Detail Trojan Induc.AA From Trend Micro
This file infector may arrive in a system as a compromised file compiled using an infected Borland Delphi Compiler.
Upon execution, it checks the Delphi Installation on the system by checking if the following registry key exists:
HKLM\Software\Borland\Delphi\{version}.0
(Note: {version} is the version number of Delphi, the value of which may be 4 to 7.)
It also gets the root folder information from the said registry key to locate the Delphi installation folder. It then searches the file SysConst.pas which it modifies by appending its codes.
Using the Delphi compiler saved as bin\dcc32.exe, it compiles a new copy of SysConst.dcu using the modified SysConst.pas. The new compiled SysConst.dcu is detected by Trend Micro as TROJ_INDUC.AA.
Once infected, all files compiled or linked using the compromised Delphi compiler will be infected.
This file infector runs on Windows 98, ME, NT, 2000, XP, and Server 2003.
How to remove this program
If you’re using Trend Micro Anti Virus, you can update for the latest pattern and scan your computer. You can also find the steps to remove this program from Trend Micro site.
I try to to find Alias name for this virus but cannot find in the others Antivirus software.
Related Topics
Free 1 Year Panda Internet Security 2009 genuine license key worth US $79.95!
Trend Micro Antivirus Client incorrectly appearing as offline or disconnected after Trend Micro Officescan Server changed the IP address
How to reset or remove Trend Micro OfficeScan password to default
Free Download Software Vexira Antivirus Professional with 1-Year Genuine License Serial Key
How to Remove TROJAN INDUC.AA – Virus Infected Borland Delphi Compiler
No comments:
Post a Comment