Hello!
Posting this here, because comments are not moderated.
This is about the Gold Audio Suite, August 21, 2009
Hello, giveawayfans!
What do we get today? A virus or a false positive?
Someone here advised to disable security - not wise;
I have uploaded erdmpg4.dll to some sites doing a file scan.
ca 50% of scanners find it infected with something named 'induc'
clean, say: ArcaVir, A-Squared,AntiVir, CPSecure, Ikarus, NOD32, Panda,Quick Heal, VBA32, Comodo, eSafe, Jiangmin, K7AntiVirus, McAfee-GW, PCTools
infected, say: avast!, AVG, bitdefender, ClamAV, Dr.Web, F-Prot, F-Secure, GDATA, Kaspersky, Sophos, VirusBuster, Authentium, Microsoft, Norman, Prevx, Symantec, Trend micro, McAfee5715, Fortinet, Sunbelt
Went to Sophos site, they say:
" W32/Induc-A
Aliases Virus.Win32.Induc.a
Category Viruses and Spyware
Type Virus
................
W32/Induc-A is a virus that infects Delphi files at compile-time. As such, these files cannot be disinfected and need to be recompiled cleanly.
................
Because infected executables are produced at compile time by infected Delphi development environments,
we are seeing many cases of infected files coming from genuine software vendors.
These are not false positives.
Clients and software developers seeking to understand why their software is being detected as W32/Induc-A should
see this [http://www.sophos.com/blogs/sophoslabs/v/post/6195] blog article.
................
How it spreads
* Infected files
Affected operating systems Windows
Protection available since 18 August 2009 15:14:59 (GMT)
Last updated 20 August 2009 05:28:01 (GMT)
Detected by All Sophos products
..............."
Some information from eset - NOD32 site:
Thanks to ESET’s early warning system - ThreatSense.Net ,
the first 24 hours from the virus’s release, ESET has received over 30,000 unique infected samples,
where in many cases the original software was a legitimate application prior to infection.
According to Juraj Malcho, the Head of ESET Virus Lab,
“the concern is over the period during which the virus went undetected and was able to infect a large number of PCs,
resulting in the infiltrated software being distributed to users directly by their vendor.
To our dismay, often the reaction of the software vendor has been that the detection of a virus is a false-positive.
”It is likely that the first samples of the virus date back to April 2009.
The reason why the virus was left unnoticed for such a long time period is that Delphi code tends to be quite voluminous
and the virus body itself quite small.
......................
......................
This was written before post #11 in comments
