Recent

Author Topic: Trojan.Win64.Themida on compiled applications!  (Read 2720 times)

Alienizering

  • New Member
  • *
  • Posts: 11
Trojan.Win64.Themida on compiled applications!
« on: April 25, 2023, 02:31:43 am »
After compiling my application with the latest Lazarus and scanning the exe with virustotal.com I get this virus alert...

Trojan.Win64.Themida

and so does Google Drive.

Anyone have the same problem or have an idea as to why?

Same problem on a fresh Windows 10/64 install and only Lazarus installed!

KodeZwerg

  • Hero Member
  • *****
  • Posts: 2269
  • Fifty shades of code.
    • Delphi & FreePascal
Re: Trojan.Win64.Themida on compiled applications!
« Reply #1 on: April 25, 2023, 03:06:27 am »
I can not confirm but for a real test a source to compile would be needed.
My own tries having most often one or two unimportant false alarms.
Lazarus 2.3.0 (rev 53b17f5614) FPC 3.2.2 x86_64-win64-win32/win64
« Last Edit: Tomorrow at 31:76:97 xm by KodeZwerg »

KodeZwerg

  • Hero Member
  • *****
  • Posts: 2269
  • Fifty shades of code.
    • Delphi & FreePascal
Re: Trojan.Win64.Themida on compiled applications!
« Reply #2 on: April 25, 2023, 03:17:26 am »
Same problem on a fresh Windows 10/64 install and only Lazarus installed!
I am curious about what you mean with phrase "fresh install".
Are you using a Windows installation media (DVD) or install from a probably infected media (Backup drive)?
Are you installing Lazarus from a probably infected media or fresh from web?
« Last Edit: Tomorrow at 31:76:97 xm by KodeZwerg »

Alienizering

  • New Member
  • *
  • Posts: 11
Re: Trojan.Win64.Themida on compiled applications!
« Reply #3 on: April 25, 2023, 07:59:53 am »
Thanks for your reply.

A fresh install with a genuine Windows DVD, no other software installed, only the latest Laz download.

If I remove all the code for http access, I don't get that virus alert. That is, removing the opensslsockets and fphttpclient units and of course rem out my code that uses them.


Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 10704
  • Debugger - SynEdit - and more
    • wiki
Re: Trojan.Win64.Themida on compiled applications!
« Reply #4 on: April 25, 2023, 12:10:33 pm »
If I remove all the code for http access, I don't get that virus alert. That is, removing the opensslsockets and fphttpclient units and of course rem out my code that uses them.

That does sound like a false positive. How many of the AV engines on Virustotal return the alert? If the manufacturers have websides, they will usually have an option to upload false positives. And then they check it more detailed and update the signatures.
 

Alienizering

  • New Member
  • *
  • Posts: 11
Re: Trojan.Win64.Themida on compiled applications!
« Reply #5 on: April 25, 2023, 05:36:43 pm »
That does sound like a false positive. How many of the AV engines on Virustotal return the alert? If the manufacturers have websides, they will usually have an option to upload false positives. And then they check it more detailed and update the signatures.

Yes it is as only Google report it as a trojan, no others do. The problem is, I have my app on Google Drive for people to download but now, Google tells me that if I upload more infected files, I will be banned and my download is not available until I correct the problem. Doing the "report as an error" does nothing, Google never look at the file to correct their false positive.

I can do without Google Drive but it's just annoying and I would like to know which component does that or if it's just a compiler thing.

 

TinyPortal © 2005-2018