Lazarus
Installation => Windows (32/64) => Topic started by: zogtrog on April 13, 2019, 07:17:46 pm
-
Hi,
I installed the latest windows 32 bit version of lazarus this morning from source forge.
https://sourceforge.net/projects/lazarus/files/Lazarus%20Windows%2032%20bits/Lazarus%202.0.0/lazarus-2.0.0-fpc-3.0.4-win32.exe/download
I was messing around making a test web server project using webfp when the AVG behaviour sheild informed me it had detected VIRUS IDP.ALEXA.51 inside lazarus.exe. I am assuming this is a false positive ?
-
I am assuming this is a false positive ?
It may well be but do a virus scan of your full system, just in case it isn't: if other files appear to be infected with the same virus then it's not a false positive (obviously).
-
i am running a deep scan already. I ran a quick scan yesterday which was clear.
-
Also check the hash.
For Windows run in cmd:
cerutil -hashfile lazarus-2.0.0-fpc-3.0.4-win32.exe MD5
and compare result with checksums at https://www.lazarus-ide.org/index.php?page=checksums#2_0_0 (https://www.lazarus-ide.org/index.php?page=checksums#2_0_0)
-
Just in case: is your software all up-to-date?
See https://support.avg.com/answers?id=906b0000000LTe4AAG
-
You can check the downloads to be unmodified by looking at the checksum
https://www.lazarus-ide.org/index.php?page=checksums
https://www.microsoft.com/en-us/download/details.aspx?id=11533 for microsofts fciv to checksum the file on your disk.
The windows installers are uploaded to virustotal (you can search by checksum)
https://www.virustotal.com/gui/file/fb64be2210c3583f3a184a4a3acc2342624582f7d946ab06d4faf64c81e0326d/detection
and sometimes to
https://metadefender.opswat.com/results#!/file/FB64BE2210C3583F3A184A4A3ACC2342624582F7D946AB06D4FAF64C81E0326D/hash/multiscan
As you can see they have one "possible detection", which in this case is a false positive.
This kind of "generic..." detection is often some kind of guess by the AV engine. And the IDE gets its share of false positives.
Most AV companies have an upload site for false positives. They will then whitelist the software, if indeed it is harmless. But for the IDE that is not useful, as every time you install/remove a package you rebuild it, and therefore change it.
But when you get a report, you can always verify it at virustotal or other metascan sites.
-
The check sum appears to be okay, but worryingly my antivirus scan has been stuck at 28% for the last half anhour. I updated AVG immediately before running running the deep scan. I been having problems with the windows start menu freezing since a windows update yesterday as well.
I also rebulit lazarus with webfp immediately after I installed it.
D:\down>certutil -hashfile lazarus-2.0.0-fpc-3.0.4-win32.exe MD5
MD5 hash of lazarus-2.0.0-fpc-3.0.4-win32.exe:
1b634f5fac8b0c7edc0bd49e72ecbefc
CertUtil: -hashfile command completed successfully.
-
An alternate way of scanning is getting a scanner that boots from dvd or usb stick.
There is Desinfect by the German CT magazine. But it is not free.
Or google. I found this: (page is in German...)
https://www.eset.com/de/support/sysrescue/
There should be others.
From my last/old PC, I made the experience that OS hangs / slow down etc, can be caused by disk/filesystem errors. So running checkdisk may be an option too.
There are also tools (IIRC even by microsof) to create an emergency windows 10 boot dvd/stick. You can always do that at a friends pc.
-
I ran a boot scan on my computer using AVG, I ran a system scan through spybot SD and a scan using spy hunter 5 which is supposed to to be able to detect and remove this particular virus, and all the scans came back clean.
I submitted the version of lazarus.exe I had compiled myself to VirusTotal and it came back clean as well. So I think it's safe to assume that on this occasion the AVG Behaviour shield came up with a false detection.
Oh yeah - thanks for all the help and support you guys gave me with this problem, it was much appreciated.
:)