LOGMESSAGES.DLL

Harold Fuchs harold "at" wolfeden.demon.co.uk
Wed Jan 4 12:17:02 2006 

Hmmmm.

I'm using Free VNC 4.1.1 on XP and my logmessages.dll is 17KB and has Date
Modified 11 March 2005.

Different .dll for different VNCs perhaps?

Harold Fuchs
  ----- Original Message -----
  From: James Weatherall
  To: 'john' ; vnc-list "at" realvnc.com
  Sent: Wednesday, January 04, 2006 11:21 AM
  Subject: RE: LOGMESSAGES.DLL


  John,

  VNC Server has a "logmessages.dll" as a standard part of the installation,
  which is obviously not a virus.  The standard logmessages.dll is 2Kb in
  size, so a trivial check is to verify that the one on your system is 2Kb
  rather than 12Kb as stated in the article.  If it's 12Kb then this may
  indicate that the standard logmessages.dll has been replaced by some sort
of
  malware.

  Regards,

  Wez @ RealVNC Ltd.


  > -----Original Message-----
  > From: vnc-list-admin "at" realvnc.com
  > [mailto:vnc-list-admin "at" realvnc.com] On Behalf Of john
  > Sent: 02 January 2006 14:41
  > To: vnc-list "at" realvnc.com
  > Subject: LOGMESSAGES.DLL
  >
  >      * Hi
  >      * sorry  to  start  with  this but I just installed
  > something called
  >        prevx and it apparently thinks the logmessages.dll
  >      * is malware.
  >
  >    So is it or not ?
  >    from the website
  >      *
  >      * This  Dynamic Link Library uses the file names
  > LOGMESSAGES.DLL and
  >        A0005784.DLL  and at least 26 other file names, the
  > latest we have
  >        seen  is  A0084451.DLL.  It has a file size of 12,288
  > bytes and is
  >        found    in    the    folder
  > [%PROGRAMFILES%\REALVNC\VNC4\]   or
  >        [%PROGRAMFILES%\GENESIS\NAVIGATOR SUITE\INFO\REMOTE\]
  > and at least
  >        79  other  folders.  This  Dynamic  Link Library also
  > appears with
  >        different  file  types.  This  is  quite  rare  and is
  > a technique
  >        sometimes used to disguise malware.
  >
  >
  > http://info.prevx.com/pxparall.asp?LANG=en&CMD=appinfo&PX5=27bea9e2005
  >
  > e751d30c200816e208500d1fc145b&MID=c0e1e44ca8c4066b71809072afc19f8ab901
  >
  > 8ec0d92cf8a3c91b446c2b4a8ef0&LC=3C36F993-AF1F-49A2-B058-120D938E68FD
  >    hopefully  someone  can  clarify  this and if it isn't
  > malware perhaps
  >    tell these folk it isn't
  >    regards
  >    John
  > _______________________________________________
  > VNC-List mailing list
  > VNC-List "at" realvnc.com
  > To remove yourself from the list visit:
  > http://www.realvnc.com/mailman/listinfo/vnc-list
  _______________________________________________
  VNC-List mailing list
  VNC-List "at" realvnc.com
  To remove yourself from the list visit:
  http://www.realvnc.com/mailman/listinfo/vnc-list