Hi Igor,
Every program made with Delphi was vulnerable after a certain date. The vulnerability was known in circles of the Delphi-developer-incrowd, and someone there let the cat out of the bag (leaked/douched onto the Internet), and at the moment a lot of programs have been patched against this, some have not been patched, some can only be used with an older (not vulnerable) version. So every developer should establish whether the program they made has this Delphi file infector issue and produce an update of the program without "Win32.Induc",
Win32/Induc Removal Instructions for Delphi Developers
step 1
Find Delphi root folder
(usually C:\Program Files\Borland\Delphi7)
step 2
If exists %DELPHI%\Lib\SysConst.bak file rename it as SysConst.dcu and continue with step 5
If file %DELPHI%\Lib\SysConst.bak doesn't exists countinue with step 3
step 3
Find and copy file SysConst.pas from %DELPHI%\Source\Rtl\Sys folder to %DELPHI%\Lib folder
step 4
Compile SysConst.pas file to DCU using command line:
%DELPHI%\Bin\Dcc32.exe %DELPHI%\Lib\SysConst.pas
For example:
"C:\Program Files\Borland\Delphi7\Bin\Dcc32.exe" "C:\Program Files\Borland\Delphi7\Lib\SysConst.pas"
step 5
If exists %DELPHI%\Lib\SysConst.bak file remove it.
For "%DELPHI%\Lib" folder its subfolders and files set "Read only" permission for "Everyone" group.
This will protect Delphi installation against Win32/Induc infection.
step 6
Try to rename %DELPHI%\Lib\SysConst.dcu file as %DELPHI%\Lib\SysConst.pas.
If this fail your permissions are set correctly,
polonus
