SBSYS.dll

Discussion in 'other anti-virus software' started by controler, Nov 19, 2002.

Thread Status:
Not open for further replies.
  1. controler

    controler Guest

    Hello all

    I would like to know if any of you have the file SBSYS.dll on your systems and if so does your AV detect it as a virus?
    KAV Lite seems to detect it as a virus and when I send it in for inspection to KAV support, I only get an automated responce back telling me I am infected. When I ask if the file was inspected, My reply is no... I wonder why they are leaving it up to their automated responce and not thinking it could be a false possative?
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi controler,

    I searched my system and Google and came up empty on both counts.
    Do you know where it belongs to or can you tell us what folder it is in?

    Regards,

    Pieter
     
  3. controler

    controler Guest

    Hi Pete

    I will do some more investagating after work tonight.

    In the mean time ;) It is in my main windows folder.
    My small search found it tied to some COBOL stuff.

    I was dating a Russian woman a few months back that still does mostly COBOL and a tad bit of Java programming LOL
    Do many AV's look at COBOL anymore?

    Am I parinoid ??
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    I´d much rather like to believe KAV is. ;)
    It didn´t show up in any virusdescriptions I read recently.
    Let us know what the properties tab has to say about it. If you still don´t trust it:
    support@eurosecure.com
    submit@diamondcs.com.au

    Regards,

    Pieter
     
  5. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Controler,
    no such file in my Win2K box !!
    Can't find any info on it either ! o_O
    regards,
    bill ;)
     
  6. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Rokop-Security offers also a file analysis service. Maybe you want to send the file to virus@rokop-security.de as well. :)
    At Rokop we are in direct contact (to go around these stupid autoreplies) with several av companies including Kaspersky. So if it is really a false positive we can ensure that it will be fixed quickly.

    wizard
     
  7. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    If you really think it is COBOL, that is not out of the question on this "new".net ;-).
    I had seen some advertisments put togetger that way.

    I have been following this stuff for awhile if you want a good read.


    About NetCOBOL for .NET

    http://www.adtools.com/dotnet/
    ____________________________
    Are you ready for .NET?
    Microsoft's .NET Framework introduces many new terms and concepts, even to those familiar with Microsoft Windows technology. In addition, Fujitsu has added enhancements and extensions to COBOL to support the features of the .NET Framework. Before programming in this new environment, it is important to have a good understanding of the basic .NET terminology.

    Fujitsu has produced a training course, "Microsoft .NET for COBOL Programmers" to provide you with all the .NET understanding you need to start using the .NET Framework - whether you are creating Windows Forms, Web Forms, Web Services, using ADO.NET or any of the other .NET features, you'll find this an invaluable resource. See Microsoft .NET for COBOL Programmers for details.
    http://www.adtools.com/dotnet/#1
    ____________________________
    Calling Procedural COBOL from C#
    In a previous article we discussed how to call procedural based COBOL programs from VB.NET. Rick Malek 09/05/2002
    Calling Procedural COBOL from VB.NET
    Many clients will have existing COBOL source code that they will want to use within the .NET Framework. Rick Malek 08/28/2002
    Why Object Orientation for COBOL?
    "Why is Microsoft interested in having so many languages target the new environment? Rick Malek 07/08/2002

    http://www.c-sharpcorner.com/cobolnet/code.asp



    how to call COBOL.DLL from Visual Basic

    Have any of you tried calling a COBOL.DLL from Visual Basic.
    The COBOL.DLL has been created using NetExpress environment. Let me know the
    white paper available if any and the links.


    HELP NEEDED while calling nested cobol programs from cobol DLL
    http://w3.one.net/~kevinw/wwwboard2/messages/572.html

    ________________
    Q28: When executing a COBOL program, which CA-Realia II Workbench programs are also required?

    A28: Depending upon the features of CA-Realia COBOL that you used in your application, the following programs must be available in the current directory or system searched path:

    CARCLW60.DLL (COBOL runtime module)
    CARCIW60.dll (needed only if the program has been built with the DEBUG option enabled)
    CARFSW20.DLL (Standard File System Module)
    CARFSW16.DLL (16-bit Indexed File System)
    These modules can be redistributed royalty-free with your applications.

    http://esupport.ca.com/index.html?/public/cobol_testing/infodocs/realia1000.asp

    _______________________________________________


    But I had wondered of you ever messed around with this program?


    http://www.download32.nl/proghtml/109/10943.htm
    SBMail Control - 1.0.0
    by Shaffin N. Bhanji
    The purpose of this control is to send email online without using an external email client. All visitors to your Web Site wishing to send you mail, have to fill out the Subject, Message, their Email and finally click on the Send button provided .
     
