VERY IMPORTANT NEOBOOK UPDATE!
Yesterday afternoon we discovered that one of our development systems had been compromised by a new Delphi-specific virus called "Win32.Induc". (Delphi is the programming tool we used to develop NeoBook.) We believe that this virus was inadvertently sent to us by a customer. Our installed real-time anti-virus software did not alert us that a virus was present. As of this posting neither MacAfee nor Symantec are able to detect Win32.Induc.
Fortunately, the virus only affects systems with certain versions of Delphi installed and does nothing more than replicate itself. The virus has no payload and does not infect files other than one specific Delphi component. If you do not have Delphi installed the virus has NO effect. It will however trigger warnings from some anti-virus software. It is likely that the number of anti-virus applications that recognize this virus will increase over time.
Unfortunately, the following NeoSoft products were affected:
NeoBook v5.6.4
NeoBookDBPro v1.3
NeoBookKB v1.1a
NeoBookDX v1.1b
Older versions of these products were not affected.
This morning we have released the following updates to correct the problem:
NeoBook v5.6.4a
NeoBookDBPro v1.3a
NeoBookKB v1.1a
NeoBookDX v1.1c
The NeoBook update can be downloaded from: http://www.neosoftware.com/patch.html
The Plug-In updates can be downloaded from: http://www.neosoftware.com/nbw1.html or The NeoBook Resource Center: http://www.neosoftware.com/neobook/
An updated version of NeoToon can be downloaded from: http://www.neosoftware.com/software/NeoToon.exe
Foreign language versions will be released later today or tomorrow.
We recommend that customers using NeoBook v5.6.4 immediately download and install the NeoBook v5.6.4a update patch and any of the above plug-ins that you use. You should then recompile any publications previously compiled with NeoBook v5.6.4. This should completely solve the problem.
We sincerely apologize for any inconvenience this causes you.
More information about Win32.Induc can be found below:
http://news.cnet.com/8301-27080_3-10312 ... 7-1_3-0-20
http://www.viruslist.com/en/weblog?weblogid=208187826
NeoBook v5.6.4a - VERY IMPORTANT UPDATE!
Moderator: Neosoft Support
-
Neosoft Support
- NeoSoft Team
- Posts: 5628
- Joined: Thu Mar 31, 2005 10:48 pm
- Location: Oregon, USA
- Contact:
NeoBook v5.6.4a - VERY IMPORTANT UPDATE!
Last edited by Neosoft Support on Wed Aug 19, 2009 3:13 pm, edited 1 time in total.
NeoSoft Support
-
David de Argentina
- Posts: 1596
- Joined: Mon Apr 04, 2005 4:13 pm
- Location: Buenos Aires, Argentina
- Contact:
-
Neosoft Support
- NeoSoft Team
- Posts: 5628
- Joined: Thu Mar 31, 2005 10:48 pm
- Location: Oregon, USA
- Contact:
The NeoBook v5.6.4a update patch will replace NBPlay5.exeAvira Antivir found this Malware within NeoToon.exe and NBPlay5.exe files.
You can download a replacement version of NeoToon using the link below:
http://www.neosoftware.com/software/NeoToon.exe
NeoSoft Support
My development-system gets also infected with the same virus.
Since this happens before my last update cycle, all my plugins are involved.
All plugins are updated now:
http://www.hpwsoft.de/anmeldung/html1/n ... obook.html
Since this happens before my last update cycle, all my plugins are involved.
All plugins are updated now:
http://www.hpwsoft.de/anmeldung/html1/n ... obook.html
Hans-Peter
-
David de Argentina
- Posts: 1596
- Joined: Mon Apr 04, 2005 4:13 pm
- Location: Buenos Aires, Argentina
- Contact:
Dear NeoBook Support,
Thanks for your quick action on this. I received an alert about this two days ago after installing new virus defiinitions from Zone Alarm Internet Security Suite. I thought it was a false positiive but did a through system scan anyway.
The description of the virus you provided was better than I had found on the web after being alerted.
Is there anything else we need to do to clean our systems, or should our antivirus repair take care of it?
ErgoMan
Thanks for your quick action on this. I received an alert about this two days ago after installing new virus defiinitions from Zone Alarm Internet Security Suite. I thought it was a false positiive but did a through system scan anyway.
The description of the virus you provided was better than I had found on the web after being alerted.
Is there anything else we need to do to clean our systems, or should our antivirus repair take care of it?
