Backup.RDB/advisory

Discussion in 'other software & services' started by The Snowman, Feb 26, 2003.

Thread Status:
Not open for further replies.
  1. The Snowman

    The Snowman Guest

    *Due to illness I wont be able to provide indept details/links on this topic ***


    This topic could well fit into several forums. Hopefullt the more experienced members/mods will offer their opinions and advice if any is needed.

    "Backup.RDB".......is used to store information.....its used by programs such as Visual Zone (not sure if thats the correct name but its the program used with zone alarm to trace "hits")......its used by zone alarm's True Vector Engine.........its use by the keylogger >Spector<........
    Backup.RDB will continue to grow in size reaching several mb's...........but aside from that "Backup.RDB" stores information about previously installed/un-installed software and presently installed software.......its noteworthy to mention now that NOT EVER previouslu installed/uninstalled programs leaves telltale tracks in "Backup"......the experts here perhaps can better define the reason.
    Privacy wise......I view Backup.RDB as an invasion......
    Size wize.....a continuous growing file ...well you judge.

    A few moments after discovering this file I opeded it with Notepad....did a CUT of it's contents...then WIPED once....restarted the computer and the file contents remained GONE.........no ill effects have been noted as yet.
    I STRONGLY SUGGEST THAT NO ONE DO AS I DID.....please wait for the more experience users to advise..or don't do anything at all......( tonight my illness has me in a "crash" or "clean" mood)

    Sorry I can not offer more info on this subject. It would be well advised to look into this.

    The Snowman

    *illness will prevent me from replieing***
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    Hi Snowy, :)

    ::: wishing you all the best - hang in there!! :::

    All my best,
    LowWaterMark


    As far as the topic raised goes:

    Well, it'll be a little difficult to carry this thread forward without knowing where Snowman got the information above. It is difficult to say whether it was just a file he discovered on his own, or if he actually read a security advisory somewhere, which then caused him to go looking for the file on his system. However, here is some preliminary information on this...

    First up, there is a piece of malware called "Spector". There is a webpage from PestPatrol describing this here(link). It appears to be a sort of tracking and monitoring system that does so by way of taking screen shots of your desktop on a frequent basis. Graphic files, being rather large, would certainly grow at a very rapid rate and ought to be noticable if this were running for very long on a system. If this malware is a serious threat, I'd imagine other security scanning packages would also detect it. (I have not researched that. You may want to research this on your own security scanning packages website.)

    That said, I would like to point out that there is a very valid and legitimate use for the file "%windir%\Internet Logs\Backup.rdb" by Zone Alarm. This is the name of the file that stores a backup copy of the Zone Alarm configuration information, (the True Vector database). It holds all your machine specific Zone Alarm configurations (your "rules" if you will). When you close Zone Alarm (i.e. shut it down) Backup.rdb will be sync'd up with Iamdb.rdb (the primary copy of the ZA database) and they will be the same size. Yes, these files may grow some over time as extra programs, components or other firewall configs get updated in ZA, but, these files will not grow to dozens or hundreds of MB. Mine, with some 1,000 components running under 49 programs is exactly 1,070KB at this moment (Zone Alarm Plus, with component control enabled).

    If you are a user of ZA, do not be alarmed that you have a file called Backup.rdb in the \Internet Logs\ folder. This is normal. The file is controlled by ZA and is rewritten every time ZA closes down successful. It will not contain any system monitoring or keylogging like information.

    Perhaps we need more research into the Spector threat to see when and where this can be a real threat.
     
  3. The Snowman

    The Snowman Guest

    John

    was alittle worried that my post would cause some confusion so made a special effort to return for the one final post before departing.

    Everything you stated is absolutely correct. Backup.RDB is a system file.....not a threat in and of itself.....it can be located by use of Explorer="search C"
    my main concern was its growing size and left-over talltale signs.........which is easy to correct.
    Backup.RDB is just ONE of several system files that <spector> uses....there are several......again its not "backup.RDB thats of any problem...............as for the growing size..one report of 13 mb........I did not take notice of how large my file was..sorry.......my head hurts something awful tonight.........
    John you have this well under control so I"ll be moving on.

    Most thank you for your kind best wishes....you have always beem someone I consider as "special" among those I have met. Its rather embrassing that I am not feeling well enough to extend a thank you to all the fine person whom I have associated with at this forum....to those who read this..consider yourself as one of those persons.....Root..Pieter....Paul....Blaser...Jan...Snap..Discogail....Techno..JavaC....Krusty...........given sometime I'll be back to irratate one and all LOL...........
    Sorry by must depart for now.....the trip out from my cabin exhusted me......an once again the pain is worsening..........lay odds......I'll beat this illness in short time.
    OH..John....I was cleaning the computer an located Backup.Rdb........was alarmed when I noticed what was still listed there.....an posted for privacy sake.......seeya
     
Thread Status:
Not open for further replies.