Induc virus and Sun virtualbox

Hi
I am a software developer working with Delphi 4-2006 in a Sun virtualbox enviroment.

I was recently infected with the induc virus. after cleaning with three other AV’s, I still had infected files.
Avast found these files and the infected DCU’s which is great, but it is now reporting that my main Virtualbox .VDI (16gb) file is infected every time I start up or shut down the box.

This is very worrying, is it a genuine detection ?

Welcome JReid

Have a read:
Win32:Induc, new concept of file infector?
http://blog.avast.com/2009/08/19/win32induc-new-concept-of-file-infector

Hi Yokenny

Thanks for your response, I did read that and a million other blogs, articles and reports but unless I’m missing something, it doesn’t really answer my question.

Can my .Vdi file be infected ?

Not “really” infected - but since it’s an image of a (virtual) disk, there may be an infected file on that disk… and the virus code is “visible” even from outside of the virtual machine.
The file on the virtual disk may even have been deleted already - but the sectors with the data are still there…

Ah, Thats interesting. So when I ran a scan inside the virtual box and deleted the files, it left “artifacts” on the physical media/filesystem which are being picked up by the on-access scan.

is there any threat here ? and how can I get rid of the detection ?

No there is no threat. To get rid of the detection you can create some big file(s) inside Virtual Box, which will rewrite unused clusters (including that after infected files). Maybe there is some easier way, but I don’t know it.

Many many thanks for all your help guys.