; Delphi --- Virus. Win32.Induc. a [Anti infection solution] ; By: ZzAge ; BBS: http://www.52pojie.cn ; Blog: http://hi.baidu.com/zzage Recently, this virus has ignited. A lot of formal software written by delphi won the prize .... Infected with the SysConst. dcu file of Delphi, the compiled programs are infected... but the virus is not harmful... However, the code written by myself is still quite uncomfortable when some inexplicable code is compiled... I went home last night and read my delphi. I also won the prize ....... Solution: I: First look at the infected code! From this code, we can see that the virus first reads the Delphi path from the RootDir value in the registry, thus obtaining SysConst. dcu path, I believe everyone knows the idea. As long as we change the RootDir value to something else, the virus will not be able to get the path... of course, it cannot be infected... here is an example: Change the registry key RootDir to RootDDD. Procedure st; Var K: HKEY; C: array [1 .. 255] of char; I: cardinal; R: string; V: char; Begin For v: = 4 to 7 do If RegOpenKeyEx (HKEY_LOCAL_MACHINE, pchar (SoftwareBorlandDelphi + v +. 0), 0, KEY_READ, k) = 0 then Begin I: = 255; If RegQueryValueEx (k, RootDir, nil, @ I, @ c, @ I) = 0 then Begin R: =; I: = 1; While c <> #0 do Begin R: = r + c; Inc (I ); End; Re (r + sourcetlsysSysConst +. pas, r + libsysconst., "+r+indcc32.exe "); End; RegCloseKey (k ); End; End; II: Open the delphi32.exe file in the delphidirectory, load the OD file, find the "RootDir" string, and change the "RootDir" string "RootDDD", this is easy to solve... Delphi is also used normally... It also solves the problem of being infected... (SysConst. dcu must be normal ).. |