Discussion in 'General Returnil discussions' started by Thankful, Apr 30, 2010.
What does the utility bspatch.exe do?
I don't think so, but possible. I ran A-squared and NOD32 and both came up clean. I also ran file through Virustotal and came up clean.
what is the reported location on hd?
Until definitive answer, how about this for more speculation on my part
I appreciate the research. It doesn't look malicious. There should be a sticky
explaining what the utilities do. It is quite upsetting seeing a process running called 'bspatch.exe' that I've never seen before.
I think it is used to apply VirusGuard definition updates.
I have the VirusGuard disabled. Anyway, this is very poor programming. Why isn't the utility named Rvs... instead of bspatch?? Also, why the need to create an additional utilty instead of doing the process within Returnil??
I think we need Coldmoon to answer these questions.
The file is as pegr suggests and is actually a BSD utility so it cannot be renamed. See your C:\Program Files\Returnil\RVS3\licenses\bsdiff folder for the applicable license...
Very poorly designed to see an executable bspatch.exe running. What does the utility do? I had VirusGuard disabled. It was enough to cause me to remove Returnil.
It allows the signatures to be incrementally updated. When you turned off the VG, did you also deactivate the automatic signature updating and malware sample/data collection?
The malware sample/data collection was deactivated ("do not report any malicious activity"). I also selected "Only proven detection rules."
What was your setting for the automatic updates?
preferences > Communication TAB > Update section
The only change from the default settings for that tab was I removed the check
mark from 'Allow remote control'. Other than that, I never touched that tab.
Is this area relevant even if I disable VirusGuard real time protection?
Yes, change the automatic update setting to "Never".
Separate names with a comma.