Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: Avast says many XE8 files contain a trojan virus



Permlink Replies: 3 - Last Post: Sep 17, 2015 9:02 AM Last Post By: Borja Serrano
Doug Hay

Posts: 122
Registered: 5/26/05
Avast says many XE8 files contain a trojan virus
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 16, 2015 7:50 PM
I ran a full scan today with Avast, and it deleted dozens of C++ Builder XE8 files. Almost all of them had the Banker-MGC trojan.

So XE8 would no longer run. I am doing the "Modify" option now, and I can see Avast popping up and deleting the same files as they are being reinstalled.

I'd have to assume Avast is incorrect, that these files are not infected. I'd like to verify this though.

File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\BDSFileCopyHelper.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\BDSLauncher.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\bdsreg.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\BDSSetLang.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\FMXMetropolisUIStyleViewer.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\FMXMobileStyleViewer.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\FMXStyleViewer.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\convert.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\converters\java2op\Java2OP.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\migrationtool.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\cgconfig.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\tregsvr.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\updatecheck.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\FDAdministrator.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\FDExplorer.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\FDMonitor.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\drinterop.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\DSProxyGen.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\DSProxyReg.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\genplist.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\GenTLB.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\httpsrvr.dll is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\paclient.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\reFind.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\RESTDebugger.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\scktsrvr.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\tlibimp.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\FMXControlStyleViewer.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\stdvcl40.dll is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\WSDLImp.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\extracticon.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\PAServer\setup_paserver.exe|>InstallerData\Disk1\InstData\Resource1.zip|>$IA_PROJECT_DIR$\rmtagent\win32\paserver.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\Redist\win32\FMXMetropolisUIStyleViewer.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\Redist\win32\emsconsole.dll is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\Redist\win32\FDAdministrator.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\Redist\win32\FMXControlStyleViewer.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\Redist\win32\FMXMobileStyleViewer.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\Redist\win32\FMXStyleViewer.exe is infected by Win32:Banker-MGC [Trj], Moved to chest
File C:\Program Files (x86)\Embarcadero\Studio\16.0\Redist\win32\rtl220.bpl is infected by Win32:Banker-MGC [Trj], Moved to chest

Thanks!
Doug
Borja Serrano

Posts: 172
Registered: 1/10/13
Re: Avast says many XE8 files contain a trojan virus
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 17, 2015 6:45 AM   in response to: Doug Hay in response to: Doug Hay
That was a false positive (https://forum.avast.com/index.php?topic=176583.msg1252118#msg1252118). If you update the virus database you won't have the issue anymore. You can also restore the files as explained here: https://www.avast.com/en-us/faq.php?article=AVKB21#idt_05
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Avast says many XE8 files contain a trojan virus
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 17, 2015 9:00 AM   in response to: Borja Serrano in response to: Borja Serrano
Borja wrote:

If you update the virus database you won't have the issue anymore.

Or configure Avast to ignore your $(BDS) folder completely.

--
Remy Lebeau (TeamB)
Borja Serrano

Posts: 172
Registered: 1/10/13
Re: Avast says many XE8 files contain a trojan virus
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 17, 2015 9:02 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
That also works, but Avast was giving false positives with any Delphi app made with XE8 or Seattle.
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02