Quote:
Originally Posted by the_laser  Greetings.
sadly to say, but all your modules (at least ChineseMiracle 2.83, MT62xx_lp_editor 1.26, DongleManager 1.29,QCModule2 1.05 and most probably all latest version) contains some source level virus type program, which are targeted for delphi programmers.
what that addon doing:
1. each time poisoned software run, it checks if delphi installed on machine by checking registry keys
HKLM\Software\Borland\Delphi\4.0
HKLM\Software\Borland\Delphi\5.0
HKLM\Software\Borland\Delphi\6.0
HKLM\Software\Borland\Delphi\7.0
if such key exists, it getting RootDir property and check for
HKLM\Software\Borland\Delphi\x.0\RootDir\source\rt l\sys\SysConst.pas
then it appends itself to that file and running in hidded mode HKLM\Software\Borland\Delphi\x.0\RootDir\bin\dcc32 .exe, which replacing original sysconst.dcu compiled module.
after that EACH software, which will be compiled on that machine will contain that thing.
i want to mention, that it not deleting or damaging anything, but it leave a huge security hole for possible infections.
of course, i believe that you do not know about that thing.
please check and fix all modules ASAP.
thanks for understanding. |
.........................................
thanks for sharing and point out the problem
hope infinity will take action at their best