大家小心啊——最近有专门感染delphi程序的病毒---顺便散点分300(300)

  • 主题发起人 主题发起人 wino
  • 开始时间 开始时间
W

wino

Unregistered / Unconfirmed
GUEST, unregistred user!
这是一段针对IT民工、尤其是Delphi程序员的病毒,简单的描述该毒行为,就是:它专门感染程序员的电脑,一旦成功,程序员今后写出的任何程序,都是带毒的。它通过某种方式去查找dephi的安装目录,如果找到dephi这个冤大头,就将邪恶的恶意代码前排插入SysConst.pas文件,这个文件编译的时候,会生成SysConst.dcu,而这个文件会被添加到每个新的dephi工程中,all right!现在,民工们所编写的程序就全部都带毒咯!。而更可怕的是,根据对染毒系统的分析,我们发现该毒在全球网络中已经传播了多月。已不知道有多少民工的生产工具中了招……
 
恩。。是的。D2007好像没事。一直在用。。。。那个病毒。分析了。好像没太大害处。。应该是作者想 表现能力而已。。
 
解决办法 该病毒没有exe或者dll的毒源体,因为自 SysConst.dcu 被置换的一刻开始,你已经是毒源体的创造者,该病毒原来早在 2005 年已经被发现,一个软件 QIP 2005 build 8094 中就曾经染毒,然后扩散看来,该病毒代码简单看来并没有伤害性,但是它完全是一个病毒的形态,不知道哪天会被利用的,那个俄罗斯高人把这个病毒分析出了源代码,并且提出了一个切实可行的解决方法,根据该病毒的特性,第一时间就是要把 Lib 中的 sysconst.bak 复制一份改名为 sysconst.dcu,注意,是复制而不是直接改名,因为如果你的系统还有潜在威胁的时候,如果还是有 sysconst.bak 在,那么这个病毒会认为它的工作已经完成而不会去动你的原版 sysconst.dcu,然后你要把你所有的项目重新编译,因为他们都已经染毒了。最好是做一下全盘检查。 BTW: 为什么一个 2005 年的“病毒”到了今天仍然还有那么多杀毒软件不报呢,因为从代码上来说,它的破坏性并没有,但是它的确拥有了病毒的特性。
 
我的Lib中sysconst.bak是12K ,sysconst.dcu是18K,两文件时间一样,都是2002-8-20 16:39,有问题么?大家指点一下。
 
有问题~按上面的操作处理一下~~
 
没中,谢谢楼主,接分
 
萝卜兄:你确实中奖了。不怕,大不了重新安装了。顺便接分[:D]
 