  8. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    BTW-Computer Associates is the only one I know that does any COBOL..I think they have a debugger of sorts.
     
  9. controler

    controler Guest

    This is what KAV lite in any mode( normal, medium or High) is calling it.

    I finialy got the file to them without an autoresponce so they can disect it ;)
    I really am guessing it is a false alarm.

    ======================================
       archive: ZIP
    /SBSYS.dll   infected: Trojan.Spy.Justin
    /SBSYS.dll   infected: Trojan.Spy.Justin
    Known viruses : 1
    Virus bodies : 1
    Disinfected : 0
    Deleted : 0
    Warnings : 0
    Suspicious : 0
    Corrupted : 0
    1 I/O Errors : 0

    "From: Justin Funke
    Date: Fri Aug 17 2001 - 10:27:26 CDT

    Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    --------------------------------------------------------------------------------


    Does anyone know of a script that when executed from an email can notify
    back to me that the attachment was executed. I don't want anything with any
    kind of payload - just a notification as part of a test.


    Something not detectable by virus scanners would be a bonus - I want to
    audit the human component of the equation.

    Thanks,

    Justin."

    "So please remind me - which exploitable service/trojan used 1243 port ?

    Probably looking for Subseven Trojan.

    Justin"





    SOPHOS SITE READS:

    Troj/Justin
    Type
    Trojan

    Detection
    Detected by Sophos Anti-Virus since October 2002.

    Description
    Troj/Justin is a Trojan.


    http://www.gameshrine.com/pipermail/t2scripters/2001-August/subject.html
     
  10. controler

    controler Guest

    Used a handy trialware version of PE Explorer
    to view the DLL
    This info is taken from the Resorce viewer/Editor

    Link to the DLL viewer PE Explorer

    http://www.heaventools.com/?=pex


    Length Of Struc: 03D4h
    Length Of Value: 0034h
    Type Of Struc: 0000h
    Info: VS_VERSION_INFO
    Signature: FEEF04BDh
    Struc Version: 1.0
    File Version: 1.0.0.1
    Product Version: 1.0.0.1
    File Flags Mask: 0.63
    File Flags: DEBUG;
    File OS: NT (WINDOWS32)
    File Type: DLL
    File SubType: UNKNOWN
    File Date: 00:00:00 00/00/0000

    Struc has Child(ren). Size: 888 bytes.

    Children Type: StringFileInfo
    Language/Code Page: 1033/1200
    Comments: Copyright © Justin DuJardin 2002
    CompanyName: Justin DuJardin Software
    FileDescription: Advanced Logger DLL
    FileVersion: 1, 0, 0, 1
    InternalName: ALDLL
    LegalCopyright: Copyright © Justin DuJardin 2002
    LegalTrademarks:
    OriginalFilename: ALDLL.dll
    PrivateBuild:
    ProductName: Advanced Logger, DLL
    ProductVersion: 1, 0, 0, 1
    SpecialBuild:

    Children Type: VarFileInfo
    Translation: 1033/1200
     
  11. controler

    controler Guest

  12. Gladiator

    Gladiator Guest

    can you send me this file please ?

    virus@gladiator-antivirus.com
     
  13. controler

    controler Guest

    Sorry I didn't see this post sooner gladiator
    I am sending the zipped file now :D
     
  14. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Controler,
    make sure you post the final outcome on that SBSYS.dll.
    Thanks,
    bill ;)
     
  15. controler

    controler Guest

    Oppss I thought i did post the results with the PE explorer info.
    It turned out to be a keylogger DLL as indicated.
    I sent the file off to everyone that asked. ;)
    it was most likely left over from some of my testing.
    Not too many AV's caught it.
     
  16. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    I was thinking it was linked to some software you were probably running or testing, but after looking at the breakdown of the DLL, I wasn't sure if it was a "false positive" or not, especially since your AV's/AT's didn't detect it !!

    Can you share which ones didn't detect it ?? :D

    thanks and regards,
    bill ;)
     
  17. controler

    controler Guest

    I wouldn't dare do that :D

    But I will mention, not many did catch it ;)
     
Thread Status:
Not open for further replies.