Found by PestPatrol:

Pest: Meridian
Pest Info:
Category: Browser Helper Object
Release Date: 12/17/2001 0:00:00
File Info:
In File: C:\WINDOWS\SYSTEM\vbshell.tlb
PVT: 421896892
MD5: b8fc8ab66c226266ab7c68ea85f32710
Date: 03-20-2000 0:05:54
File Analysis: Look up with MD5 (recommended) or PVT.
Certainty: Confirmed
Threatens: Liability
Risk: Low.
Advice: Delete or quarantine
Action: Ignored


The info at the PestPatrol-site:
link: here (http://research.pestpatrol.com/Search/FileInfoResults.asp?MD5=b8fc8ab66c226266ab7c68ea85f32710&Submit=Find+this+MD5)


Could someone tell me please a bit more about this one?
Thanks !

Hi FanJ, :)

You wouldn't happen to have a CLSID for that BHO ?

Regards,

Pieter

{QUOTE-> quoting: Pieter_Arntz link=board=20;threadid=16694;start=0#msg103330 date=1069521601]
Hi FanJ, :)

You wouldn't happen to have a CLSID for that BHO ?

Regards,

Pieter
<-QUOTE}

Hi Pieter :)

Oops, Pestpatrol didn't give me that one as far as I saw ::)
I could try to do a search at the registry.......

Cheers, Jan.

Hi Pieter,

Would this help:

[HKEY_CLASSES_ROOT\TypeLib\{39898EB0-DE1B-11D2-9FD6-00550076E06F}\1.0\0\win32]
@="C:\\WINDOWS\\SYSTEM\\vbshell.tlb"

[HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{39898EB0-DE1B-11D2-9FD6-00550076E06F}\1.0\0\win32]
@="C:\\WINDOWS\\SYSTEM\\vbshell.tlb"

Hi FanJ,

I have that file too. Just not as a BHO.
It´s in Windows\System32
63 kB No version info. The CLSID is the same.

Can I ask what triggered your interest?

Regards,

Pieter

Thanks Pieter,

Well, my interest was triggered by the alert from PestPatrol.
I guess I got to find out whether I have it indeed as BHO....

Hi FanJ,

Sorry if I´m stating the obvious.
HijackThis will tell you in a few seconds. Just see if it is listed under O2.

Regards,

Pieter

:-[ :-[ :-[ ::)
I should have thought about that......................... :-X

Thanks Pieter !!!!!!!!!!!!

That's a required file for SpywareGuard - deleting it may cause major system problems if you have SpywareGuard installed & active/running. :o (This just might explain some of the problems people have been having with SpywareGuard lately.)

It's a freely available type-library that SpywareGuard uses, and even if Meridian uses it, the type-library itself can't cause any damage (plus the file itself certainly isn't a BHO...).

If anyone can contact PestPatrol about it, I would appreciate it.

Best regards,

-Javacool

Hi FanJ,

You know me. I´ve got a one-track mind. ;)

I'm curious why PP started flagging this all of a sudden.
That file has probably been on your computer from the start. Keep us posted, my friend. :)

Pieter

Hi javacool,

Our posts crossed. Does SpywareGuard install that file if it is not present?

Regards,

Pieter

{QUOTE-> quoting: Pieter_Arntz link=board=20;threadid=16694;start=0#msg103379 date=1069533534]
Hi javacool,

Our posts crossed. Does SpywareGuard install that file if it is not present?

Regards,

Pieter
<-QUOTE}

Yep, the SpywareGuard installer will copy and register the vbshell.tlb file if it isn't present.

I wouldn't be surprised if Meridian installs that file itself and uses the type definitions within it to let its BHO function (especially if the Meridian BHO is written in VB), but again that type-library itself is certainly not malicious in nature.

Best regards,

-Javacool

Thanks Javacool !!!!!!!!!!!!!!!!

SpyWareGuard installed (at the moment not the active-part running).

As for BHO:
I just did run HijackThis 1.97.7:
It is not listed there under O2.


I could try to contact the PestPatrol folks, but I cannot promise that I wil succeed. In the past I had good contact via email (or you could post at their forum (not existing anymore), but since I tried it many months ago and I got no reply anymore.....well...eh....).

Hi FanJ,

Let me know if you don't have an answer by Monday evening (our timezone).

Regards and take care,

Pieter

Hi Pieter and Javacool :)

I have just send the question, with link to this thread and with Javacool's remarks, to the PestPatrol company using their web-based support.
My request has been assigned a number ;)
So, let's have a little patience till they reply.
I have asked them to reply here at this thread too.

PS: Pieter, maybe I'm not on-line monday; I'll send you an IM in a few minutes.

Cheers, Jan.

i noticed that pestpatrol being flagging that about 2 weeks ago. Obviously yet another false positive.

Hi,

I got very quickly a very nice email from Shirley at PestPatrol.

-Quote-
The detection of vbshell.tlb is a false alarm and has been removed from our database. New scan strings reflecting this will be posted as soon as possible.
-end quote-

Big thanks Shirley !!!

Best regards, Jan.

Good job, FanJ. :)

Pieter

Thanks Pieter :)

I was very pleased to see how good the support was working via their webbased-support, how quickly I got an answer and what a really nice email I got from Shirley !!!

Thumbs up for PestPatrol and Shirley !!! :) :D

Hi,

The false alarm has been fixed in the PestPatrol update from 25 Nov 2003.
I did run a scan with the latest def's: all OK :)
Thanks PestPatrol !!! :)