Forum > Windows

Trojan.Win64.Themida on compiled applications!

(1/2) > >>

Alienizering:
After compiling my application with the latest Lazarus and scanning the exe with virustotal.com I get this virus alert...

Trojan.Win64.Themida

and so does Google Drive.

Anyone have the same problem or have an idea as to why?

Same problem on a fresh Windows 10/64 install and only Lazarus installed!

KodeZwerg:
I can not confirm but for a real test a source to compile would be needed.
My own tries having most often one or two unimportant false alarms.
Lazarus 2.3.0 (rev 53b17f5614) FPC 3.2.2 x86_64-win64-win32/win64

KodeZwerg:

--- Quote from: Alienizering on April 25, 2023, 02:31:43 am ---Same problem on a fresh Windows 10/64 install and only Lazarus installed!
--- End quote ---
I am curious about what you mean with phrase "fresh install".
Are you using a Windows installation media (DVD) or install from a probably infected media (Backup drive)?
Are you installing Lazarus from a probably infected media or fresh from web?

Alienizering:
Thanks for your reply.

A fresh install with a genuine Windows DVD, no other software installed, only the latest Laz download.

If I remove all the code for http access, I don't get that virus alert. That is, removing the opensslsockets and fphttpclient units and of course rem out my code that uses them.

Martin_fr:

--- Quote from: Alienizering on April 25, 2023, 07:59:53 am ---If I remove all the code for http access, I don't get that virus alert. That is, removing the opensslsockets and fphttpclient units and of course rem out my code that uses them.

--- End quote ---

That does sound like a false positive. How many of the AV engines on Virustotal return the alert? If the manufacturers have websides, they will usually have an option to upload false positives. And then they check it more detailed and update the signatures.
 

Navigation

[0] Message Index

[#] Next page

Go to full version