Hello all

I would like to know if any of you have the file SBSYS.dll on your systems and if so does your AV detect it as a virus?
KAV Lite seems to detect it as a virus and when I send it in for inspection to KAV support, I only get an automated responce back telling me I am infected. When I ask if the file was inspected, My reply is no... I wonder why they are leaving it up to their automated responce and not thinking it could be a false possative?

Hi controler,

I searched my system and Google and came up empty on both counts.
Do you know where it belongs to or can you tell us what folder it is in?

Regards,

Pieter

Hi Pete

I will do some more investagating after work tonight.

In the mean time ;) It is in my main windows folder.
My small search found it tied to some COBOL stuff.

I was dating a Russian woman a few months back that still does mostly COBOL and a tad bit of Java programming LOL
Do many AV's look at COBOL anymore?

Am I parinoid ??

-{ Quote: " quoting: controler link=board=24;threadid=4994;start=0#32716 date=1037711540]

Am I parinoid ??
" }-

I´d much rather like to believe KAV is. ;)
It didn´t show up in any virusdescriptions I read recently.
Let us know what the properties tab has to say about it. If you still don´t trust it:
support@eurosecure.com
submit@diamondcs.com.au

Regards,

Pieter

Controler,
no such file in my Win2K box !!
Can't find any info on it either ! ???
regards,
bill ;)

Rokop-Security offers also a file analysis service. Maybe you want to send the file to virus@rokop-security.de as well. :)
At Rokop we are in direct contact (to go around these stupid autoreplies) with several av companies including Kaspersky. So if it is really a false positive we can ensure that it will be fixed quickly.

wizard

If you really think it is COBOL, that is not out of the question on this "new".net ;-).
I had seen some advertisments put togetger that way.

I have been following this stuff for awhile if you want a good read.


About NetCOBOL for .NET

http://www.adtools.com/dotnet/
____________________________
Are you ready for .NET?
Microsoft's .NET Framework introduces many new terms and concepts, even to those familiar with Microsoft Windows technology. In addition, Fujitsu has added enhancements and extensions to COBOL to support the features of the .NET Framework. Before programming in this new environment, it is important to have a good understanding of the basic .NET terminology.

Fujitsu has produced a training course, "Microsoft .NET for COBOL Programmers" to provide you with all the .NET understanding you need to start using the .NET Framework - whether you are creating Windows Forms, Web Forms, Web Services, using ADO.NET or any of the other .NET features, you'll find this an invaluable resource. See Microsoft .NET for COBOL Programmers for details.
http://www.adtools.com/dotnet/#1
____________________________
Calling Procedural COBOL from C#
In a previous article we discussed how to call procedural based COBOL programs from VB.NET. Rick Malek 09/05/2002
Calling Procedural COBOL from VB.NET
Many clients will have existing COBOL source code that they will want to use within the .NET Framework. Rick Malek 08/28/2002
Why Object Orientation for COBOL?
"Why is Microsoft interested in having so many languages target the new environment? Rick Malek 07/08/2002

http://www.c-sharpcorner.com/cobolnet/code.asp



how to call COBOL.DLL from Visual Basic

Have any of you tried calling a COBOL.DLL from Visual Basic.
The COBOL.DLL has been created using NetExpress environment. Let me know the
white paper available if any and the links.


HELP NEEDED while calling nested cobol programs from cobol DLL
http://w3.one.net/~kevinw/wwwboard2/messages/572.html

________________
Q28: When executing a COBOL program, which CA-Realia II Workbench programs are also required?

A28: Depending upon the features of CA-Realia COBOL that you used in your application, the following programs must be available in the current directory or system searched path:

CARCLW60.DLL (COBOL runtime module)
CARCIW60.dll (needed only if the program has been built with the DEBUG option enabled)
CARFSW20.DLL (Standard File System Module)
CARFSW16.DLL (16-bit Indexed File System)
These modules can be redistributed royalty-free with your applications.

http://esupport.ca.com/index.html?/public/cobol_testing/infodocs/realia1000.asp

_______________________________________________


But I had wondered of you ever messed around with this program?


http://www.download32.nl/proghtml/109/10943.htm
SBMail Control - 1.0.0
by Shaffin N. Bhanji
The purpose of this control is to send email online without using an external email client. All visitors to your Web Site wishing to send you mail, have to fill out the Subject, Message, their Email and finally click on the Send button provided .

