AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of LeTay
LeTay
 asked on

Strange iphist.dat file appearing. Delphi related ?

Sometime, an empty file named iphist.dat appears either on the Windows desktop, or in a folder where I have a Delphi project, or in the folder where I copy the project EXE file.
My anti-virus avast! does not detect any virus on my computer...
What is that file ?
Is there anyway something worst than a virus on my PC ?
VulnerabilitiesOS SecurityDelphi
Avatar of undefined
Last Comment
LeTay
8/22/2022 - Mon
jimyX
Your System is infected by Aphex Worm.

I stopped using Avast since 2006. I am using Avira and I believe it's much more powerful than Avast.
jimyX
It's not Delphi related. Delphi has nothing to do with it, except that the worm keeps spreading over the folder/exe you access.
jimyX
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
LeTay
ASKER
Does not seem to be that worm : none of the file to be deleted, according to "how to remove it" does exist !
MerijnB
It certainly seems to be some sort of worm, maybe a successor of aphex. Did you do a scan during boot with avast? Is there anything in the iphist file?
LeTay
ASKER
The file is empty
I don't know how I can do a scan with avast at boot time
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
MerijnB
Open Avast interface, select scan, select boot-time scan from the drop down list, press start.

If nothing is found, it's wise to try with another virus scanner. Not that Avast is bad, but no single virus scanner gets everything.
Geert G
it's the indy component for resolving or monitoring ip adresses which creates this file
normally this is in the .exe directory

my best guess is an app uses
TIdIPWatch or TIdIpAddrMon
MerijnB
Very interesting Geert, especially since the same file is associated with some worms, you wonder if that's coincidence or not ;)
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER CERTIFIED SOLUTION
Geert G
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
MerijnB
I never stopped thinking, I just never use Indy ;)

Google for iphist.dat and you'll hit info about worms, not about Indy :p
LeTay
ASKER
I do not use that indy component !
Will start a full scan tonight
LeTay
ASKER
Sorry about that, I found I use that tidipwatch !
I will modify the properties and watch what happens
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
LeTay
ASKER
I change the property and indeed the file was that one !
Many thanks
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent