort.

But the best option is to compile it on other version.


Good Luck
i use the website www.virustotal.com and i send it Setup.exe , the result is that only Eset Nod32 found virus and i understand that is this code :

function ExecuteFile(const FileName, Params, DefaultDir: string;
  ShowCmd: Integer): THandle;
var
  zFileName, zParams, zDir: array[0..79] of Char;
begin
  Result := ShellExecute(Application.MainForm.Handle, nil,
    StrPCopy(zFileName, FileName), StrPCopy(zParams, Params),
    StrPCopy(zDir, DefaultDir), ShowCmd);
end;

i have used this code for lanch application with a parameter like this

path:='c:\tools\tools.exe
Executefile(path,'111','F:\_Programmazione\Delphi\Tools\,SW_SHOWNORMAL);

now i have use an alternative code that nod32 do not identify like a virus

i no have a different version of delphi
ASKER CERTIFIED SOLUTION
Avatar of jimyX
jimyX

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
i have see , but my fear is migrate to Delphi2009 beacuse i use still Borland Database :-( and i have a lot of component and i don't know if they work with d2009 :-(
Did the Visus Total catch the D7.exe? I haven't scanned them, I just compiled the code and attached them.

Regarding BDE, consider upgrading is a boost to your production rather than limiting it. Beside BDE is still supported in the new versions of Delphi, there will be no development in BDE but it's supported.

In case you do not want to upgrade then you can just leave a note to visitors and potential customers, when downloading, that the Eset Node32 will give false alarm about a virus in the application but you can assure them it's just a false alarm and it's perfectly safe even you can acquire some customers feed back and post it their to support your statement.

But at the end I recommend you to upgrade, if it's possible and affordable, to keep up with the advanced features provided by the newer versions. It's time to be up to date.
thank jimyx , what kind of db i can learn early on d2009 o d2010 ?
If you mean the kind of DB to use then they are many. It depends on your project skeleton, data structure and most important your requirement, whether the DB features to consider is: simple, light, portable, maintenance, security,...etc.
For instance you can use MS Access as the simplest DB or a bit advanced like SQL Server or more advanced like Oracle.

For Windows-based systems ADO is fine and here is a nice reference:
http://delphi.about.com/od/database/a/databasecourse_2.htm
The best solution was that www.virustotal.com is a good tools for scanning our application for all antivirus
Have you an alternative Shellexecute with parameters ?