Author Topic: Infection Win32:Induc  (Read 10651 times)

Offline heavy_kevie

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Infection Win32:Induc
« on: August 19, 2009, 01:25:35 PM »
I received 10 warnings about files under the c:\system volume information\_restore\.....\Ffsweep.dll, Filesweep.dll, A0134357.dll, A0134358.dll, A0137288.dll, and A0137289.dll.  I can't seem to find any information about Win32:Induc.  Are these false positives?  I believe Ffsweep and Filesweep are files associated with IObit Advanced system care 3 and IObit Security 360, both of which I have installed.  How do I submit files for evaluation?  Currently, these files have been moved to the virus chest.  Thanx in advance!

Offline emantoyaks

  • Full Member
  • ***
  • Posts: 139
  • Gender: Male
  • Malware Expert...^_^
    • My Personal WebSite!
    • Personal Message (Offline)
Re: Infection Win32:Induc
« Reply #1 on: August 19, 2009, 01:51:14 PM »
Hi... Heavy,... You have no worry about that because its only detect in System Info. means a file there is called System Restore...
My Skills:

* Trouble Shooting
* Web Development
* PC Hard Ware Analyst

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Infection Win32:Induc
« Reply #2 on: August 19, 2009, 02:14:00 PM »
Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
 
- Worst case scenario it isn't infected and you delete it, you can't use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
 
- So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

It is possible that stuff like this from other security applications have unencrypted signatures, which can be detected.

The Win32:Induc virus signature is a new signature that If you do a search of the forums you will see it is going to become more prevalent as it has been found in applications that use delphi compilers.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4138
  • Gender: Male
  • There is no magic, only lost physics
    • spg SCOTT
    • Personal Message (Offline)
Re: Infection Win32:Induc
« Reply #3 on: August 19, 2009, 02:18:02 PM »
There is also now a blog post on the subject:

avast! blog >> Win32:Induc, new concept of file infector?
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64880
  • Gender: Male
    • Personal Message (Offline)
Re: Infection Win32:Induc
« Reply #4 on: August 19, 2009, 02:22:43 PM »
Microsoft Security Essentials is detecting them also...
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Virus%3aWin32%2fInduc.A&threatid=2147627628
Not sure they're not false positives, yet.
The best things in life are free.

Offline yhaker

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: Infection Win32:Induc
« Reply #5 on: August 19, 2009, 03:33:35 PM »
Sign of "Win32:Induc" has been found in "C:\Program Files\IObit\Game Booster\GameBooster.exe" file.False positive?

Offline jsejtko

  • avast! team
  • Full Member
  • *
  • Posts: 172
  • Gender: Male
    • ALWIL Software
    • Personal Message (Offline)
Re: Infection Win32:Induc
« Reply #6 on: August 19, 2009, 03:51:29 PM »
Sign of "Win32:Induc" has been found in "C:\Program Files\IObit\Game Booster\GameBooster.exe" file.False positive?

Not a false positive. Their sofware was infected with Induc virus. IObit releases new build today which is clean, but I don't like their statement in the support forum - It sounds like "We released new version to prevent false positive detection from many AV vendors". I think their users might get better information.

Regards

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4138
  • Gender: Male
  • There is no magic, only lost physics
    • spg SCOTT
    • Personal Message (Offline)
Re: Infection Win32:Induc
« Reply #7 on: August 19, 2009, 04:03:36 PM »
Not a false positive. Their sofware was infected with Induc virus. IObit releases new build today which is clean, but I don't like their statement in the support forum - It sounds like "We released new version to prevent false positive detection from many AV vendors". I think their users might get better information.

Regards

Doesn't virustotal use slightly older signatures...

How bad would it have been if they said that their security product was infected...what irony ;D
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Offline Jtaylor83

  • avast! Evangelist
  • Advanced Poster
  • ***
  • Posts: 1068
  • Gender: Male
    • Personal Message (Offline)
Re: Infection Win32:Induc
« Reply #8 on: August 19, 2009, 05:42:30 PM »
Win32:Induc only infects through Delphi 4.0, 5.0, 6.0, and 7.0.
Avast 6.0, MalwareByte's Anti-Malware, CCleaner, Defraggler, DownloadHelper, WOT, NoScript, KeyScrambler, Thunderbird, Firefox, Windows XP SP3.

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64880
  • Gender: Male
    • Personal Message (Offline)
Re: Infection Win32:Induc
« Reply #9 on: August 19, 2009, 09:20:25 PM »
Not a false positive. Their sofware was infected with Induc virus. IObit releases new build today which is clean, but I don't like their statement in the support forum - It sounds like "We released new version to prevent false positive detection from many AV vendors". I think their users might get better information.
Shame on Iobit.
The best things in life are free.

Offline francine

  • Newbie
  • *
  • Posts: 17
    • Personal Message (Offline)
Re: Infection Win32:Induc
« Reply #10 on: August 20, 2009, 12:22:46 AM »
I am attaching a screen shot of my virus chest. What should I do?

Offline BILL G

  • Jr. Member
  • **
  • Posts: 41
  • Gender: Male
  • I'm a llama!
    • Personal Message (Offline)
Re: Infection Win32:Induc
« Reply #11 on: August 20, 2009, 05:59:36 AM »
    I started Wise File Cleaner and  Avast  ALERTED on its program  File .  I ran a OD Scan  and found 8 more . I think I picked these up Downloading Program Updates.
IP4-2.0GHZ-512Mb MEM.- XPSP3-FF+nos v3.6.18

 Avast V7.0.1456 - ZAF V 9.2.`05.000 - PG V3.5 -  - WinPatrol +  - Seconfig XP  V1.5   OD    SAS - Mbam

Offline Spyros

  • avast! Evangelist
  • Advanced Poster
  • ***
  • Posts: 1140
  • Gender: Male
    • Personal Message (Offline)
Re: Infection Win32:Induc
« Reply #12 on: August 20, 2009, 07:58:31 AM »
"Vista Start Menu 3.2" is also infected

Quote
Hi,

The version 3.2  has a virus inside :(
I'm really sorry for the inconvenience.

This virus is not dangerous.
Please read more detail descriptions here -
http://www.viruslist.com/en/weblog?weblogid=208187826
http://www.delphipraxis.net/topic163041_virus+infects+delphi.html

Please uninstall your current version and setup new one.

Download links -
freeware -
http://www.vistastartmenu.com/VistaStartMenu_Setup_freeware_en.exe

PRO -
http://www.VistaStartMenu.com/VistaStartMenu_Setup_Pro_3x.exe

If you has any special builds, please contact to the support -
http://www.tidyfavorites.com/contact.php

--
Best regards, Dennis Nazarenko

Offline misak

  • Moderator
  • Full Member
  • *
  • Posts: 141
  • Gender: Male
    • Personal page (CZE)
    • Personal Message (Offline)
Re: Infection Win32:Induc
« Reply #13 on: August 20, 2009, 08:44:46 AM »

Offline john36

  • Jr. Member
  • **
  • Posts: 44
  • I'm a llama!
    • Personal Message (Offline)
Re: Infection Win32:Induc
« Reply #14 on: August 20, 2009, 02:10:23 PM »
Weather Pulse is also claiming that this is a false positive.

http://www.tropicdesigns.net/article.php?article_id=55

Also, My Gmail Keeper program was flagged as having this infection, so I emailed them and am waiting for their reply.
Avast 5 Free - WinXP Pro  - Firefox - ZA Pro -   -   - Spyware Blaster - Prevx 3 - Key Scrambler - Sandboxie - FD-ISR - Acronis True Image 9

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now