1. Symantec/
  2. Security Response/
  3. W32.Induc.A

W32.Induc.A

Risk Level 1: Very Low

Discovered:
August 18, 2009
Updated:
August 19, 2009 3:24:54 AM
Also Known As:
W32/Induc-A [Sophos], W32/Induc [McAfee], PE_INDUC.A [Trend], W32/Induc-B [Sophos], W32/Induc.A [F-Secure]
Infection Length:
Varies
Systems Affected:
Windows
This threat attempts to infect Delphi files during the compilation process. It does this by placing an infection routine in the following file:
[DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConsts.dcu

Any file that is subsequently compiled with Delphi will have the viral code included in it.

The threat copies the file [DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConsts.dcu to
[DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConst.bak.

The threat temporarily creates the file [DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConsts.pas, which contains the infection routine. This is then compiled into the following file:
[DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConsts.dcu

Note:
  • Versions 4, 5, 6, or 7 of the Delphi development environment must be installed on the computer for this virus to run.
  • The infected files do not perform any malicious actions if Delphi is not installed.
Writeup By: Liam O Murchu
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube