101
Living Room / Is Website-Watcher 5.0.5 infected with Win32/Induc.A virus?
« on: October 25, 2009, 06:14 PM »
I just running a full system scan and NOD32 reports that Website Watcher is infected with Win32/Induc.A virus.
I am running WW version 5.0.5 (my updates have expired so I can't update to a newer version without paying).
I looked up this virus on Sophos and it says:
The emphasis is mine.
This has not shown up until I did a manual scan. Is anyone else experiencing this? Try scanning the folder Program Files\Website-Watcher and see if your AV reports a problem.
As stated above this is a compile time problem for Delphi builds that have got infected and so if true would mean that Website-Watcher's developer systems are possibly infected. I don't want to contact them until I am sure it is a problem with them rather than a cross infection opn my system.
So far no other Delphi based apps have shown up (and my drive C: has been fully scanned) so it doesn't look like cross infection.
Anyone any other feedback on this?
I am running WW version 5.0.5 (my updates have expired so I can't update to a newer version without paying).
I looked up this virus on Sophos and it says:
W32/Induc-A is a virus that infects Delphi files at compile-time. As such, these files cannot be disinfected and need to be recompiled cleanly.
W32/Induc-A searches computers for installations of Delphi, then attempts to temporarily modify SysConst.pas, and compiles this to infect SysConst.dcu. The original SysConst.dcu can be restored from the backup made by the virus in SysConst.bak.
Infected SysConst.dcu files are detected as Mal/Induc-A, and infected SysConst.pas files as Mal/Induc-B. These behavioural genotype detections detect all infected versions that we are currently aware of. However, we would still like to see more samples of SysConst.dcu, SysConst.bak and SysConst.pas from any Delphi developers potentially affected by this virus, especially if you have customized versions of these units.
Further analysis of W32/Induc-A can be found in the following blog article: Compile-a-virus - W32/Induc-A
PLEASE NOTE: Because infected executables are produced at compile time by infected Delphi development environments, we are seeing many cases of infected files coming from genuine software vendors. These are not false positives. Clients and software developers seeking to understand why their software is deing detected as W32/Induc-A should see this blog artice.
The emphasis is mine.
This has not shown up until I did a manual scan. Is anyone else experiencing this? Try scanning the folder Program Files\Website-Watcher and see if your AV reports a problem.
As stated above this is a compile time problem for Delphi builds that have got infected and so if true would mean that Website-Watcher's developer systems are possibly infected. I don't want to contact them until I am sure it is a problem with them rather than a cross infection opn my system.
So far no other Delphi based apps have shown up (and my drive C: has been fully scanned) so it doesn't look like cross infection.
Anyone any other feedback on this?