• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2823
  • Last Modified:

Strange iphist.dat file appearing. Delphi related ?

Sometime, an empty file named iphist.dat appears either on the Windows desktop, or in a folder where I have a Delphi project, or in the folder where I copy the project EXE file.
My anti-virus avast! does not detect any virus on my computer...
What is that file ?
Is there anyway something worst than a virus on my PC ?
0
LeTay
Asked:
LeTay
  • 5
  • 4
  • 3
  • +1
1 Solution
 
jimyXCommented:
Your System is infected by Aphex Worm.

I stopped using Avast since 2006. I am using Avira and I believe it's much more powerful than Avast.
0
 
jimyXCommented:
It's not Delphi related. Delphi has nothing to do with it, except that the worm keeps spreading over the folder/exe you access.
0
 
jimyXCommented:
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LeTayAuthor Commented:
Does not seem to be that worm : none of the file to be deleted, according to "how to remove it" does exist !
0
 
MerijnBSr. Software EngineerCommented:
It certainly seems to be some sort of worm, maybe a successor of aphex. Did you do a scan during boot with avast? Is there anything in the iphist file?
0
 
LeTayAuthor Commented:
The file is empty
I don't know how I can do a scan with avast at boot time
0
 
MerijnBSr. Software EngineerCommented:
Open Avast interface, select scan, select boot-time scan from the drop down list, press start.

If nothing is found, it's wise to try with another virus scanner. Not that Avast is bad, but no single virus scanner gets everything.
0
 
Geert GruwezOracle dbaCommented:
it's the indy component for resolving or monitoring ip adresses which creates this file
normally this is in the .exe directory

my best guess is an app uses
TIdIPWatch or TIdIpAddrMon
0
 
MerijnBSr. Software EngineerCommented:
Very interesting Geert, especially since the same file is associated with some worms, you wonder if that's coincidence or not ;)
0
 
Geert GruwezOracle dbaCommented:
why is it that when the asker adds 'Virus' to the question that everybody stops thinking ?

i came across this same behaviour too for the file iphist.dat
if you want to have the virus scanner react to a worm or viurs  
why not set the property correct of the IPWatch component

 bad properties
this is the original property value ... héhé
ipwatch properties
0
 
MerijnBSr. Software EngineerCommented:
I never stopped thinking, I just never use Indy ;)

Google for iphist.dat and you'll hit info about worms, not about Indy :p
0
 
LeTayAuthor Commented:
I do not use that indy component !
Will start a full scan tonight
0
 
LeTayAuthor Commented:
Sorry about that, I found I use that tidipwatch !
I will modify the properties and watch what happens
0
 
LeTayAuthor Commented:
I change the property and indeed the file was that one !
Many thanks
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 5
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now