A malicious program that secretly integrates itself into program or data files. It spreads by integrating itself into more files each time the host program is run.
Virus:W32/Induc.A is a malware that targets Delphi program in the system. It displaces Delphi's original installation folder with %Delphi_Installation_Folder%\Lib\SysConst.pas, and adds malicious code here. Whenever a Delphi program is compiled, the malware's code will be executed to ensure that Delphi remains infected.
The malware searches for Delphi installation folder by checking for registry HKLM\Software\Borland\Delphi.
Once found, it copies %Delphi_Installation_Folder%\Source Rtl\Sys\SysConst.pas to %Delphi_Installation_Folder%\Lib\SysConst.pas.Â
It then adds malicious codes to %Delphi_Installation_Folder%\Lib\SysConst.pas, and one of the Delphi library file lib\SysConst.dcu will be renamed to lib\SysConst.bak.
The malware compiles the infected SysConst.pas to make a new SysConst.dcu. Therefore, from this point on, the Virus:W32/Induc.A code will be inserted whenever a Delphi program is compiled using the newÂ SysConst.dcu.
Once done, the malware deletes %Delphi_Installation_Folder%\Lib\SysConst.pas.
The malware does not do anything else if no Delphi is installed in the infected system.
The malware has no other threats except self replicating