SpyBot S&D update 07/13/03

[john2g]

4 additions

[TonyKlein]

Updated, ran it, and it detected what it said was a keylogger file

Slient Guard, in C:\Windows\System\Code_msg.hlp and in HKLM\Software\Microsoft\CurrentVersion\SharedDlls\C:\Windows\System\Code_msg.hlp

Hmmm; strange name for a shared dll...

I wonder where that came from, and whether it is in fact something that's capable of doing any harm at all.

Somehow I doubt it...

[spy1]

And, of course, you sent in a 'Bug Report' , questioning the finding? Pete

[TonyKlein]

No, I didn't, to tell you the truth.

I could post at the Spybot forum, though.

[TonyKlein]

I did some research, and I believe it may pertain to the Pervasive Software Btrieve Database Manager, in which case it probably belongs to my Exact Accounting software.

Now that I think of it, a Btrieve file has been known for wanting to dial out once, and I denied it access.

He may have a point, although I don't think it's a serious issue.

I don't think I'll report it as a 'bug' for the time being.

I'll keep my backups, and see how my accounting software will behave.

ISCOUT32.EXE, would have been my first guess Tony.

http://www.pervasive.co.jp/support/Embedded/psql75/wizard/nojava.html




But Spybot may think it is looking at this...


http://www.adavi.com/overview.cfm#sg

[TonyKlein]

That's certainly what it thinks it is.

Thanks for the first link.

Incidentally, reading that, I think the file that tried to phone out some time ago was probably W3DBSMGR.EXE.

Anyway, I think I'll restore the file and will tell Spybot to put it on the ignore list.

[TonyKlein]

I just started up Exact, and was greeted by a LnS notification.

Would you believe that....

What do you think: is it up to no good?

[year-old attachment deleted by admin]

Tony,
Put that thing away before you hurt yourself.
Be Well,
John

Pervasive.SQL USER,S GUIDE ON LINE.

http://old.sw.com.sg/products/psql20...e/3smartc7.htm



_______________________________________________

4.- Check the Registry (Btrieve 7.x)


It is possible that if at least one workstation has a corrupted registry can cause problems for all other workstations.


Btrieve version 7.x stores its settings in the Registry of the local computer. Sometimes the settings for Btrieve get corrupted and that can cause problems trying to run Adapt.


To check if the registry for Btrieve v7.x is corrupted, run the program W3DBSMGR.EXE (normally located in the \Windows\System\ directory on each workstation). Once you execute this file, If you see the "Pervasive Database" icon in the system try, the registry is OK; but, if you see an error message, part of the registry that contains the setting for Btrieve is corrupted.


Two files containing the exported settings for the workstation can be bound in the Adapt CD under \Tools\Btriv70\Registry

BTRIEVE.REG contains the exported Btrieve settings for an environment on which Btrieve is running on the server.
BTR&REQ.REG contains the exported Btrieve settings for an environment on which Btrieve is not running on the server.


By double clicking on either one of these files, you will setup the current machine with those settings overwriting the current Btrieve registry.


The easiest way is to look at the version of the W3ODBCCI.DLL, W3ODBCEI.DLL, W3DBSMGR.EXE, or W3DADBV2.DLL. The versions break down like this:
7.50 - Original release of Pervasive.SQL 2000
7.51 - Service Pack 1
7.82 - Service Pack 2a
7.90 - Service Pack 3
7.94 - Service Pack 4

[TonyKlein]

Thanks John,

I remember I actually read that article when researching a W3DBSMGR.EXE invalid page fault that occurred just after quitting my accounting program.

Btrieve always sort of lingers behind in the system tray, and shuts down a little later.

However, it's part and parcel of my accounting software, of which I did a fresh install a couple of weeks ago, so there's not much more that I can do.

And anyway, I'm not bothered, just curious..

Thanks again!

Cheers,