W32/Induc.A is a resident parasitic virus on Microsoft Windows, discovered in 1998 and isolated in 2002.


This virus spreads by infecting the systems running with a Delphi development environment. When the virus is executed it will first check if Delphi (version 4 through 7) is installed on the computer by trying to open the following registry key:


If found, it will get the Delphi installation folder from the same registry key. Next it will copy




and add its malicious code in the implementation section of this copy.

This file will be then compiled, resulting an infected sysconst.dcu (Delphi compiled unit) but not before making a copy of the once clean sysconst.dcu file under sysconst.bak. Then the copy of sysconst.pas will be deleted. As sysconst.dcu is included in each software compiled in Delphi, every program compiled with an infected Delphi will have the virus code embedded. The malware does nothing if Delphi is not installed.