This threat attempts to infect Delphi files during the compilation process. It does this by placing an infection routine in the following file:
[DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConsts.dcu
Any file that is subsequently compiled with Delphi will have the viral code included in it.
The threat copies the file [DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConsts.dcu to
[DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConst.bak.
The threat temporarily creates the file [DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConsts.pas, which contains the infection routine. This is then compiled into the following file:
[DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConsts.dcuNote:
- Versions 4, 5, 6, or 7 of the Delphi development environment must be installed on the computer for this virus to run.
- The infected files do not perform any malicious actions if Delphi is not installed.