What does the utility bspatch do ?

Discussion in 'General Returnil discussions' started by Thankful, Apr 30, 2010.

Thread Status:
Not open for further replies.
  1. Thankful
    Offline

    Thankful Registered Member

    What does the utility bspatch.exe do?
    Thanks.
  2. Cudni
    Offline

    Cudni Global Moderator

  3. Thankful
    Offline

    Thankful Registered Member

    I don't think so, but possible. I ran A-squared and NOD32 and both came up clean. I also ran file through Virustotal and came up clean.
  4. Cudni
    Offline

    Cudni Global Moderator

    what is the reported location on hd?
  5. Thankful
    Offline

    Thankful Registered Member

    C:\Windows\System32\Returnil\RVS3\Utils
  6. Cudni
    Offline

    Cudni Global Moderator

  7. Thankful
    Offline

    Thankful Registered Member

    I appreciate the research. It doesn't look malicious. There should be a sticky
    explaining what the utilities do. It is quite upsetting seeing a process running called 'bspatch.exe' that I've never seen before.
  8. pegr
    Offline

    pegr Registered Member

    I think it is used to apply VirusGuard definition updates.
  9. Thankful
    Offline

    Thankful Registered Member

    I have the VirusGuard disabled. Anyway, this is very poor programming. Why isn't the utility named Rvs... instead of bspatch?? Also, why the need to create an additional utilty instead of doing the process within Returnil??
  10. pegr
    Offline

    pegr Registered Member

    I think we need Coldmoon to answer these questions.
  11. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    Hi Guys,
    The file is as pegr suggests and is actually a BSD utility so it cannot be renamed. See your C:\Program Files\Returnil\RVS3\licenses\bsdiff folder for the applicable license...

    Mike
  12. Thankful
    Offline

    Thankful Registered Member

    Very poorly designed to see an executable bspatch.exe running. What does the utility do? I had VirusGuard disabled. It was enough to cause me to remove Returnil.
  13. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    It allows the signatures to be incrementally updated. When you turned off the VG, did you also deactivate the automatic signature updating and malware sample/data collection?

    Mike
  14. Thankful
    Offline

    Thankful Registered Member

    The malware sample/data collection was deactivated ("do not report any malicious activity"). I also selected "Only proven detection rules."
  15. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    What was your setting for the automatic updates?

    preferences > Communication TAB > Update section
  16. Thankful
    Offline

    Thankful Registered Member

    The only change from the default settings for that tab was I removed the check
    mark from 'Allow remote control'. Other than that, I never touched that tab.
    Is this area relevant even if I disable VirusGuard real time protection?
    Last edited: May 1, 2010
  17. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    Yes, change the automatic update setting to "Never".

    Mike
  18. Thankful
    Offline

    Thankful Registered Member

    Done. Thanks.
Thread Status:
Not open for further replies.