What does the utility bspatch do ?

Discussion in 'General Returnil discussions' started by Thankful, Apr 30, 2010.

Thread Status:
Not open for further replies.
  1. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,564
    Location:
    New York City
    What does the utility bspatch.exe do?
    Thanks.
     
    Thankful, Apr 30, 2010
    #1
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    Cudni, Apr 30, 2010
    #2
  3. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,564
    Location:
    New York City
    I don't think so, but possible. I ran A-squared and NOD32 and both came up clean. I also ran file through Virustotal and came up clean.
     
    Thankful, Apr 30, 2010
    #3
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    what is the reported location on hd?
     
    Cudni, Apr 30, 2010
    #4
  5. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,564
    Location:
    New York City
    C:\Windows\System32\Returnil\RVS3\Utils
     
    Thankful, Apr 30, 2010
    #5
  6. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    Cudni, Apr 30, 2010
    #6
  7. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,564
    Location:
    New York City
    I appreciate the research. It doesn't look malicious. There should be a sticky
    explaining what the utilities do. It is quite upsetting seeing a process running called 'bspatch.exe' that I've never seen before.
     
    Thankful, Apr 30, 2010
    #7
  8. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    I think it is used to apply VirusGuard definition updates.
     
    pegr, May 1, 2010
    #8
  9. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,564
    Location:
    New York City
    I have the VirusGuard disabled. Anyway, this is very poor programming. Why isn't the utility named Rvs... instead of bspatch?? Also, why the need to create an additional utilty instead of doing the process within Returnil??
     
    Thankful, May 1, 2010
    #9
  10. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    I think we need Coldmoon to answer these questions.
     
    pegr, May 1, 2010
    #10
  11. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi Guys,
    The file is as pegr suggests and is actually a BSD utility so it cannot be renamed. See your C:\Program Files\Returnil\RVS3\licenses\bsdiff folder for the applicable license...

    Mike
     
    Coldmoon, May 1, 2010
    #11
  12. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,564
    Location:
    New York City
    Very poorly designed to see an executable bspatch.exe running. What does the utility do? I had VirusGuard disabled. It was enough to cause me to remove Returnil.
     
    Thankful, May 1, 2010
    #12
  13. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    It allows the signatures to be incrementally updated. When you turned off the VG, did you also deactivate the automatic signature updating and malware sample/data collection?

    Mike
     
    Coldmoon, May 1, 2010
    #13
  14. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,564
    Location:
    New York City
    The malware sample/data collection was deactivated ("do not report any malicious activity"). I also selected "Only proven detection rules."
     
    Thankful, May 1, 2010
    #14
  15. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    What was your setting for the automatic updates?

    preferences > Communication TAB > Update section
     
    Coldmoon, May 1, 2010
    #15
  16. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,564
    Location:
    New York City
    The only change from the default settings for that tab was I removed the check
    mark from 'Allow remote control'. Other than that, I never touched that tab.
    Is this area relevant even if I disable VirusGuard real time protection?
     
    Last edited: May 1, 2010
    Thankful, May 1, 2010
    #16
  17. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Yes, change the automatic update setting to "Never".

    Mike
     
    Coldmoon, May 1, 2010
    #17
  18. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,564
    Location:
    New York City
    Done. Thanks.
     
    Thankful, May 1, 2010
    #18
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...