Re: Delphi 7 generates Mirror-4130 virus code
- From: "Arash Partow" <partow@xxxxxxxxx>
- Date: 21 Nov 2005 02:44:25 -0800
Anti-virus applications use hashes of machine code found in virii
to detect them. Its fast and allows for simple database structures
to store virii info instead of having a specialised algorithms for
each variant of virus.
That said most likely it just so happens that op code produced by
that piece of source code is equating to some hash value found in
the sophos virus DB. (aka false positive), to be sure use another
AV and see what that says. FYI I've run the code through VET-AV
and it doesn't seem to detect anything. btw I've got Delphi 7 with
the final service pack - it could be producing different op code
but I doubt it.
Arash Partow
________________________________________________________
Be one who knows what they don't know,
Instead of being one who knows not what they don't know,
Thinking they know everything about all things.
http://www.partow.net
.
- Follow-Ups:
- Re: Delphi 7 generates Mirror-4130 virus code
- From: J French
- Re: Delphi 7 generates Mirror-4130 virus code
- References:
- Delphi 7 generates Mirror-4130 virus code
- From: John Allwork
- Delphi 7 generates Mirror-4130 virus code
- Prev by Date: Delphi 7 generates Mirror-4130 virus code
- Next by Date: Re: Delphi 7 generates Mirror-4130 virus code
- Previous by thread: Delphi 7 generates Mirror-4130 virus code
- Next by thread: Re: Delphi 7 generates Mirror-4130 virus code
- Index(es):
