Avria can detect the Delphi "Virus" so try giving it a run. Another thing to keep in mind, if your running the professional or enterprise versions of Vista or Windows 7 operating systems they use named pipe/network drive access to access the local drive (this actually started in NT 3.5 and is a carryover). So you will see traffic to your local IP when connect to a network. When not connected to a network you will not see this activity because the OS is "smart enough" to know better.

Some versions of DelDe are affected by the virus, and yes, it can affect more than just 4-7. I've confirmed infection all the way to 2009. There are also more than one out there, the one we are all familiar with is the SysUtils attack, but there are others . Good news is, no one has modified it to attack Lazarus yet (well good news if you use Lazarus).

For tracking it down, there is a way. Make sure your compiling to NATIVE code and not IL/2/3 (sorry, .NET). You can then use a custom memory manager to keep a runtime log or you can use a remote (3rd party) debugger to monitor execution (honestly its been years since I've done this, but it can be done). I can do some backup digging for the units I use to use, but I can't guarantee they still work

- Jeremy