DeleD Community Edition

[chronozphere]

Hey guys,

This is quite disturbing. My firewall complains about DeleD seeking access to the internet.



192.186.1.37 is the IP-adress of my computer within my local network. I don't know why ICMP is used.

Can anyone comment on this? Is this some kind of virus? Any way to track down the source of the problem?

[Paul-Jan]

Woah, disturbing indeed!

Basically, there are three options:
- Your firewall is mistaken,
- You are indeed suffering from a virus.
- There is a hidden component in DeleD that tries to ping somewhere. (???)

Is this your home-build development version or one of the released binaries? If you build it yourself that rules out some possibilities (and introduces some new ones). You might be able to "pause" inside the Delphi IDE when this dialog is showing, and take a look at the call stack.

[Nocturn]

I've experienced that too since the CE Version. I've BackTracked which Application on my system (xpsp3) wants to send data about DeleD and it's the Windows Explorer (explorer.exe). If you have a kind of sophisticated Software Firewall that is very sensible you should know that the Explorer sends pretty much data (and guessing from the encrypted junk it want's usually to know which application, version, directx version and so on...). OR what else could trigger the Firewall is if you clicked from the Plugin-menu "Download more..." or any other link to the internet from DeleD.

If it's something bad you need to investigate more but it does not look unusual to me. If you block DeleD (what i recommend) it should still run without any problems.

[chronozphere]

DeleD still runs after blocking it. Actually, it's even usable while the firewall popup is showing (which means there's probably some threading going on).

I'm afraid it was the DeleD CE release I was running here.

It happened when I left my PC idle for a while. When I came back, the popup was there.

I tried wireshark to see what it was sending. I couldn't make anything out of it, as I didn't know which program sent what. It seemed like it was pinging some kind of computer of my ISP (did an Nslookup on the adress).

If anyone knows a way of capturing network activity for a specific process, I'd like to know about it.

[granada]

Not had that problem yet !!,I seem to remember those corridor prefabs .

Dave
_________________
AMD Phenom(tm)IIx6 1090t Processor 3.20 GHS
8.00 GB memory
Windows 7 64 bit
Nvida Geforce GTX 580

[chronozphere]

[granada]

[AWM Mars]

I pinged the url, it doesn't go anywhere... maybe its a local host?

[adr]

you said you ping it yes? What was the ip address?

[AWM Mars]

[Paul-Jan]

Good searching, and yes it's the local address if his machine.

In the first post, Chronozphere writes:

[chronozphere]

I don't think this is a "delphi virus" because I the IDE itsself seeks ICMP access too. so it's unlikely that the access is requested by some component of DeleD. the external adress: 195.241.77.55.

I did an nslookup and the corresponding name was: ns3.tiscali.nl (a machine of my ISP).

I don't think we need to worry about this. Guess it's just a Win7 driver (or my firewall) acting weird or something.

[AWM Mars]

Isn't there a link hookup in the Help menu, that brings you to the website and or forums?
That can trigger a false virus/firewall threat, same with some programmes that are set to auto update/check.
_________________
Politeness is priceless when received, cost nothing to own or give, yet some cannot afford.

Checkout:
http://www.awm.mars.yourinside.com/
http://www.bccservices.co.uk
http://www.localtradecheck.co.uk

[chronozphere]

I never use that menu item, so i guess that doesn't cause DeleD to seek access, especially not over ICMP