1. /
  2. Security Response/
  3. W32.Induc.A

W32.Induc.A

Risk Level 1: Very Low

Discovered:
August 18, 2009
Updated:
August 19, 2009 3:24:54 AM
Also Known As:
W32/Induc-A [Sophos], W32/Induc [McAfee], PE_INDUC.A [Trend], W32/Induc-B [Sophos], W32/Induc.A [F-Secure]
Infection Length:
Varies
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
This threat attempts to infect Delphi files during the compilation process. It does this by placing an infection routine in the following file:
[DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConsts.dcu

Any file that is subsequently compiled with Delphi will have the viral code included in it.

The threat copies the file [DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConsts.dcu to
[DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConst.bak.

The threat temporarily creates the file [DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConsts.pas, which contains the infection routine. This is then compiled into the following file:
[DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConsts.dcu

Note:
  • Versions 4, 5, 6, or 7 of the Delphi development environment must be installed on the computer for this virus to run.
  • The infected files do not perform any malicious actions if Delphi is not installed.
Writeup By: Liam O Murchu
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver