Source language: Translate to:

NeoBook v5.6.4a - VERY IMPORTANT UPDATE!

Information about NeoBook Updates

Moderator: Neosoft Support

NeoBook v5.6.4a - VERY IMPORTANT UPDATE!

Postby Neosoft Support » Wed Aug 19, 2009 8:34 am

VERY IMPORTANT NEOBOOK UPDATE!

Yesterday afternoon we discovered that one of our development systems had been compromised by a new Delphi-specific virus called "Win32.Induc". (Delphi is the programming tool we used to develop NeoBook.) We believe that this virus was inadvertently sent to us by a customer. Our installed real-time anti-virus software did not alert us that a virus was present. As of this posting neither MacAfee nor Symantec are able to detect Win32.Induc.

Fortunately, the virus only affects systems with certain versions of Delphi installed and does nothing more than replicate itself. The virus has no payload and does not infect files other than one specific Delphi component. If you do not have Delphi installed the virus has NO effect. It will however trigger warnings from some anti-virus software. It is likely that the number of anti-virus applications that recognize this virus will increase over time.

Unfortunately, the following NeoSoft products were affected:

NeoBook v5.6.4
NeoBookDBPro v1.3
NeoBookKB v1.1a
NeoBookDX v1.1b

Older versions of these products were not affected.

This morning we have released the following updates to correct the problem:

NeoBook v5.6.4a
NeoBookDBPro v1.3a
NeoBookKB v1.1a
NeoBookDX v1.1c

The NeoBook update can be downloaded from: http://www.neosoftware.com/patch.html

The Plug-In updates can be downloaded from: http://www.neosoftware.com/nbw1.html or The NeoBook Resource Center: http://www.neosoftware.com/neobook/

An updated version of NeoToon can be downloaded from: http://www.neosoftware.com/software/NeoToon.exe

Foreign language versions will be released later today or tomorrow.

We recommend that customers using NeoBook v5.6.4 immediately download and install the NeoBook v5.6.4a update patch and any of the above plug-ins that you use. You should then recompile any publications previously compiled with NeoBook v5.6.4. This should completely solve the problem.

We sincerely apologize for any inconvenience this causes you.


More information about Win32.Induc can be found below:

http://news.cnet.com/8301-27080_3-10312628-245.html?part=rss&subj=news&tag=2547-1_3-0-20

http://www.viruslist.com/en/weblog?weblogid=208187826
Last edited by Neosoft Support on Wed Aug 19, 2009 3:13 pm, edited 1 time in total.
NeoSoft Support
Neosoft Support
NeoSoft Team
 
Posts: 5602
Joined: Thu Mar 31, 2005 10:48 pm
Location: Oregon, USA

Postby domino » Wed Aug 19, 2009 10:18 am

Thanks for the prompt action on this - I can only imagine the time you must have wasted dealing with this.

Cheers
Dave
User avatar
domino
 
Posts: 275
Joined: Sat Apr 02, 2005 7:11 am
Location: Notts UK

Postby David de Argentina » Wed Aug 19, 2009 11:16 am

Hi all,

Avira Antivir found this Malware within NeoToon.exe and NBPlay5.exe files.

My devaluated cent,
David de Argentina
User avatar
David de Argentina
 
Posts: 1559
Joined: Mon Apr 04, 2005 4:13 pm
Location: Buenos Aires, Argentina

Postby Neosoft Support » Wed Aug 19, 2009 12:36 pm

Avira Antivir found this Malware within NeoToon.exe and NBPlay5.exe files.


The NeoBook v5.6.4a update patch will replace NBPlay5.exe

You can download a replacement version of NeoToon using the link below:

http://www.neosoftware.com/software/NeoToon.exe
NeoSoft Support
Neosoft Support
NeoSoft Team
 
Posts: 5602
Joined: Thu Mar 31, 2005 10:48 pm
Location: Oregon, USA

Postby HPW » Wed Aug 19, 2009 1:05 pm

My development-system gets also infected with the same virus.
Since this happens before my last update cycle, all my plugins are involved.
All plugins are updated now:

http://www.hpwsoft.de/anmeldung/html1/n ... obook.html
Hans-Peter
User avatar
HPW
 
Posts: 2519
Joined: Fri Apr 01, 2005 11:24 pm
Location: Germany

Postby David de Argentina » Wed Aug 19, 2009 1:35 pm

Hi all,

I found all my recent compiled programs of NeoBook are infected with this malware.

My plugins are developed with PowerBasic compiler, this malware does not affect them.

Please, check your own compiled applications.

Another devaluated cent,
David de Argentina
User avatar
David de Argentina
 
Posts: 1559
Joined: Mon Apr 04, 2005 4:13 pm
Location: Buenos Aires, Argentina

Postby ErgoMan » Wed Aug 19, 2009 1:41 pm

Dear NeoBook Support,

Thanks for your quick action on this. I received an alert about this two days ago after installing new virus defiinitions from Zone Alarm Internet Security Suite. I thought it was a false positiive but did a through system scan anyway.

The description of the virus you provided was better than I had found on the web after being alerted.

Is there anything else we need to do to clean our systems, or should our antivirus repair take care of it?

ErgoMan
ErgoMan
 
Posts: 50
Joined: Thu Jul 14, 2005 8:00 pm
Location: Bel Air, MD

Postby Neosoft Support » Wed Aug 19, 2009 2:17 pm

Is there anything else we need to do to clean our systems, or should our antivirus repair take care of it?


You shouldn't need to do anything else. Just download and install the updates in the above post and recompile any publications compiled with v5.6.4.

Most anti-virus apps are slowly starting to protect against this threat. Make sure you have the latest updates for your anti-virus and scan anything you find suspicious.

Thank you for your support.
NeoSoft Support
Neosoft Support
NeoSoft Team
 
Posts: 5602
Joined: Thu Mar 31, 2005 10:48 pm
Location: Oregon, USA

Postby UltraVox » Sun Aug 23, 2009 2:17 am

Thanks NeoSoft for your fast answers.

Now, is it possible to identify the plugin's targeted by the virus ?

Win.Induc.A is identify by BitDefender under the following names :

A0079578.exe
A0079619.ocx
A0079620.dll

All virus in a "System Volume Information" folder, after installing all news .EXE to NeoSoft, and reinstalling all Plugin's to HPW.

How to identify the others plugin's targeted by the virus ?

Thanks for your help.
UltraVox
 
Posts: 419
Joined: Sat Jul 28, 2007 11:14 am
Location: France

A few more threats found?

Postby ErgoMan » Sun Aug 23, 2009 9:51 am

My anti-virus program just identified NeoPlay as having being infected with Win.Induc.A. This was after installing the patch; however, I have not run NeoBook since the update. I am wondering if that would have prevented that alert.

I thought it a good idea to run my anti-virus scan on back up hard drive. Everything was clean except the following items were identified as being infected with Win.Induc.A.

My YouTube Database eng.exe from the My YouTube Video Database
http://specialapps.software-zone.com/files/MYVD.zip

NeoGoogleMaps.exe
http://specialapps.software-zone.com/fi ... leMaps.zip

(I believe David's email announcement my have included the above two alerts.)

Paddle Demo\Paddle demo.exe
http://www.haltech.net/zip/neobook.html

ErgoMan
ErgoMan
 
Posts: 50
Joined: Thu Jul 14, 2005 8:00 pm
Location: Bel Air, MD

Postby David de Argentina » Sun Aug 23, 2009 6:26 pm

Thanks Ergoman.

Both programs were updated.

Please, tell me if the problem appairs with another file.

Thanks again

David de Argentina
User avatar
David de Argentina
 
Posts: 1559
Joined: Mon Apr 04, 2005 4:13 pm
Location: Buenos Aires, Argentina

Postby ErgoMan » Sun Aug 23, 2009 7:14 pm

David,

Thanks. I downloaded them and they scanned clean.

I agologize if my post seemed like a prompt for action (I didn't intend that). That's why I referenced your response in the previous email. I was trying to answer the question about the extent of the threat. I was curious about that after getting a new alert on my system after installing the patch.

ErgoMan
ErgoMan
 
Posts: 50
Joined: Thu Jul 14, 2005 8:00 pm
Location: Bel Air, MD

Postby Neosoft Support » Mon Aug 24, 2009 9:56 am

My anti-virus program just identified NeoPlay as having being infected with Win.Induc.A. This was after installing the patch; however, I have not run NeoBook since the update. I am wondering if that would have prevented that alert.


The 5.6.4a update patch should delete the old NBPlay5.exe file. A new updated version of NBPlay5.exe will be created the first time you run the v5.6.4a NeoBook.exe.
NeoSoft Support
Neosoft Support
NeoSoft Team
 
Posts: 5602
Joined: Thu Mar 31, 2005 10:48 pm
Location: Oregon, USA

Postby ErgoMan » Tue Aug 25, 2009 4:29 am

NeoBook Support,

Thanks for your reply. I thought that was the way NeoPlay was designed to work. Although I think I have all of the previously infected components from NeoBook resolved, my anti-virus continues to give me alerts for exes in my C:/System Volume Information folder. I am still trying to figure out why that is happening.

ErgoMan
ErgoMan
 
Posts: 50
Joined: Thu Jul 14, 2005 8:00 pm
Location: Bel Air, MD

Postby HPW » Tue Aug 25, 2009 7:20 am

... C:/System Volume Information ...


The files there are backups created by the MS tool for rollbacks to restore points.
(Not sure about the exeact spelling of the tool)
(You can reset the complete windows to a stored point in the past)

Our TrendMicro has also find the virus there in older copies from our neobook apps.
Hans-Peter
User avatar
HPW
 
Posts: 2519
Joined: Fri Apr 01, 2005 11:24 pm
Location: Germany

Next

Return to NeoBook Upgrade News

Who is online

Users browsing this forum: No registered users and 1 guest