A malicious program that secretly integrates itself into program or data files. It spreads by integrating itself into more files each time the host program is run.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Virus:W32/Induc.A is a malware that targets Delphi program in the system. It displaces Delphi's original installation folder with %Delphi_Installation_Folder%\Lib\SysConst.pas, and adds malicious code here. Whenever a Delphi program is compiled, the malware's code will be executed to ensure that Delphi remains infected.
- The malware searches for Delphi installation folder by checking for registry HKLM\Software\Borland\Delphi.
- Once found, it copies %Delphi_Installation_Folder%\Source Rtl\Sys\SysConst.pas to %Delphi_Installation_Folder%\Lib\SysConst.pas.Â
- It then adds malicious codes to %Delphi_Installation_Folder%\Lib\SysConst.pas, and one of the Delphi library file lib\SysConst.dcu will be renamed to lib\SysConst.bak.
- The malware compiles the infected SysConst.pas to make a new SysConst.dcu. Therefore, from this point on, the Virus:W32/Induc.A code will be inserted whenever a Delphi program is compiled using the newÂSysConst.dcu.
- Once done, the malware deletes %Delphi_Installation_Folder%\Lib\SysConst.pas.
- The malware does not do anything else if no Delphi is installed in the infected system.
- The malware has no other threats except self replicating