1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virus in TCMD ?

Discussion in 'Support' started by leeuw013, Aug 19, 2009.

  1. leeuw013

    Joined:
    Feb 12, 2009
    Messages:
    41
    Likes Received:
    0
    Nod32 says today that tcmd.dll contains a virus
    Win32/Induc.A variant

    anyone else
     
  2. dim

    dim Dimitry Andric

    Joined:
    May 31, 2008
    Messages:
    202
    Likes Received:
    0
    On 2009-08-19 16:08, leeuw013 wrote:

    This is most likely a false positive, as Win32/Induc.A infects programs
    written in Delphi. Take Command is written using Microsoft Visual C++.

    However, the TakeCmd.dll file is protected with Enigma Protector, which
    looks like a Delphi program.

    For reference, on my system, the SHA256 value of TakeCmd.dll v10.00.74
    is:

    81A62FB8C8B622E6647F1D1A12FC84C5E6D3B857095FBE8E068D2645CB975EFD

    I can confirm NOD32 (or ESET Smart Security) complains about the file,
    at least using version 4348 (20090819) of its database.

    There is a small chance the Enigma Protector developer is indeed
    infected with this virus, and it will automatically propagate to all
    programs he compiles afterwards with his Delphi installation.

    Read some extra info on Win32/Induc.A, which is a nasty piece of
    malware, here:

    http://www.f-secure.com/weblog/archives/00001752.html
    http://www.sophos.com/blogs/gc/g/2009/08/19/w32induca-spread-delphi-software-houses/
     

Share This Page