I have used Event Log Explorer for ages on XP and now avast! detects it
8/18/2009 7:13:01 PM SYSTEM 1704 Sign of "Win32:Induc" has been found in "http://www.eventlogxp.com/download/elex.zip\elex_setup.exe\{app}\elex.exe\[ASProtect]" file.
You would need to pause the web shield to be able to download it and take no action if the standard shield alerts, it shouldn’t on the zip file but would when you try to extract it.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
If you can pause the standard and copy the file to that location, enable the standard shield again.
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
Hi,
Win32:Induc was added yesterday (VPS 090818-0) and it is found in files compiled with Delphi (it infects systems with installed Delphi), so everything compiled with infected Delphi is infected too. So files are infected before these files are signed, so they heave valid sign.
How do we delete it ?? I woke up this morning and thought what a beautiful day ! BUT NO ! AIMP2 doesn’t work , Kmplayer doesn’t work . Fear to run skype because it may not work too . I deleted the infected files and then uninstalled the programs . I ran avast to scan and it found something in the registers , i deleted it . Then reinstalled aimp2 and it found Win32:Induc.a again . I am running full online Kaspersky scan .
I sent the inflicted .dll as a false alert , dunno why .
So this virus does nothing but just multiply and infect delphi programs ?
Hi,
it infects installed Delphi, so only new compiled programs are infected, it doesn’t infect other existing .exe (including .exe compiled with Delphi).
I hope that my explanation is more clear.
Look at the screenshot , I used delete(the second left to right ) , so it deletes the AIMP2.dll . But then i need to reinstall AIMP2 , when i reinstall it , the same window pops up telling me that the .dll is infected . I read on russian sites that same thing happens to QIP .
I do not have Delphi compiler.
Event Log Explorer has been running fine on my system for as long as I have had avast! so the latest database update File version 090818-0 is detecting an existing .exe file in elex.exe ehich is the main executable of Event Log Explorer.
I am running a Microsoft Security Esentials Quick Scan right now after a database update and will post its results when finished.
This infection has been discovered 2 days ago and all AV vendors add its detection into their virus databases because its flaged as ITW (In The Wild). But this infection may be old - no one know how old, but many software developers are infected and their software releases are infected too. Even it is signed it is infected! They were submitting infected copies to singing companies.
The problem is that it is new technique to infect - executable infects source code (one delphi library) - any program built with delphi on infected machine is infected too.
So you can get clean installation only! after software producer will be clean and will release absolutely new version. Or you may rollback to some old version which is not infected.
Avast is detecting the Win32:Induc for the Hide Folders program I’m using.
It’s detecting it from the program I had installed, my zip backup for the program
that is a month old and the newest version when I try to download it from
FSPro Labs again.
I also had an infected recently updated version of Event Log Explorer because of Win32:Induc
Path: C:\Program Files\Event Log Explorer\elex.exe[ASProtect]
I hope the developers of this Borland Delphi product will soon come up with an update of a clean version of the program. By the way is there an alternative to this Delphi program, that is not affected?
What affected tools are also reported. Some developers already updated their software.
If this is going to be a new trend this will be a major derailment and users won’t like this.
There are certainly those that do not carry a good heart towards computers and the Internet as those B.M. moguls have been saying repeatedly that the Internet should not have been there in the first place,