BTW-Computer Associates is the only one I know that does any COBOL..I think they have a debugger of sorts.

This is what KAV lite in any mode( normal, medium or High) is calling it.

I finialy got the file to them without an autoresponce so they can disect it ;)
I really am guessing it is a false alarm.

======================================
***archive: ZIP
/SBSYS.dll***infected: Trojan.Spy.Justin
/SBSYS.dll***infected: Trojan.Spy.Justin
Known viruses : 1
Virus bodies : 1
Disinfected : 0
Deleted : 0
Warnings : 0
Suspicious : 0
Corrupted : 0
1 I/O Errors : 0

"From: Justin Funke
Date: Fri Aug 17 2001 - 10:27:26 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--------------------------------------------------------------------------------


Does anyone know of a script that when executed from an email can notify
back to me that the attachment was executed. I don't want anything with any
kind of payload - just a notification as part of a test.


Something not detectable by virus scanners would be a bonus - I want to
audit the human component of the equation.

Thanks,

Justin."

"So please remind me - which exploitable service/trojan used 1243 port ?

Probably looking for Subseven Trojan.

Justin"





SOPHOS SITE READS:

Troj/Justin
Type
Trojan

Detection
Detected by Sophos Anti-Virus since October 2002.

Description
Troj/Justin is a Trojan.


http://www.gameshrine.com/pipermail/t2scripters/2001-August/subject.html

Used a handy trialware version of PE Explorer
to view the DLL
This info is taken from the Resorce viewer/Editor

Link to the DLL viewer PE Explorer

http://www.heaventools.com/?=pex


Length Of Struc: 03D4h
Length Of Value: 0034h
Type Of Struc: 0000h
Info: VS_VERSION_INFO
Signature: FEEF04BDh
Struc Version: 1.0
File Version: 1.0.0.1
Product Version: 1.0.0.1
File Flags Mask: 0.63
File Flags: DEBUG;
File OS: NT (WINDOWS32)
File Type: DLL
File SubType: UNKNOWN
File Date: 00:00:00 00/00/0000

Struc has Child(ren). Size: 888 bytes.

Children Type: StringFileInfo
Language/Code Page: 1033/1200
Comments: Copyright © Justin DuJardin 2002
CompanyName: Justin DuJardin Software
FileDescription: Advanced Logger DLL
FileVersion: 1, 0, 0, 1
InternalName: ALDLL
LegalCopyright: Copyright © Justin DuJardin 2002
LegalTrademarks:
OriginalFilename: ALDLL.dll
PrivateBuild:
ProductName: Advanced Logger, DLL
ProductVersion: 1, 0, 0, 1
SpecialBuild:

Children Type: VarFileInfo
Translation: 1033/1200

Members list

http://crystal.uta.edu/~cse1111/cse1111/GroupMembersList.doc

Added url tags

can you send me this file please ?

virus@gladiator-antivirus.com

Sorry I didn't see this post sooner gladiator
I am sending the zipped file now ;D

Controler,
make sure you post the final outcome on that SBSYS.dll.
Thanks,
bill ;)

Oppss I thought i did post the results with the PE explorer info.
It turned out to be a keylogger DLL as indicated.
I sent the file off to everyone that asked. ;)
it was most likely left over from some of my testing.
Not too many AV's caught it.

-{ Quote: " quoting: controler link=board=24;threadid=4994;start=0#34043 date=1038779937]
Oppss I thought i did post the results with the PE explorer info.
It turned out to be a keylogger DLL as indicated.
I sent the file off to everyone that asked. ;)
it was most likely left over from some of my testing.
Not too many AV's caught it.
" }-

I was thinking it was linked to some software you were probably running or testing, but after looking at the breakdown of the DLL, I wasn't sure if it was a "false positive" or not, especially since your AV's/AT's didn't detect it !!

Can you share which ones didn't detect it ?? ;D

thanks and regards,
bill ;)

I wouldn't dare do that ;D

But I will mention, not many did catch it ;)