Hello.

We are developers of Compare Suite application (http://comparesuite.com/), AKS-Labs team. According to your product “Avast” Compare Suite infected by “Win32.Induc” virus. We are absolutely sure that it’s not true. We want to report you about false positive reading.
Please check it and fix.

Best Regards,
AKS-Labs Team

I’m quite sure it’s not a false positive.
See here, please: http://blog.avast.com/2009/08/19/win32induc-new-concept-of-file-infector

Hi Igor,

Every program made with Delphi was vulnerable after a certain date. The vulnerability was known in circles of the Delphi-developer-incrowd, and someone there let the cat out of the bag (leaked/douched onto the Internet), and at the moment a lot of programs have been patched against this, some have not been patched, some can only be used with an older (not vulnerable) version. So every developer should establish whether the program they made has this Delphi file infector issue and produce an update of the program without “Win32.Induc”,

Win32/Induc Removal Instructions for Delphi Developers

step 1
Find Delphi root folder
(usually C:\Program Files\Borland\Delphi7)

step 2
If exists %DELPHI%\Lib\SysConst.bak file rename it as SysConst.dcu and continue with step 5
If file %DELPHI%\Lib\SysConst.bak doesn’t exists countinue with step 3

step 3
Find and copy file SysConst.pas from %DELPHI%\Source\Rtl\Sys folder to %DELPHI%\Lib folder

step 4
Compile SysConst.pas file to DCU using command line:
%DELPHI%\Bin\Dcc32.exe %DELPHI%\Lib\SysConst.pas
For example:
“C:\Program Files\Borland\Delphi7\Bin\Dcc32.exe” “C:\Program Files\Borland\Delphi7\Lib\SysConst.pas”

step 5
If exists %DELPHI%\Lib\SysConst.bak file remove it.
For “%DELPHI%\Lib” folder its subfolders and files set “Read only” permission for “Everyone” group.
This will protect Delphi installation against Win32/Induc infection.

step 6
Try to rename %DELPHI%\Lib\SysConst.dcu file as %DELPHI%\Lib\SysConst.pas.
If this fail your permissions are set correctly,

polonus