Warning: New Virus Infects Programs Built With Delphi

A relatively new mild virus is spreading around by infecting programs/software that were developed in Delphi.  According to anti-virus vendor BitDefender, the virus “spreads by infecting systems that have the Delphi compiler from version 4  up to 7.0 installed.”

Sophos, the company that first discovered the virus “W32/Induc-A”  stated that this virus “searches computers for installations of Delphi, then attempts to temporarily modify SysConst.pas, and compiles this to infect SysConst.dcu. The original SysConst.dcu can be restored from the backup made by the virus in SysConst.bak.”

Michael Swindell, VP of products at Embarcadero, responded when he learned about the virus affecting Delphi IDEs:

This is just another way for a virus to infect executable code. It makes it sound like Delphi or IDEs are now “vulnerable,” but they are no more or less vulnerable than any other of the thousands of EXEs and DLLs on every developers machine, and no more or less than they have been since viruses and trojans were first created. This is a clever trick, but it’s nothing to be more worried about than all of the other ways your dev machine can be attacked. Use virus scanners and keep them up to date.” http://sdtimes.com/blog/1508

Instructions for Removing the Virus:

By default, most anti-virus software do not scan .DCU (delphi compiled unit) and .pas (pascal unit) file extensions, so you need to turn on the option to scan all file extensions and do a full system scan. If the anti-virus detected the virus, replace the .dcu and .pas from a clean backup files.

It’s also a must to recompile all software from a cleaned Delphi and replaced the infected compiled executables.

One thought on “Warning: New Virus Infects Programs Built With Delphi

Leave a comment

Your email address will not be published. Required fields are marked *