ErgoMan
-
Neosoft Support
- NeoSoft Team
- Posts: 5628
- Joined: Thu Mar 31, 2005 10:48 pm
- Location: Oregon, USA
- Contact:
You shouldn't need to do anything else. Just download and install the updates in the above post and recompile any publications compiled with v5.6.4.Is there anything else we need to do to clean our systems, or should our antivirus repair take care of it?
Most anti-virus apps are slowly starting to protect against this threat. Make sure you have the latest updates for your anti-virus and scan anything you find suspicious.
Thank you for your support.
NeoSoft Support
Thanks NeoSoft for your fast answers.
Now, is it possible to identify the plugin's targeted by the virus ?
Win.Induc.A is identify by BitDefender under the following names :
A0079578.exe
A0079619.ocx
A0079620.dll
All virus in a "System Volume Information" folder, after installing all news .EXE to NeoSoft, and reinstalling all Plugin's to HPW.
How to identify the others plugin's targeted by the virus ?
Thanks for your help.
Now, is it possible to identify the plugin's targeted by the virus ?
Win.Induc.A is identify by BitDefender under the following names :
A0079578.exe
A0079619.ocx
A0079620.dll
All virus in a "System Volume Information" folder, after installing all news .EXE to NeoSoft, and reinstalling all Plugin's to HPW.
How to identify the others plugin's targeted by the virus ?
Thanks for your help.
A few more threats found?
My anti-virus program just identified NeoPlay as having being infected with Win.Induc.A. This was after installing the patch; however, I have not run NeoBook since the update. I am wondering if that would have prevented that alert.
I thought it a good idea to run my anti-virus scan on back up hard drive. Everything was clean except the following items were identified as being infected with Win.Induc.A.
My YouTube Database eng.exe from the My YouTube Video Database
http://specialapps.software-zone.com/files/MYVD.zip
NeoGoogleMaps.exe
http://specialapps.software-zone.com/fi ... leMaps.zip
(I believe David's email announcement my have included the above two alerts.)
Paddle Demo\Paddle demo.exe
http://www.haltech.net/zip/neobook.html
ErgoMan
I thought it a good idea to run my anti-virus scan on back up hard drive. Everything was clean except the following items were identified as being infected with Win.Induc.A.
My YouTube Database eng.exe from the My YouTube Video Database
http://specialapps.software-zone.com/files/MYVD.zip
NeoGoogleMaps.exe
http://specialapps.software-zone.com/fi ... leMaps.zip
(I believe David's email announcement my have included the above two alerts.)
Paddle Demo\Paddle demo.exe
http://www.haltech.net/zip/neobook.html
ErgoMan
-
David de Argentina
- Posts: 1596
- Joined: Mon Apr 04, 2005 4:13 pm
- Location: Buenos Aires, Argentina
- Contact:
David,
Thanks. I downloaded them and they scanned clean.
I agologize if my post seemed like a prompt for action (I didn't intend that). That's why I referenced your response in the previous email. I was trying to answer the question about the extent of the threat. I was curious about that after getting a new alert on my system after installing the patch.
ErgoMan
Thanks. I downloaded them and they scanned clean.
I agologize if my post seemed like a prompt for action (I didn't intend that). That's why I referenced your response in the previous email. I was trying to answer the question about the extent of the threat. I was curious about that after getting a new alert on my system after installing the patch.
ErgoMan
-
Neosoft Support
- NeoSoft Team
- Posts: 5628
- Joined: Thu Mar 31, 2005 10:48 pm
- Location: Oregon, USA
- Contact:
The 5.6.4a update patch should delete the old NBPlay5.exe file. A new updated version of NBPlay5.exe will be created the first time you run the v5.6.4a NeoBook.exe.My anti-virus program just identified NeoPlay as having being infected with Win.Induc.A. This was after installing the patch; however, I have not run NeoBook since the update. I am wondering if that would have prevented that alert.
NeoSoft Support
NeoBook Support,
Thanks for your reply. I thought that was the way NeoPlay was designed to work. Although I think I have all of the previously infected components from NeoBook resolved, my anti-virus continues to give me alerts for exes in my C:/System Volume Information folder. I am still trying to figure out why that is happening.
ErgoMan
Thanks for your reply. I thought that was the way NeoPlay was designed to work. Although I think I have all of the previously infected components from NeoBook resolved, my anti-virus continues to give me alerts for exes in my C:/System Volume Information folder. I am still trying to figure out why that is happening.
ErgoMan
The files there are backups created by the MS tool for rollbacks to restore points.... C:/System Volume Information ...
(Not sure about the exeact spelling of the tool)
(You can reset the complete windows to a stored point in the past)
Our TrendMicro has also find the virus there in older copies from our neobook apps.
Hans-Peter