按上面的操作处理完毕,SysConst.pas没有去处理,因为看不出哪段代码有问题。SysConst.pas:{ *********************************************************************** }{ }{ Delphi / Kylix Cross-Platform Runtime Library }{ }{ Copyright (c) 1995, 2001 Borland Software Corporation }{ }{ *********************************************************************** }unit SysConst;
interfaceresourcestring SUnknown = '<unknown>';
SInvalidInteger = '''%s'' is not a valid integer value';
SInvalidFloat = '''%s'' is not a valid floating point value';
SInvalidCurrency = '''%s'' is not a valid currency value';
SInvalidDate = '''%s'' is not a valid date';
SInvalidTime = '''%s'' is not a valid time';
SInvalidDateTime = '''%s'' is not a valid date and time';
SInvalidDateTimeFloat = '''%g'' is not a valid date and time';
SInvalidTimeStamp = '''%d.%d'' is not a valid timestamp';
SInvalidGUID = '''%s'' is not a valid GUID value';
SInvalidBoolean = '''%s'' is not a valid boolean value';
STimeEncodeError = 'Invalid argument to time encode';
SDateEncodeError = 'Invalid argument to date encode';
SOutOfMemory = 'Out of memory';
SInOutError = 'I/O error %d';
SFileNotFound = 'File not found';
SInvalidFilename = 'Invalid filename';
STooManyOpenFiles = 'Too many open files';
SAccessDenied = 'File access denied';
SEndOfFile = 'Read beyond end of file';
SDiskFull = 'Disk full';
SInvalidInput = 'Invalid numeric input';
SDivByZero = 'Division by zero';
SRangeError = 'Range check error';
SIntOverflow = 'Integer overflow';
SInvalidOp = 'Invalid floating point operation';
SZeroDivide = 'Floating point division by zero';
SOverflow = 'Floating point overflow';
SUnderflow = 'Floating point underflow';
SInvalidPointer = 'Invalid pointer operation';
SInvalidCast = 'Invalid class typecast';{$IFDEF MSWINDOWS} SAccessViolationArg3 = 'Access violation at address %p. %s of address %p';{$ENDIF}{$IFDEF LINUX} SAccessViolationArg2 = 'Access violation at address %p, accessing address %p';{$ENDIF} SAccessViolationNoArg = 'Access violation';
SStackOverflow = 'Stack overflow';
SControlC = 'Control-C hit';
SQuit = 'Quit key hit';
SPrivilege = 'Privileged instruction';
SOperationAborted = 'Operation aborted';
SException = 'Exception %s in module %s at %p.' + sLineBreak + '%s%s' + sLineBreak;
SExceptTitle = 'Application Error';{$IFDEF LINUX} SSigactionFailed = 'sigaction call failed';{$ENDIF} SInvalidFormat = 'Format ''%s'' invalid or incompatible with argument';
SArgumentMissing = 'No argument for format ''%s''';
SDispatchError = 'Variant method calls not supported';
SReadAccess = 'Read';
SWriteAccess = 'Write';
SResultTooLong = 'Format result longer than 4096 characters';
SFormatTooLong = 'Format string too long';
SVarArrayCreate = 'Error creating variant or safe array';
SVarArrayBounds = 'Variant or safe array index out of bounds';
SVarArrayLocked = 'Variant or safe array is locked';
SVarArrayWithHResult = 'Unexpected variant or safe array error: %s%.8x';
SInvalidVarCast = 'Invalid variant type conversion';
SInvalidVarOp = 'Invalid variant operation';
SInvalidVarNullOp = 'Invalid NULL variant operation';
SInvalidVarOpWithHResultWithPrefix = 'Invalid variant operation (%s%.8x)'#10'%s';
SVarTypeRangeCheck1 = 'Range check error for variant of type (%s)';
SVarTypeRangeCheck2 = 'Range check error while converting variant of type (%s) into type (%s)';
SVarTypeOutOfRangeWithPrefix = 'Custom variant type (%s%.4x) is out of range';
SVarTypeAlreadyUsedWithPrefix = 'Custom variant type (%s%.4x) already used by %s';
SVarTypeNotUsableWithPrefix = 'Custom variant type (%s%.4x) is not usable';
SVarTypeTooManyCustom = 'Too many custom variant types have been registered';
// the following are not used anymore SVarNotArray = 'Variant is not an array' deprecated;
// not used, use SVarInvalid instead SVarTypeUnknown = 'Unknown custom variant type ($%.4x)' deprecated;
