Virus detected

[alasdair980]

Hello
in the ide I wrote a two line program [writeline('hello world'); readln;]
creating an exe called test.exe
and windows defender

[marcov]

Hello
in the ide I wrote a two line program [writeline('hello world'); readln;]
creating an exe called test.exe
and windows defender

Easiest is to submit the EXE to a site like virustotal.com to scan it with multiple antivirusses, and see if it is a Windows Defender false positive or a genuine malware. Usually it is the former.

To get by (and gain some speed) you can exclude developer related dirs from the antivirus

[MarkMLl]

I know I'm being pedantic here, but if this really was the code being used

Code: [Select]

  writeline('hello world');
  readln;

then there's something wrong: either the code hasn't been copied across verbatim, or an external library is being pulled in (which might include malware) or FPC isn't being used.

MarkMLl

[Ericktux]

The same thing happened to me when building applications in Lazarus, to solve it I sent the exe to Microsoft "Submit a file for malware analysis" in the following link
https://www.microsoft.com/en-us/wdsi/filesubmission

As you are the developer of the program, select the Software developer option and click the Continue button. Fill in the form data. When you finish filling out the form and uploading the program, you will receive a link that you can consult to know the status of the review at all times.

with this it was enough and windows defender no longer bothered

[af0815]

This can be happen sometimes, regardless of the virusscanner. Because they use heuristic for finding.

The best way is, as described before, send the file to the AV-Scanner company and complain that is positive false.

The same can often happen, if you build a complete new compiler from scratch. I have sometimes the problem that the resulting temporary (stage) compiler in the makefile is blocked or removed. But sending the files to the AV companies helps, often after 2 or 3 days with the next update the problem is gone.

[Nicole]

That software written by Pascal are thought for an virus is an effect, which is familiar to me since Delphi XE3.
I never will forget, how hateful somebody reacts, whom I donated a useful utility. He accused me to attack him by a virus without further thinking....

[Bitbeisser]

or an external library is being pulled in (which might include malware) or FPC isn't being used.

It's not malware in the library, but the virus scanner is detecting the basic RTL/startup code that is being used as being (part of) the virus! This happens to me not only with applications written in FreePascal/Lazarus but in a free C compiler that I use on Windows as well...

It's just that those compilers are used rather rarely in the big picture of things and they are being used by the malware creators, and causes makes a lot of AV manufacturers are slow to react and improve their detection, or they are simply ignoring any complaint... 

Ralf

[MarkMLl]

It's not malware in the library, but the virus scanner is detecting the basic RTL/startup code that is being used as being (part of) the virus! This happens to me not only with applications written in FreePascal/Lazarus but in a free C compiler that I use on Windows as well...

Look, we all know what /ought/ to be happening here. But the truth of the matter is that either OP has copied his code across inaccurately, or he's not using unadorned FPC.

MarkMLl

[Ericktux]

neither does "google" escape false positives

[Bitbeisser]

It's not malware in the library, but the virus scanner is detecting the basic RTL/startup code that is being used as being (part of) the virus! This happens to me not only with applications written in FreePascal/Lazarus but in a free C compiler that I use on Windows as well...

Look, we all know what /ought/ to be happening here. But the truth of the matter is that either OP has copied his code across inaccurately, or he's not using unadorned FPC.

MarkMLl

Well, you quoted me, but it doesn't look like you actual read it. The OP didn't do anything wrong, it is the AV companies that have screwed up detection...

[KodeZwerg]

Hello
in the ide I wrote a two line program [writeline('hello world'); readln;]
creating an exe called test.exe
and windows defender

May I ask, what is method "writeline()" and where does it come from?

[MarkMLl]

Well, you quoted me, but it doesn't look like you actual read it. The OP didn't do anything wrong, it is the AV companies that have screwed up detection...

No, /you/ didn't read the original posting. The code shown uses a function that doesn't exist in FPC.

MarkMLl

[davidw]

Good morning.

I am a new user, looking for a x-platform tool.

I also had a virus issue. I downloaded Lazarus, wrote a very simple program with a form, button and text box. I compiled the program to an EXE and copied the EXE to another computer to run it.

It was immediately blocked by Windows Defender because it was identified as Torjan:Script/Wacatac.B!ml

Code: Pascal  [Select][+][-]

1. unit Unit1;
2.  
3. {$mode objfpc}{$H+}
4.  
5. interface
6.  
7. uses
8.   Classes, SysUtils, Forms, Controls, Graphics, Dialogs, StdCtrls;
9.  
10. type
11.  
12.   { TForm1 }
13.  
14.   TForm1 = class(TForm)
15.     Button1: TButton;
16.     Edit1: TEdit;
17.     procedure Button1Click(Sender: TObject);
18.     procedure FormCreate(Sender: TObject);
19.   private
20.  
21.   public
22.  
23.   end;
24.  
25. var
26.   Form1: TForm1;
27.  
28. implementation
29.  
30. {$R *.lfm}
31.  
32. { TForm1 }
33.  
34. procedure TForm1.Button1Click(Sender: TObject);
35. begin
36.   edit1.Text:='Hello World';
37. end;
38.  
39. procedure TForm1.FormCreate(Sender: TObject);
40. begin
41.  
42. end;
43.  
44. end.                
45.  

 

[af0815]

In short -
Test the file on a virus test portal and if the file is ok, send the program to the "snake oil" Provider aka M$.

In long -
 the heuristic of some virusprogramms intend to produce positive false and the virussignalition must be updated by the virusscanner provider.