Virus that attacks Delphi library units

Please discuss topics non-related to Delphi programming here.

Virus that attacks Delphi library units

Postby Kambiz » August 20th, 2009, 4:47 pm

Antivirus experts have found an odd virus that attacks Delphi library units to get compiled into your programs. The W32/Induc-A virus doesn't affect executable files, but looks for a Delphi installation (apparently versions 5, 6 and 7), modifies SysConst.pas (backing up the original) and gets compiled by Delphi into your own programs, to keep spreading.

Read the rest of article in Marco Cantu's blog: http://blog.marcocantu.com/blog/virus_a ... elphi.html
Kambiz
User avatar
Kambiz
Administrator
Administrator
 
Posts: 2421
Joined: March 7th, 2003, 7:10 pm

Re: Virus that attacks Delphi library units

Postby HPW » August 20th, 2009, 6:27 pm

Unfourtunatly neosoft's and my development system gets infected with the W32/Induc-A in 04/05.2009 !
After getting the first info about it a few days ago we had to react fast to get updates out, because many Antivirus-Software
now start to find it.

So after recompiling each of my plugins, we are back on normal duty.

A sad thing for delphi and it's community!
Hans-Peter
HPW
Moderator
Moderator
 
Posts: 236
Joined: February 25th, 2006, 10:19 am
Location: Germany

Re: Virus that attacks Delphi library units

Postby Kambiz » August 21st, 2009, 9:06 am

My computer is infected too, and I don't now how to get rid of it.
Kambiz
User avatar
Kambiz
Administrator
Administrator
 
Posts: 2421
Joined: March 7th, 2003, 7:10 pm

Re: Virus that attacks Delphi library units

Postby HPW » August 23rd, 2009, 8:59 pm

Sorry for late reply.

Look in your delphi /Lib folder for the SysConst.bak
When it is there you will see that it is smaller than the current SysConst.dcu
The BAK is the clean old version.
Copy the bak over SysConst.dcu so you have 2 identical files. (BAK+DCU)

Then you can recompile all your stuff with the clean delphi.
The virus in other EXE checks the presents of the bak and does no more action.
Another security action is then to set the directory lib to write-protected.
Hans-Peter
HPW
Moderator
Moderator
 
Posts: 236
Joined: February 25th, 2006, 10:19 am
Location: Germany

Re: Virus that attacks Delphi library units

Postby Kambiz » August 24th, 2009, 3:30 am

Thank you!
Kambiz
User avatar
Kambiz
Administrator
Administrator
 
Posts: 2421
Joined: March 7th, 2003, 7:10 pm


Return to Miscellaneous

Who is online

Users browsing this forum: No registered users and 1 guest

cron