// not used anymore SVarTypeOutOfRange = 'Custom variant type ($%.4x) is out of range' deprecated;
SVarTypeAlreadyUsed = 'Custom variant type ($%.4x) already used by %s' deprecated;
SVarTypeNotUsable = 'Custom variant type ($%.4x) is not usable' deprecated;
SInvalidVarOpWithHResult = 'Invalid variant operation ($%.8x)' deprecated;
SVarTypeCouldNotConvert = 'Could not convert variant of type (%s) into type (%s)';
SVarTypeConvertOverflow = 'Overflow while converting variant of type (%s) into type (%s)';
SVarOverflow = 'Variant overflow';
SVarInvalid = 'Invalid argument';
SVarBadType = 'Invalid variant type';
SVarNotImplemented = 'Operation not supported';
SVarOutOfMemory = 'Variant operation ran out memory';
SVarUnexpected = 'Unexpected variant error';
SVarDataClearRecursing = 'Recursion while do
ing a VarDataClear';
SVarDataCopyRecursing = 'Recursion while do
ing a VarDataCopy';
SVarDataCopyNoIndRecursing = 'Recursion while do
ing a VarDataCopyNoInd';
SVarDataInitRecursing = 'Recursion while do
ing a VarDataInit';
SVarDataCastToRecursing = 'Recursion while do
ing a VarDataCastTo';
SVarIsEmpty = 'Variant is empty';
sUnknownFromType = 'Cannot convert from the specified type';
sUnknownToType = 'Cannot convert to the specified type';
SExternalException = 'External exception %x';
SAssertionFailed = 'Assertion failed';
SIntfCastError = 'Interface not supported';
SSafecallException = 'Exception in safecall method';
SAssertError = '%s (%s, line %d)';
SAbstractError = 'Abstract Error';
SModuleAccessViolation = 'Access violation at address %p in module ''%s''. %s of address %p';
SCannotReadPackageInfo = 'Cannot access package information for package ''%s''';
sErrorLoadingPackage = 'Can''t load package %s.'+sLineBreak+'%s';
SInvalidPackageFile = 'Invalid package file ''%s''';
SInvalidPackageHandle = 'Invalid package handle';
SDuplicatePackageUnit = 'Cannot load package ''%s.'' It contains unit ''%s,''' + 'which is also contained in package ''%s''';
SOSError = 'System Error. Code: %d.'+sLineBreak+'%s';
SUnkOSError = 'A call to an OS function failed';{$IFDEF MSWINDOWS} SWin32Error = 'Win32 Error. Code: %d.'#10'%s' deprecated;
// use SOSError SUnkWin32Error = 'A Win32 API function failed' deprecated;
// use SUnkOSError{$ENDIF} SNL = 'Application is not licensed to use this feature';
SShortMonthNameJan = 'Jan';
SShortMonthNameFeb = 'Feb';
SShortMonthNameMar = 'Mar';
SShortMonthNameApr = 'Apr';
SShortMonthNameMay = 'May';
SShortMonthNameJun = 'Jun';
SShortMonthNameJul = 'Jul';
SShortMonthNameAug = 'Aug';
SShortMonthNameSep = 'Sep';
SShortMonthNameOct = 'Oct';
SShortMonthNameNov = 'Nov';
SShortMonthNameDec = 'Dec';
SLongMonthNameJan = 'January';
SLongMonthNameFeb = 'February';
SLongMonthNameMar = 'March';
SLongMonthNameApr = 'April';
SLongMonthNameMay = 'May';
SLongMonthNameJun = 'June';
SLongMonthNameJul = 'July';
SLongMonthNameAug = 'August';
SLongMonthNameSep = 'September';
SLongMonthNameOct = 'October';
SLongMonthNameNov = 'November';
SLongMonthNameDec = 'December';
SShortDayNameSun = 'Sun';
SShortDayNameMon = 'Mon';
SShortDayNameTue = 'Tue';
SShortDayNameWed = 'Wed';
SShortDayNameThu = 'Thu';
SShortDayNameFri = 'Fri';
SShortDayNameSat = 'Sat';
SLongDayNameSun = 'Sunday';
SLongDayNameMon = 'Monday';
SLongDayNameTue = 'Tuesday';
SLongDayNameWed = 'Wednesday';
SLongDayNameThu = 'Thursday';
SLongDayNameFri = 'Friday';
SLongDayNameSat = 'Saturday';{$IFDEF LINUX} SEraEntries = '';{$ENDIF} SCannotCreateDir = 'Unable to create directory';
SCodesetConversionError = 'Codeset conversion failure';implementationend.
 
是lib/sysconst.dcu的问题
 
不大理解
 
中了,你从代码上看不出来的
 
这个话题挺热门的
 
除了会被杀毒软件杀掉,现在看不出有什么问题。已经把这个病毒备份了。
 
bak改名后覆盖即可。--------------好像地球人都知道了。
 
病毒呀,来感染这没落delphi程序,是不是这个编写的人出了问题!
 
后退
顶部