Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: The restore folder virus that will not go away

  1. #11
    gary_m_mugford Guest

    Default Re: The restore folder virus that will not go away

    Quote Originally Posted by stormsy View Post
    I had a similar problem. Except I had the virus called "Virus.Win32.Induc.a" - not sure how it got onto my PC as I ran a scan one day, then the next had to reinstall ZASS only to do another scan to find that I had this virus on my system localted in an .exe file which was downloaded from a reputible website just a week ago!

    I deleted it, but then the next day the On-access scan said it had found the same virus in a system volume .exe. file which I deleted that too, and then saw the post about flushing the system restore - this seems to have worked.

    After the little incident, I have now downloaded Malwarebytes Anti-malware and Spybot - to which I have ran both of them with updated databases and found nothing. So all-in-all everything is looking okay. (If not, I will format and reinstall XP - I have done it before and it doesn't take long...)

    I have read about this virus from Kaspersky Labs, and apparently this virus only infects the Delphi community who writes programmes. It intalls itself into the programme being written and then it distributes itself as the programme is distributed to everyone (I think - not sure about the exact details.) However, it has no real affect on the computer, leading to suggestions that this is a new way to distribute viruses - and has yet to be picked up and tweaked by cybercriminals...

    Thanks,
    Stormsy.
    Induc.A has certainly taken the Delphi programming environment by storm (groan, sorry). At any rate, check out Marco Cantu's blog at http://blog.marcocantu.com/. It's as good a primer as any in terms of getting rid of it and staving it off in the future.

    Checkpoints ... [1] THIS version of the virus only affects programmers working in Delphi 5 through 7. [2] The non-radical solution is to search your system for SysConst.DCU and look at it/them in Notepad. There will be obvious code that jumps to code at the end. [3] The infected files will be 18K in size, rather than 12K in size. [4] Delete the infected files [5] copy the SysConst.BAK in the LIB sub-folder of where D7 is installed to SysConst.DCU, but DO NOT DELETE that BAK file. Induc.A looks for that file and decides you are already infected, if something infected comes along your way again. Mind you, that protection doesn't necessarily mean Induc.B will work that way, but every little bit of cure helps. [6] You have to basically recompile (Build-CtrlF2) any project you compiled subsequent to being infected.

    The guts of this infection vector is to infect programmer's pre-built compiled code. Then, any new programs/updates from that programmer carries the virus. That's why some narrow niche apps written in Delphi are infected and on the loose, as are a number of general programs that were written in Delphi and released to the public. There are some very well-known apps that were released in the last few days that have the virus.

    Naturally, we've now been forewarned about this 'not' new infection vector. Ken Thompson famously posited it years ago. Embarcadero is working on a solution to help we few atavists that cling to Delphi 7. But all programmers, Delphi, Rails, Python, VB and .NET alike, have now been warned to take more stringent measures to protect our programming environment. The next version of Induc won't be so benign.

    That's why I'm not sleeping at nights.

    GM

  2. #12
    stormsy Guest

    Default Re: The restore folder virus that will not go away

    Quote Originally Posted by gary_m_mugford View Post
    Induc.A has certainly taken the Delphi programming environment by storm (groan, sorry)...

    Checkpoints ... [6] You have to basically recompile (Build-CtrlF2) any project you compiled subsequent to being infected...

    That's why I'm not sleeping at nights.

    GM
    Yes - I see the pun there, very good!

    I'm afraid that I am not a programmer (I have no idea how to write them using C++!) So all-in-all I am concerned about is just getting rid of it - which I have (Malware and Spybot have returned nothing, meaning I am free of it!)

    Nowadays, the Internet is becoming so infested with malware that eventually something will have to be done about it. Highly doubtful though...

    Thanks,
    Stormsy.

  3. #13
    Join Date
    Aug 2009
    Location
    Texas Gulf Coast
    Posts
    1,648

    Default Re: The restore folder virus that will not go away

    Quote Originally Posted by fax View Post
    You must connect in Safe Mode with networking to scan with the ZA antivirus, otherwise the antivirus will not be functional.
    Is it by choice that your PM is turned off? Sometimes it is useful to communicate directly and thus avoiding hijacking the thread.

    Thanks,
    Fax
    This will be my last post only to clarify suggestion made by me to poster.Guru fax is correct, I tried using ZASS anti-virus scan in Safe Mode.It will not function "Protection Is Up, UI is Initializing" in Safe Mode as Guru fax stated.Will only work using Safe Mode with Networking as he stated.

    Have a nice Day & Farewell

  4. #14
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: The restore folder virus that will not go away

    Quote Originally Posted by Sky Soldiers View Post
    This will be my last post only to clarify suggestion made by me to poster.Guru fax is correct, I tried using ZASS anti-virus scan in Safe Mode.It will not function "Protection Is Up, UI is Initializing" in Safe Mode as Guru fax stated.Will only work using Safe Mode with Networking as he stated.

    Have a nice Day & Farewell
    Hopefully your are not leaving the forum for the above...
    If you change your mind you are welcomed by all of us and I am sure by all the users that you have successfully helped so far!

    Thank you!

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •