SpyBot S&D update 07/13/03

Discussion in 'other anti-malware software' started by john2g, Jul 13, 2002.

Thread Status:
Not open for further replies.
  1. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
    4 additions
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Updated, ran it, and it detected what it said was a keylogger file

    Slient Guard, in C:\Windows\System\Code_msg.hlp and in HKLM\Software\Microsoft\CurrentVersion\SharedDlls\C:\Windows\System\Code_msg.hlp

    Hmmm; strange name for a shared dll... :rolleyes:

    I wonder where that came from, and whether it is in fact something that's capable of doing any harm at all.

    Somehow I doubt it...
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    And, of course, you sent in a 'Bug Report' , questioning the finding? Pete
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    No, I didn't, to tell you the truth.

    I could post at the Spybot forum, though.
     
  5. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    I did some research, and I believe it may pertain to the Pervasive Software Btrieve Database Manager, in which case it probably belongs to my Exact Accounting software.

    Now that I think of it, a Btrieve file has been known for wanting to dial out once, and I denied it access.

    He may have a point, although I don't think it's a serious issue.

    I don't think I'll report it as a 'bug' for the time being.

    I'll keep my backups, and see how my accounting software will behave.
     
  6. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    That's certainly what it thinks it is.

    Thanks for the first link.

    Incidentally, reading that, I think the file that tried to phone out some time ago was probably W3DBSMGR.EXE.

    Anyway, I think I'll restore the file and will tell Spybot to put it on the ignore list.
     
  7. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    I just started up Exact, and was greeted by a LnS notification.

    Would you believe that.... :rolleyes:

    What do you think: is it up to no good?

    [year-old attachment deleted by admin]
     
  8. Tony,
    Put that thing away before you hurt yourself. :D
    Be Well,
    John

    Pervasive.SQL USER,S GUIDE ON LINE.

    http://old.sw.com.sg/products/psql2000/doc/html/unix2000/uguide/3smartc7.htm



    _______________________________________________

    4.- Check the Registry (Btrieve 7.x)


    It is possible that if at least one workstation has a corrupted registry can cause problems for all other workstations.


    Btrieve version 7.x stores its settings in the Registry of the local computer. Sometimes the settings for Btrieve get corrupted and that can cause problems trying to run Adapt.


    To check if the registry for Btrieve v7.x is corrupted, run the program W3DBSMGR.EXE (normally located in the \Windows\System\ directory on each workstation). Once you execute this file, If you see the "Pervasive Database" icon in the system try, the registry is OK; but, if you see an error message, part of the registry that contains the setting for Btrieve is corrupted.


    Two files containing the exported settings for the workstation can be bound in the Adapt CD under \Tools\Btriv70\Registry

    BTRIEVE.REG contains the exported Btrieve settings for an environment on which Btrieve is running on the server.
    BTR&REQ.REG contains the exported Btrieve settings for an environment on which Btrieve is not running on the server.


    By double clicking on either one of these files, you will setup the current machine with those settings overwriting the current Btrieve registry.


    The easiest way is to look at the version of the W3ODBCCI.DLL, W3ODBCEI.DLL, W3DBSMGR.EXE, or W3DADBV2.DLL. The versions break down like this:
    7.50 - Original release of Pervasive.SQL 2000
    7.51 - Service Pack 1
    7.82 - Service Pack 2a
    7.90 - Service Pack 3
    7.94 - Service Pack 4
     
  9. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Thanks John,

    I remember I actually read that article when researching a W3DBSMGR.EXE invalid page fault that occurred just after quitting my accounting program.

    Btrieve always sort of lingers behind in the system tray, and shuts down a little later.

    However, it's part and parcel of my accounting software, of which I did a fresh install a couple of weeks ago, so there's not much more that I can do.

    And anyway, I'm not bothered, just curious..

    Thanks again!

    Cheers,
     
Loading...
Thread Status:
Not open for further replies.