Win32:Induc virus

mehmeh12 · 21-08-2009 10:46am #1

Im using avira free version..i ran a full system scan this morning and avira detected 2 instances Win32:Induc in a program called 'Glary Utilities'. Then avira suddenly froze..the scan did not move for a about an hour..so i quarantined the viruses and turned off the scan. Has my avira been comprised? at the moment im running a malware bytes scan. According to this link http://www.viruslist.com/en/weblog?weblogid=208187826 this virus is not a real threat yet but does anyone know what this virus really does? I was actually planning to use a credit card something later today..is this safe?

JonathanAnon · 22-08-2009 10:28pm

I have this as well. It's only out since August 19th and most sites say that it attacks Borland Delphi, but I dont have this installed on my PC. It spreads wildly but is not mean to cause harm.

To get round it for the moment, I have just excluded it from the files that are to be scanned by my AV software. This was suggested on some of the forums discussing how to fix it. And until my AV software is updated and sorts out a proper solution that is what I'm gonna continue to do.

numbnuts · 23-08-2009 12:43am

JonathanAnon wrote: »

I have this as well. It's only out since August 19th and most sites say that it attacks Borland Delphi, but I dont have this installed on my PC. It spreads wildly but is not mean to cause harm.

To get round it for the moment, I have just excluded it from the files that are to be scanned by my AV software. This was suggested on some of the forums discussing how to fix it. And until my AV software is updated and sorts out a proper solution that is what I'm gonna continue to do.

http://www.dslreports.com/forum/r22891265-Win32Induc-new-concept-of-file-infector

No, this isn't a new concept. The idea's been around for a long time. We're just experiencing it at the moment and going through panic mode / shock for some reason. This really isn't that groundbreaking.

Our encyclopedia entry, for those interested: »www.microsoft.com/security/porta•••fInduc.A
--
Aaron Hulett | Malware Researcher | Microsoft Malware Protection Center
This posting is provided "AS IS" without warranty, and confers no rights.

The software authors need to get rid of the infection from their Delphi compilers and then rebuild their code and ship new binaries - that's how it'll get cleared out.

numbnuts..

JonathanAnon · 23-08-2009 1:19pm

numbnuts wrote: »

The software authors need to get rid of the infection from their Delphi compilers and then rebuild their code and ship new binaries - that's how it'll get cleared out.

I dont know about that though, numbnuts. I've been running the program that got infected (it's called Fast MIDI to MP3, great program) for about the last two years. Virus Scanner AVG finds Win32/induc on midi_to_mp3.exe in it's program files folder, and gives you the option to move it to the vault. So I'm thinking, aha, I just remove and reinstall. After reinstall I try to run the program again and get the same message from AVG to say that it is infected with Win32/induc.

However, if I take that same install file and bring it to my laptop it will run and install properly without the virus appearing. The virus just seems to tag one of your running processes and does it's best to prevent you from using that app. It's a big pain in the ass.

oh, and I've tried this removal tool win32induca-removal-tool

but it does not seem to work.

mehmeh12 · 23-08-2009 2:07pm

Ok well scans fulll avira and malware antibytes say my system is clean..am running a nod 32 online scan now.

The program i have that got infected 'glary utilities' has been uninstalled- a ok program for removing junk but ive replaced it with 'cc cleaner'.

What programs are written in delphi? what is delphi?

numbnuts · 23-08-2009 4:01pm

http://www.eset.eu/press/new-virus-win32-induc-a-delphi

The Delphi programming language tends to be used in quite robust database applications used primarily by banks and other institutions processing vast amounts of data, some of which have already reported being infected with Win32/Induc.A. The virus itself isn’t destructive, but rather uses innovative and uncommon techniques to spreading quickly.

numbnuts..

mehmeh12 · 24-08-2009 9:59am

Ok so the virus is non destructive...still if this is the case then why was it created? Is this a prototype of a new way of infecting computers?

numbnuts · 06-09-2009 1:51am

JonathanAnon wrote: »

However, if I take that same install file and bring it to my laptop it will run and install properly without the virus appearing. The virus just seems to tag one of your running processes and does it's best to prevent you from using that app. It's a big pain in the ass.

Are you sure you Didn’t transfer and infected file ..?

numbnuts · 06-09-2009 1:54am

mehmeh12 wrote: »

Ok so the virus is non destructive...still if this is the case then why was it created? Is this a prototype of a new way of infecting computers?

Is it a prototype? Maybe.
Depends on the intent of the author
Maybe they just did it to do it
Or they did it to try and see if it would work, or how long it'd go unnoticed, or... or... or...

When an infected file runs, it looks in the registry to see if a delphi compiler it's targeting is
Present. If no, do nothing else, and if yes, infect it.

numbnuts..

Win32:Induc virus

Comments