site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Win32:Induc, new concept of file infector?

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


ahulett
Life Without Walls
Premium,VIP
join:2003-02-02
Bellevue, WA
kudos:2

reply to wideglide36

Re: Win32:Induc, new concept of file infector?

Delphi isn't "installed" per se. There's two parts here. The first part is the Delphi compiler, and the second part is the software compiled with it. Let's go over a very high-level view of what's happening here.

Where this starts is in the library files used by the Delphi compiler. This virus infects the library source files, and the end result is that whenever a program is compiled with the Delphi compiler, the program itself now contains the virus.

Then, the person/company that compiled that program puts it up on their website or distributes it however they choose, which allows the virus to spread to other machines. When the virus hits another machine, it checks to see if a Delphi compiler is present, and if so then it infects the compiler so that now this compiler also includes the virus in any programs made with it.

And if you have a Delphi compiler on your system - which would probably mean you're writing programs using some form of an Integrated Development Environment such as Borland Delphi or CodeGear Delphi - then the concern would be to make sure your libraries aren't infected. I'll take a bet that you don't have a Delphi compiler on your system, but if you do, then it'd be a good idea to check it out.

The part you're probably interested in is the second part - where the program obtained from the author contains the virus. It's important to note that simply having programs that were written using Delphi are just fine. The thing we're focused on here is if the file contains the virus code. If it does, then the virus needs to go, but if not, then it's alright to have.

If you had a couple files that were detected as Induc, the way to go is to address the infected files (as in: use your antivirus software) and contact any vendors whose software is infected and see if they have a new version that's Induc-free.

Hopefully this helps.

//Aaron

---
Aaron Hulett | Microsoft Malware Protection Center
This post is provided "AS IS" without warranty, and confers no rights.
to forum · permalink · 2009-08-25 15:14:25 ·


Pentangle
With our thoughts we make the world.
Premium
join:2006-06-01
Vancouver BC
kudos:1
Reviews:
·Shaw

Thanks for the explanation Aaron. Curiously the .728 version of Glary Utilities was infected but was undetected by Avast until the .738 and clean version was released. It's still comforting to know that the virus was essentially harmless.
--
Knowledge is learning something new every day. Wisdom is letting go of something every day.

to forum · permalink · 2009-08-25 19:52:42 ·

wideglide36

join:2003-11-08
Altoona, PA

Aaron,

Great explanation. Thanks.
I assume I do not have the Delphi compiler as I am not a programmer. I believe you are right, in that I probably have a program that contains files written with the Delphi compiler.
I scanned those files and they were clean so I guess I can leave them alone.

The original problems I had with this virus were connected to Weather Pulse and Gmail Keeper. Both of these programs have since been updated to a clean version and everything seems ok now.

Thanks again.

to forum · permalink · 2009-08-25 20:01:07 ·
Forums > Broadband Tech > Security > Security

Sunday, 03-Jun 06:19:51 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics