Accidentally created a virus?

Sounds more like a heuristic screw-up to me. Do you have heuristics turned on (some scanners may refer to it as "virus-like code")? The chances that time stamps would equate to "a portion of some virus signature" seems too small to be happening all the time.

When I used to run a virus scanner, I never saw this problem with D6 or D7.


Yes, my team has experienced this maybe half a dozen times in 2-3 years with Sophos in a corporate environment. So, very rarely, but it does happen.

Our IT cretin started off demanding I review all the 1.5M lines of code in our app to "make it go away", but he didn't get too far pursuing that line...

To be fair, he was initially concerned that our clients might also receive such a warning, but we've only ever seen it triggered when building an exe from the IDE on a developer's PC, never on a release build exe on a test box or elsewhere.

Personally, it happens so rarely we don't worry about it.


Do these false positives also occur with other compilers?

Yes, this is has been a common problem in the past for AutoIt as addressed in this forum post "Are my AutoIt EXEs really infected?". In most cases including AutoIt it stems from poor heuristic practices. Since AutoIt uses the free and open UPX compressor, it is often mistaken for malicious code that also uses UPX.

The best (and possibly only) thing you can do is report these mistakes, so they can refine their heuristics or at least white list your app.

Below is a list of contact information for some popular anti-virus companies. They all claim to appreciate submissions as it helps them make their product better.

  • AntiVir - Contact
  • A2 (A-Squared) - Contact (email address)
  • Avast! - Contact
  • AVG - Contact
  • BitDefender - Contact
  • BullGuard - Contact
  • CA Anti-Virus - Contact
  • ClamAV - Contact
  • ClamWin - Contact
  • Comodo - Contact
  • ESET's Nod32 - Contact
  • eSafe - Contact (login required)
  • Fortinet - Contact
  • F-PROT - Contact
  • F-Secure - Contact
  • G-Data - Contact
  • Kaspersky - Contact
  • McAfee - Contact (email address)
  • Norman - Contact (email address)
  • Panda Anti-Virus - Contact
  • Sophos - Contact
  • Symantec (Norton) - Contact
  • Vipre - Contact
  • Windows Live OneCare - Contact
  • ZoneLabs - Contact

Turns out there is a great list of AV software on wikipedia, called 'List of antivirus software'. It is more complete than my list above.

A member of the Autoit Forums made a great script to e-mail a false positive to a huge list of AV vendors to automate this process a bit.


There is indeed Delphi virus in the wild, see http://www.sophos.com/blogs/sophoslabs/?p=6117