Virus in TCMD ?

dim

Dimitry Andric
May 31, 2008
205
1
Netherlands
On 2009-08-19 16:08, leeuw013 wrote:

> Nod32 says today that tcmd.dll contains a virus
> Win32/Induc.A variant

This is most likely a false positive, as Win32/Induc.A infects programs
written in Delphi. Take Command is written using Microsoft Visual C++.

However, the TakeCmd.dll file is protected with Enigma Protector, which
looks like a Delphi program.

For reference, on my system, the SHA256 value of TakeCmd.dll v10.00.74
is:

81A62FB8C8B622E6647F1D1A12FC84C5E6D3B857095FBE8E068D2645CB975EFD

I can confirm NOD32 (or ESET Smart Security) complains about the file,
at least using version 4348 (20090819) of its database.

There is a small chance the Enigma Protector developer is indeed
infected with this virus, and it will automatically propagate to all
programs he compiles afterwards with his Delphi installation.

Read some extra info on Win32/Induc.A, which is a nasty piece of
malware, here:

http://www.f-secure.com/weblog/archives/00001752.html
http://www.sophos.com/blogs/gc/g/2009/08/19/w32induca-spread-delphi-software-houses/
 

Similar threads