Comments on: Check your Delphi’s installation – it may be infected

By: Delphi DCU Virus – SysConst.pas Library Source Injection. Athena Virus?

Delphi DCU Virus – SysConst.pas Library Source Injection. Athena Virus? — Thu, 04 Mar 2010 13:53:07 +0000

[...] the claim it seems – Bit Defender.Allegedly this piece of malware does the following:It checks registry to see if there are any Delphi installed (it checks only for Delphi 4-7).For each found instance of Delphi: It makes a copy of SysConst.pas file and inject itself into it.It [...]

By: Delphi DCU Virus – SysConst.pas Library Source Injection. Athena Virus?- The Recursive ISV

Sun, 06 Sep 2009 10:46:59 +0000

[...] It checks registry to see if there are any Delphi installed (it checks only for Delphi 4-7). [...]

By: Alexander

Alexander — Sun, 30 Aug 2009 18:43:16 +0000

Overview and explanations from Kaspersky Lab.

By: Alexander

Alexander — Tue, 25 Aug 2009 05:40:05 +0000

I have 2 confirmation on January of 2009 (both on Russian, sorry). So it was over 7 month (mininum).
BTW, cured applications may not work, as CRC-checks will broke after changes by anti-virus.

By: DDS

DDS — Mon, 24 Aug 2009 23:09:20 +0000

This virus has been in the wild for at least 3 months (I found it in EXEs compiled in May),
Some antiviruses (such as Kaspersky) can remove this virus from infected EXEs. Or you can just re-compile them from sources after disinfecting Delphi.
Also, to disinfect your Delphi, delete SysConst.dcu and then rename SysConst.bak (backup file created by the virus) to SysConst.dcu. That should fix it. No need to reinstall.
Also, make sure to disinfect/recompile any infected applications or your Delphi will get infected again.

By: Alexander

Alexander — Sat, 22 Aug 2009 08:14:19 +0000

Yes, anti-viruses start detecting this particular malware little by little. But no one protect you from any other modification of this or other malware of such kind.

By: Rober

Rober — Fri, 21 Aug 2009 19:43:33 +0000

Sophos now say they detect both infected executables and infected SysConst.dcu files, so it should be easy to tell if you Delphi installation is affected.

http://www.sophos.com/security/analyses/viruses-and-spyware/w32induca.html
http://www.sophos.com/blogs/sophoslabs/v/post/6195

By: Delphi vira alvo de virus « blog do issinho

Delphi vira alvo de virus « blog do issinho — Wed, 19 Aug 2009 17:05:22 +0000

[...] Fonte: Viruslist.com, Info online, Eurekalog [...]

By: Carlos H. Cantu Blog » Blog Archive » Virus ataca desenvolvedores Delphi!

Wed, 19 Aug 2009 15:04:54 +0000

[...] Informações detalhadas, inclusive de como remover o “virus” podem ser lidas aqui. [...]

By: Alexander

Alexander — Wed, 19 Aug 2009 12:16:28 +0000

Here is the current result of scanning by different anti-viruses.

By: Virus infecta .dcu de Delphi 4, 5, 6 e 7 | Cesar Romero

Virus infecta .dcu de Delphi 4, 5, 6 e 7 | Cesar Romero — Tue, 18 Aug 2009 18:45:14 +0000

[...] http://blog.eurekalog.com/?p=244 Bookmark and Share: sociallist_03b1ecae_url = ‘http://www.cesarromero.com.br/virus-infecta-dcu-de-delphi-4-5-6-e-7/’; sociallist_03b1ecae_title = ‘Virus infecta .dcu de Delphi 4, 5, 6 e 7′; sociallist_03b1ecae_text = ”; sociallist_03b1ecae_tags = ”; [...]