Menu
I've created an auto-updating application which is distributed to 100s of users.
The auto-update utility is being flagged by 55% of antiviruses on virustotal ( link ).
My application was created in Delphi 7. Most of the flags are saying that this is Generic trojan/malware, obviously the software isn't actually malware (I'm the only one with source code access and access to the server which hosts it) but it's causing a lot of users to be
Does anyone have any idea how I can stop this being wrongly flagged?
909
A fake pop up poses as a legitimate antivirus to threat and scam people to purchase a full version, which itself is spyware. Such frauds are gaining momentum in the internet landscape. A lot of internet users fall prey to such tactics and end up taking the bait.
Yes, we recommend all Windows devices use antivirus software. Currently, the only antivirus software known to be compatible with Windows 11 in S mode is the version that comes with it: Windows Defender Security Center.
Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for Security. Scroll to the Notifications section and select Change notification settings. Slide the switch to Off or On to disable or enable additional notifications.
If, as you stated, empty form applications get rated as virus, you might very well be infected by the Delphi virus. More info about this... thing:
In addition, you use Delphi 7, which is a target for this virus (as far as I know not all Delphi versions are).
56
Delphi 2007: New VCL Application
Compile without changing anything and some antivirus packages will report the resulting EXE as a potential virus/trojan. Change the name of the main form or add a second form to the project etc and antivirus warnings disappear. Undo the changes and they come back (so it's not a D2007 port of the "Delphi Upgrade Incentive Virus").
My guess is that someone, somewhere once upon a time wrote a virus/trojan/malware with Delphi and the signature/heuristics associated with that now sometimes unfortunately collides with other Delphi apps.
39
I think you have two choices:
a) Submit your auto-update program as a false positive to all those companies, (and do so for any new versions that are detected). Make it easier for them by ensuring your meta-data is correct and signing perhaps.
b) Split up the functionality so you don't have a single Delphi program that downloads files from the internet, overwrites files and patches files.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
