On 2009-08-19 16:08, leeuw013 wrote:
> Nod32 says today that tcmd.dll contains a virus
> Win32/Induc.A variant
This is most likely a false positive, as Win32/Induc.A infects programs
written in Delphi. Take Command is written using Microsoft Visual C++.
However, the TakeCmd.dll file is protected with Enigma Protector, which
looks like a Delphi program.
For reference, on my system, the SHA256 value of TakeCmd.dll v10.00.74
is:
81A62FB8C8B622E6647F1D1A12FC84C5E6D3B857095FBE8E068D2645CB975EFD
I can confirm NOD32 (or ESET Smart Security) complains about the file,
at least using version 4348 (20090819) of its database.
There is a small chance the Enigma Protector developer is indeed
infected with this virus, and it will automatically propagate to all
programs he compiles afterwards with his Delphi installation.
Read some extra info on Win32/Induc.A, which is a nasty piece of
malware, here:
http://www.f-secure.com/weblog/archives/00001752.html
http://www.sophos.com/blogs/gc/g/2009/08/19/w32induca-spread-delphi-software-houses/
