Hi I work for a software developer and it seems that one of our executables is bringing an alert that says it's a trojan horse :-(
The following Trojan.PWS.Delf.IHL trojan has been detected. I have seen this been brought up by your program as well as bitdefender but I can assure you that no virus is being executed and a feel that it's giving a false positive. It is frustrating that my customers are coming back to me with this worrying news when clearly the virus database engines that you use are not recognizing purely valid run commands
Could you give me some more information with regards to this as I have checked other virus software and they do not give this virus prompts and is not in there databaes
I have done some more investigation with regards to this. It seems that the apps are what called stub applications where they start other app (in this case winexec to run). It seems that the virus engines that you use have become very lazy and have given a false positive to a legitimate process.
It is only just recently that this has come up and in all the years we have had the software we have never had an issue with regards to this so it seems that bullguard and other like bitdefender have purchased a database engine from a third party and is using the same witch will give this problem.
Further info with regards to all of this and this is how basically lazy the databse is
These 'stub' programs are incredibly simple - e.g
program ****;
uses Windows, {$R *.res}
begin WinExec('astra\art32.exe -800 pc\wldtalk.ast', SW_SHOWNORMAL); end.
As you can see, it is simply using a Windows SDK call to execute the Astra runtime system Art32.exe with appropriate command line parameters.
Changing the WinExec to
WinExec('blah blah blah', SW_SHOWNORMAL); STILL produces a false alarm from BullGuard. So it looks as if they are misdiagnosing ANY short program which just does a WinExec as a Delf Trojan variant - which is incredibly sloppy!
where OurWinExec is our own library routine which uses the Windows SDK call CreateProcess to do exactly the same thing - this stops BullGuard generating the false alarm.
so it a pain that bulldog and others have got this so wrong all of a sudden
Currently it is Friday, November 21, 2008 4:09 PM (GMT +1) There are a total of 63.992 posts in 15.829 threads. In the last 3 days there were 34 new threads and 171 reply posts. View Active Threads
Who's Online
This forum has 27186 registered members. Please welcome our newest member, Kerrloveswilly. 55 Guest(s), 0 Registered Member(s) are currently online. Details
|