Author Topic: Infection Win32:Induc  (Read 20391 times)

0 Members and 1 Guest are viewing this topic.

heavy_kevie

  • Guest
Infection Win32:Induc
« on: August 19, 2009, 03:25:35 PM »
I received 10 warnings about files under the c:\system volume information\_restore\.....\Ffsweep.dll, Filesweep.dll, A0134357.dll, A0134358.dll, A0137288.dll, and A0137289.dll.  I can't seem to find any information about Win32:Induc.  Are these false positives?  I believe Ffsweep and Filesweep are files associated with IObit Advanced system care 3 and IObit Security 360, both of which I have installed.  How do I submit files for evaluation?  Currently, these files have been moved to the virus chest.  Thanx in advance!

emantoyaks

  • Guest
Re: Infection Win32:Induc
« Reply #1 on: August 19, 2009, 03:51:14 PM »
Hi... Heavy,... You have no worry about that because its only detect in System Info. means a file there is called System Restore...

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Infection Win32:Induc
« Reply #2 on: August 19, 2009, 04:14:00 PM »
Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
 
- Worst case scenario it isn't infected and you delete it, you can't use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
 
- So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

It is possible that stuff like this from other security applications have unencrypted signatures, which can be detected.

The Win32:Induc virus signature is a new signature that If you do a search of the forums you will see it is going to become more prevalent as it has been found in applications that use delphi compilers.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

spg SCOTT

  • Guest
Re: Infection Win32:Induc
« Reply #3 on: August 19, 2009, 04:18:02 PM »
There is also now a blog post on the subject:

avast! blog >> Win32:Induc, new concept of file infector?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Infection Win32:Induc
« Reply #4 on: August 19, 2009, 04:22:43 PM »
Microsoft Security Essentials is detecting them also...
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Virus%3aWin32%2fInduc.A&threatid=2147627628
Not sure they're not false positives, yet.
The best things in life are free.

yhaker

  • Guest
Re: Infection Win32:Induc
« Reply #5 on: August 19, 2009, 05:33:35 PM »
Sign of "Win32:Induc" has been found in "C:\Program Files\IObit\Game Booster\GameBooster.exe" file.False positive?

Offline jsejtko

  • Avast team
  • Full Member
  • *
  • Posts: 171
    • ALWIL Software
Re: Infection Win32:Induc
« Reply #6 on: August 19, 2009, 05:51:29 PM »
Sign of "Win32:Induc" has been found in "C:\Program Files\IObit\Game Booster\GameBooster.exe" file.False positive?

Not a false positive. Their sofware was infected with Induc virus. IObit releases new build today which is clean, but I don't like their statement in the support forum - It sounds like "We released new version to prevent false positive detection from many AV vendors". I think their users might get better information.

Regards

spg SCOTT

  • Guest
Re: Infection Win32:Induc
« Reply #7 on: August 19, 2009, 06:03:36 PM »
Not a false positive. Their sofware was infected with Induc virus. IObit releases new build today which is clean, but I don't like their statement in the support forum - It sounds like "We released new version to prevent false positive detection from many AV vendors". I think their users might get better information.

Regards

Doesn't virustotal use slightly older signatures...

How bad would it have been if they said that their security product was infected...what irony ;D

Jtaylor83

  • Guest
Re: Infection Win32:Induc
« Reply #8 on: August 19, 2009, 07:42:30 PM »
Win32:Induc only infects through Delphi 4.0, 5.0, 6.0, and 7.0.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Infection Win32:Induc
« Reply #9 on: August 19, 2009, 11:20:25 PM »
Not a false positive. Their sofware was infected with Induc virus. IObit releases new build today which is clean, but I don't like their statement in the support forum - It sounds like "We released new version to prevent false positive detection from many AV vendors". I think their users might get better information.
Shame on Iobit.
The best things in life are free.

francine

  • Guest
Re: Infection Win32:Induc
« Reply #10 on: August 20, 2009, 02:22:46 AM »
I am attaching a screen shot of my virus chest. What should I do?

BILL G

  • Guest
Re: Infection Win32:Induc
« Reply #11 on: August 20, 2009, 07:59:36 AM »
    I started Wise File Cleaner and  Avast  ALERTED on its program  File .  I ran a OD Scan  and found 8 more . I think I picked these up Downloading Program Updates.

Spyros

  • Guest
Re: Infection Win32:Induc
« Reply #12 on: August 20, 2009, 09:58:31 AM »
"Vista Start Menu 3.2" is also infected

Quote
Hi,

The version 3.2  has a virus inside :(
I'm really sorry for the inconvenience.

This virus is not dangerous.
Please read more detail descriptions here -
http://www.viruslist.com/en/weblog?weblogid=208187826
http://www.delphipraxis.net/topic163041_virus+infects+delphi.html

Please uninstall your current version and setup new one.

Download links -
freeware -
http://www.vistastartmenu.com/VistaStartMenu_Setup_freeware_en.exe

PRO -
http://www.VistaStartMenu.com/VistaStartMenu_Setup_Pro_3x.exe

If you has any special builds, please contact to the support -
http://www.tidyfavorites.com/contact.php

--
Best regards, Dennis Nazarenko

Offline misak

  • Moderator
  • Sr. Member
  • *
  • Posts: 234
    • Personal page (CZE)
Re: Infection Win32:Induc
« Reply #13 on: August 20, 2009, 10:44:46 AM »

john36

  • Guest
Re: Infection Win32:Induc
« Reply #14 on: August 20, 2009, 04:10:23 PM »
Weather Pulse is also claiming that this is a false positive.

http://www.tropicdesigns.net/article.php?article_id=55

Also, My Gmail Keeper program was flagged as having this infection, so I emailed them and am waiting for their reply.