DonationCoder.com Forum
Main Area and Open Discussion => Living Room => Topic started by: Carol Haynes on October 25, 2009, 06:14 PM
-
I just running a full system scan and NOD32 reports that Website Watcher is infected with Win32/Induc.A virus.
I am running WW version 5.0.5 (my updates have expired so I can't update to a newer version without paying).
I looked up this virus on Sophos and it says:
W32/Induc-A is a virus that infects Delphi files at compile-time. As such, these files cannot be disinfected and need to be recompiled cleanly.
W32/Induc-A searches computers for installations of Delphi, then attempts to temporarily modify SysConst.pas, and compiles this to infect SysConst.dcu. The original SysConst.dcu can be restored from the backup made by the virus in SysConst.bak.
Infected SysConst.dcu files are detected as Mal/Induc-A, and infected SysConst.pas files as Mal/Induc-B. These behavioural genotype detections detect all infected versions that we are currently aware of. However, we would still like to see more samples of SysConst.dcu, SysConst.bak and SysConst.pas from any Delphi developers potentially affected by this virus, especially if you have customized versions of these units.
Further analysis of W32/Induc-A can be found in the following blog article: Compile-a-virus - W32/Induc-A
PLEASE NOTE: Because infected executables are produced at compile time by infected Delphi development environments, we are seeing many cases of infected files coming from genuine software vendors. These are not false positives. Clients and software developers seeking to understand why their software is deing detected as W32/Induc-A should see this blog artice.
The emphasis is mine.
This has not shown up until I did a manual scan. Is anyone else experiencing this? Try scanning the folder Program Files\Website-Watcher and see if your AV reports a problem.
As stated above this is a compile time problem for Delphi builds that have got infected and so if true would mean that Website-Watcher's developer systems are possibly infected. I don't want to contact them until I am sure it is a problem with them rather than a cross infection opn my system.
So far no other Delphi based apps have shown up (and my drive C: has been fully scanned) so it doesn't look like cross infection.
Anyone any other feedback on this?
-
Update: http://www.aignes.com/forum/viewtopic.php?t=2584&highlight=induc
-
There is a "proof of concept" virus in the wild that can infect systems that have a copy of Delphi installed.
If you don't have a copy of Delphi itself, this virus can't do anything or spread. And it can only infect certain versions of Delphi, at that.
It seems this virus has been around quite awhile (at least a few years), without anyone knowing about it because the payload is more or less harmless, even if you do have Delphi installed.
It won't infect other Delphi apps, just Delphi itself, and then get compiled into every app the developer compiles with his infected Delphi installation. Other than that, it doesn't do anything else, and what it does isn't entirely malicious beyond leaving a calling card all over the place. The goal of this virus seems to just be to leave it's mark (an "i was here") in as many Delphi apps as possible.
-
WebSite-Watcher 5.0.5 was the only version with that problem and we released version 5.0.6 the same day as virus scanners started to report this problem (it affects only Delphi 5-7 installations, not higher Delphi versions or any other files).
In WSW, call Help + Downloads/Update subscription to download version 5.0.6.
-
Maybe this is a good excuse to ask Martin to look at this thread:
https://www.donationcoder.com/forum/index.php?topic=19213.0
:-*
-
For initial WSW purchases the discount coupon from the last special DC celebration (or whatever is was called) is still valid. This discount coupon can also be used for Local Website Archive, AM-Notebook and Bundles.
-
Hello Aignes,
I am sure I tried the coupon for LWA a few days ago, and it didn't work. I'll try again and post it here if it fails again.
Thanks for the good news !
-
I just tried the purchase process with the coupon for DC members and it is rejected. It's the coupon given that expired in March 2009, described in the special user section (https://www.donationcoder.com/forum/index.php?topic=17289.0).
-
Sorry about this problem, it seems that there are two different discount coupons available. Both should now work until the end of the year...
Could you please try again and report back if it worked?
-
Sorry about this problem, it seems that there are two different discount coupons available. Both should now work until the end of the year...
Could you please try again and report back if it worked?
-aignes
Sure ! Stay tuned...
Update : it works fine now. Thanks !
-
Does the discount code apply to upgrades as well ?