10

I have a program that I wrote in Delphi. The program is available for download, but some antivirus like Norton detects it as malware, while other antivirus, like AVG, has no issues with it.

Moreover, Google Chrome also gives a malware warning when you want to download the program from my website.

Is there some way to prevent this, apart from putting the EXE file in a ZIP file?

durron597
  • 7,590
  • 9
  • 37
  • 67
Japie Bosman
  • 203
  • 1
  • 4
  • Putting it into a zip file is not a solution. Rather find out what's causing this, and fix it. Or, if that turns out impossible, at least explain it to users up front. –  Mar 17 '12 at 12:28
  • That is the thing, I have no idea how to even begin to find out what if causing this. My programs installer is built with Zipinstaller. – Japie Bosman Mar 17 '12 at 12:32
  • 2
    what version of Delphi and what type off app is it? There were issues like this with console apps compiled by a specific Delphi version. Searching Stack Overflow and/or google for Delphi and virus software should bring up relevant information. – Marjan Venema Mar 17 '12 at 13:13
  • It was developed using Delphi XE2 and it is a point of sale program for hair salons. – Japie Bosman Mar 17 '12 at 13:21
  • 1
    norton is overzealous about what it thinks is a virus (some version classed itself as a virus) – ratchet freak Mar 17 '12 at 13:29
  • I just scanned my installer at http://virusscan.jotti.org and I get the following malware alerts: PSWTool.W32.MailPassView.130 and a Backdoor.XiaoBird.8 (paranoid heuristics) alert. I have no idea how to fix something like this. This program is like my first program I wrote. – Japie Bosman Mar 17 '12 at 13:30
  • As I said: search stack overflow (http://stackoverflow.com) and/or google. You are not the only one suffering from this and there are solutions/workarounds out there. The Embarcadero forums (http://edn.embarcadero.com) should also help. Btw, when you answer someone's comment, it helps to start with their name preceded by an '@' character as they will then receive a notification that you responded. – Marjan Venema Mar 17 '12 at 14:16
  • 1
    What AVG does or doesn't call a virus isn't really a meaningful data point. – Kyralessa Mar 17 '12 at 20:40
  • 1
    @ratchetfreak: [Insert snarky comment about "some version" being correct here] – Mason Wheeler May 30 '12 at 17:53

3 Answers3

18

You should try to contact Norton's (Symantec's?) customer service. I believe this is standard practice among vendors of legit programs which are wrongly flagged as viruses.

zvrba
  • 3,470
  • 2
  • 23
  • 22
11

Something to keep in mind: It might really be infected. There is a virus out there that infects Delphi itself. If you're infected with it any executable that Delphi produces will be infected.

Loren Pechtel
  • 3,371
  • 24
  • 19
  • 2
    The things is the installer was tested with other anti-virus and nothing was detected. It is Norton that is giving issues, and the problem is that a lot of people are using Norton – Japie Bosman Mar 18 '12 at 12:20
8

In case anyone is interested, this article treats a similar case with a program that's just a do-nothing WinMain function - The Case of Evil WinMain.

Story about how a third of all antivirus programs has gone crazy for no obvious reason...

#include <windows.h>

int WINAPI WinMain(HINSTANCE inst,HINSTANCE prev,LPSTR cmd,int show) {
    return 0;
}

...

So what caused additional antivirus software vendors to go NUTS?

I am starting to feel that they simply started to search for malware in libc itself. If so then that's kind of strange because there is not that many versions of libc linked to nearly everything under the sun over and over.

Here is the mentioned VS 2008 ProjectFile + source + resulting binary not doing anything along with vtotal results for it.

But please go ahead and create an EMPTY C++ project to see it yourself.
Add a cpp file with this empty winmain doing nothing build release ...

Emilio Garavaglia
  • 4,289
  • 1
  • 22
  • 23