Improve company productivity with a Business Account.Sign Up

x
?
Solved

Strange iphist.dat file appearing. Delphi related ?

Posted on 2013-12-07
14
Medium Priority
?
2,897 Views
Last Modified: 2013-12-11
Sometime, an empty file named iphist.dat appears either on the Windows desktop, or in a folder where I have a Delphi project, or in the folder where I copy the project EXE file.
My anti-virus avast! does not detect any virus on my computer...
What is that file ?
Is there anyway something worst than a virus on my PC ?
0
Comment
Question by:LeTay
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 24

Expert Comment

by:jimyX
ID: 39702995
Your System is infected by Aphex Worm.

I stopped using Avast since 2006. I am using Avira and I believe it's much more powerful than Avast.
0
 
LVL 24

Expert Comment

by:jimyX
ID: 39702996
It's not Delphi related. Delphi has nothing to do with it, except that the worm keeps spreading over the folder/exe you access.
0
 
LVL 24

Expert Comment

by:jimyX
ID: 39703001
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
LVL 1

Author Comment

by:LeTay
ID: 39703104
Does not seem to be that worm : none of the file to be deleted, according to "how to remove it" does exist !
0
 
LVL 19

Expert Comment

by:MerijnB
ID: 39703436
It certainly seems to be some sort of worm, maybe a successor of aphex. Did you do a scan during boot with avast? Is there anything in the iphist file?
0
 
LVL 1

Author Comment

by:LeTay
ID: 39704032
The file is empty
I don't know how I can do a scan with avast at boot time
0
 
LVL 19

Expert Comment

by:MerijnB
ID: 39705551
Open Avast interface, select scan, select boot-time scan from the drop down list, press start.

If nothing is found, it's wise to try with another virus scanner. Not that Avast is bad, but no single virus scanner gets everything.
0
 
LVL 39

Expert Comment

by:Geert G
ID: 39710729
it's the indy component for resolving or monitoring ip adresses which creates this file
normally this is in the .exe directory

my best guess is an app uses
TIdIPWatch or TIdIpAddrMon
0
 
LVL 19

Expert Comment

by:MerijnB
ID: 39710732
Very interesting Geert, especially since the same file is associated with some worms, you wonder if that's coincidence or not ;)
0
 
LVL 39

Accepted Solution

by:
Geert G earned 2000 total points
ID: 39710748
why is it that when the asker adds 'Virus' to the question that everybody stops thinking ?

i came across this same behaviour too for the file iphist.dat
if you want to have the virus scanner react to a worm or viurs  
why not set the property correct of the IPWatch component

 bad properties
this is the original property value ... héhé
ipwatch properties
0
 
LVL 19

Expert Comment

by:MerijnB
ID: 39710753
I never stopped thinking, I just never use Indy ;)

Google for iphist.dat and you'll hit info about worms, not about Indy :p
0
 
LVL 1

Author Comment

by:LeTay
ID: 39710805
I do not use that indy component !
Will start a full scan tonight
0
 
LVL 1

Author Comment

by:LeTay
ID: 39710810
Sorry about that, I found I use that tidipwatch !
I will modify the properties and watch what happens
0
 
LVL 1

Author Closing Comment

by:LeTay
ID: 39710982
I change the property and indeed the file was that one !
Many thanks
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
Watch the video to learn how one can deal with PST file corruption issue with an outstanding Kernel for Outlook PST Repair Tool easily. Using this tool, non-technical users can swiftly perform the repair process to restore their essential data witho…
Watch the video to know how one can repair corrupt Exchange OST file effortlessly and convert OST emails to MS Outlook PST file format by using Kernel for OST to PST converter tool. It can convert OST to MSG, MBOX, EML to access them. It can migrate…

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question