Re: Delphi 7 generates Mirror-4130 virus code
- From: erewhon@xxxxxxxxxx (J French)
- Date: Mon, 21 Nov 2005 13:20:04 +0000 (UTC)
On 21 Nov 2005 02:44:25 -0800, "Arash Partow" <partow@xxxxxxxxx>
wrote:
>Anti-virus applications use hashes of machine code found in virii
>to detect them. Its fast and allows for simple database structures
>to store virii info instead of having a specialised algorithms for
>each variant of virus.
>
>That said most likely it just so happens that op code produced by
>that piece of source code is equating to some hash value found in
>the sophos virus DB. (aka false positive), to be sure use another
>AV and see what that says. FYI I've run the code through VET-AV
>and it doesn't seem to detect anything. btw I've got Delphi 7 with
>the final service pack - it could be producing different op code
>but I doubt it.
I bet it is producing different op code
- Arash has optimization turned off - I'll bet yours is on
.
- Follow-Ups:
- Re: Delphi 7 generates Mirror-4130 virus code
- From: j . b . allwork
- Re: Delphi 7 generates Mirror-4130 virus code
- References:
- Delphi 7 generates Mirror-4130 virus code
- From: John Allwork
- Re: Delphi 7 generates Mirror-4130 virus code
- From: Arash Partow
- Delphi 7 generates Mirror-4130 virus code
- Prev by Date: Re: Delphi 7 generates Mirror-4130 virus code
- Next by Date: Re: Delphi 7 generates Mirror-4130 virus code
- Previous by thread: Re: Delphi 7 generates Mirror-4130 virus code
- Next by thread: Re: Delphi 7 generates Mirror-4130 virus code
- Index(es):
