Malware

XOJO 2021r1.1 - Windows 10 Desktop
I was trying to create some user controls with a Container Control.
I did not do it in my main app, but in a seperate test app.
At a moment I inserted a Popup Arrow and when I then tried to debug my virusscanner (Kaspersky) was alarmed saying : “VHO:Trojan.Win32.Sdum.gen” malware, and the compile couldn’t be finished.
I tried some other controls too, and some gave the same result.

I copîed the Xojo project to my laptop. A new one with only Windows 10 and XOJO installed. It gave me the same problem.
This makes me think that it is not a really virus alert, but something that is in the Xojo code.
Are there other users who have had the same problem ?

Regards

I’d say it’s most likely a false positive. I don’t use Kaspersky, but I am using 2021r1.1 on my Windows 10 box that runs Avast and in a VM that has only Defender. Neither of these have generated AV warnings for me.

I put a Popup Arrow inside a ContainerControl then added that to a window.

You should do a full system scan just to be sure using your AV of choice and something like MalwareBytes.

I had the same problem with AVAST. They have a program for developers to send them their apps so they analyze the code to avert false positives. I sent my app, and never again had the same issue.

You may want to go to the Kaspersky web site and look around. They must have the same kind of program.

Thanks for the replies.
I was able to eliminate the problem by changing the ‘Window App Name’ in the ‘Build Settings’.
The default name was ‘My Application.exe’. Changing this name into ‘Test.exe’ did eliminate the problem.
Regards

3 Likes

Which makes me wondering: do [some/all] antivirus software also check the app name to detect malwares?

Some things could be occurred:

  1. The user has set all possible options in the engine, like “use heuristics”, “report anything suspicious”, etc.
  2. The user has set all possible options to the max like “Level: Paranoid”
  3. The Kaspersky engine is kind of stupid.
1 Like

Most antivirus apps inner workings are proprietary, so concluding that changing the app’s name is enough could be misleading.

But what an idea to not name your application.

On the other hand, many users keeps TextField1, Canvas1, etc. Others use Picture (for example) as a Picture name…

He just saw that after changing the name, his Kasperky engine stopped complaining about THAT specific false positive. For that case it is enough.

Next time, submit a sample here: https://opentip.kaspersky.com/

1 Like

Interestingly, a “Hello World” in Russian was firing the same false positive 3 months ago:

Source: С++ Hello World VHO:Trojan.Win32.Sdum.gen | Kaspersky Community

How do you say “Malware” in Russian ?
“Hello World” !

Translation provided by Kaspersky :wink:

1 Like

According to Google translate:

вредоносное ПО
vredonosnoye PO

:grin:

1 Like
Forum for Xojo Programming Language and IDE. Copyright © 2021 Xojo, Inc.