Warning! Glary Utilites/Iobit infected with Win32.Induc

Page 2 of 2 FirstFirst 12

  1. Posts : 271
    Windows 7 Enterprise x64
       #11

    Im pretty sure ESET NOD32 AntiVirus/Smart security v4 detected this virus a LONG time ago. Probably its advanced heuristics.
    I remember doing the Online scan with a friend and it removed Glary utilities in the process.

    EDIT: Nope NVM it was added in a update 4348:
    http://www.eset.eu/podpora/aktualizacia-4348?lng=en
      My Computer


  2. Posts : 16,132
    7 X64
       #12

    Thanks for the info. Aaron.

    Curiously , although Avast was responsible for pointing out these infections on their site - I just scanned my GUPRO (newest version ) with Avast and it comes up clean.
      My Computers


  3. Posts : 18,404
    Windows 7 Ultimate x64 SP1
    Thread Starter
       #13

    Yeah, Glary has apparently removed the infected files in the version they just released because of this. v2.15.0.728. Sounds as if Glary and Iobit are saying it was misunderstood and picked up as infected and fixed. They're are acting as if it was just a FP, but it most likely isn't. No doubt many other programs compiled with delphi are infected.
    Last edited by Airbot; 19 Aug 2009 at 23:16.
      My Computer


  4. Posts : 16,132
    7 X64
       #14

    Glad you mentioned it.

    Scans of GUPRO is clean ( v2.15.0.738 )

    A full scan with Avast revealed 3DImageCommander and Icon Commander as being infected. Everything else is clean.

    No problem removing them from Vista.

    On 7 , there were access denied messages from Avast.

    The solution is to rt click on the actual infected file (not the folder) and open it, or scan - you get the Warning from Avast again - this time you can Move to Chest/Delete.

    Odd permissions problem on 7.
      My Computers


  5. Posts : 13
    win xp
       #15

    Yes, Avast detected infected Glary Engcrypter, registry Repair and Splitter with Win32.Induc several days ago. Luckily, now I have downloaded the new version 2.15.0.738 and it's clean.
      My Computer


  6. Posts : 685
    Windows 7 32bit RTM
       #16

    yea its been removed only found this on thier site ;P

    *just some ad site blocked"?
    Attached Thumbnails Attached Thumbnails Warning! Glary Utilites/Iobit infected with Win32.Induc-virus.png  
    Last edited by Mercurial; 28 Aug 2009 at 09:07.
      My Computer


  7. Posts : 22,814
    W 7 64-bit Ultimate
       #17

    Mercurial said:
    yea its been removed only found this on thier site ;P
    Thanks for the update mate.
      My Computer


  8. Posts : 291
    Windows 3.11
       #18

    Please don't report virus again,here is the reason.We have fixed the problems.
    Glary Utilities has been updated and now it is virus-free.Please download and install it again.

    Dear users of Glary Utilities,

    We are very sorry for the inconvenient caused by Win32/Induc,but it is not our fault to create the virus.It is the development environment(Delphi) affected by virus that directly lead to the virus in our product.Below is the detailed reason:


    Source: http://gladiator-antivirus.com/forum/in ... opic=93000

    18 August 2009, 14:21
    Virus infects development environment

    Anti-virus software vendor Kaspersky has discovered a new type of virus which infects and compromises systems running the Delphi

    development environment. After infection, all Delphi programs compiled using the infected Delphi environment are also infected.

    Anti-virus laboratory AV-Test has already spotted the first examples in the wild.

    The virus affects Delphi versions 4.0, 5.0, 6.0 and 7.0. After making a backup which it names SysConst.bak, it overwrites the

    Delphi file SysConst.dcu with a self-compiled version. Since the infected file is loaded whenever Delphi programs are compiled, all

    programs generated after this point will be infected.

    Updated Virus writers have gone old school with the creation of a virus that infects Delphi files as they are built.

    When a Delphi file infected with Induc-A virus is run, it searches for Delphi programming installations on an infected machine and

    attempts to infect this installation. More specifically, the malware attempts to infect SysConst.pas, which it then compiles to

    SysConst.dcu. Once this process is completed the SysConst.dcu file is programmed to add the Induc-A virus to every new Delphi file

    that gets compiled on the system.

    A full write-up of the malware, including a screenshot depicting strings of infected code, can be found here.

    A full write-up of the malware, including a screenshot depicting strings of infected code, can be found here.

    Even the vast majority of computer users that aren't Delphi developers can be affected by running programs written in Delphi that

    happen to have been contaminated.

    Up until Tuesday afternoon the labs at Sophos have received more than 3,000 infected files, submitted by users who have found

    infections. "This makes us believe that the malware has been active for some time, and that a number of software houses

    specialising in developing applications with Delphi must have been infected," writes Graham Cluley, senior technology consultant at

    Sophos.

    Examples of infections have included applications described as "a tool for downloading configuration files onto GSM modules" and "a

    compiler interface that operates between our third-party design software and our CNC woodworking machinery".

    Delphi is used to quickly develop Windows applications. Some of the infected files are banking Trojans written in Delphi - so some

    hackers are among those hit by the virus.
    This is what they said on forum!
      My Computer


 
Page 2 of 2 FirstFirst 12

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:31.
Find Us