Had to reboot the XP machine that runs Weather Display today, after more updates from Microsoft.
After the reboot, tried to start Weather Display, but AVG antivirus claimed that C:\wdisplay\Zip32.dll is infected with the trojan horse “BackDoor.Generic.”
So allowed AVG to quarantine it, but weather display will not start without it.
The machine sits behind a standalone firewall which runs the dial-up, and no browsing occurs from that machine, so an infection is odd.
What does Zip32.dll do under Weather Display?
Haven’t posted this in bugs, as it doesn’t seem to be a WD problem.
hi
its for the zip data back up routine
i would say your antivirus program is going over the top
as the file creation date is 2002 on that dll file…its an old file…
Oh dear. It’s an old file - file creation date of 2002.??? Provided with wdisplay32 27 Feb 2005?
Less than 18 months ago …
I AM up a creek without a paddle. #-o
And if it was for the “zip data backup routine” it seems to be called very early in the startup of Weather Display for AVG to pounce on it and kill it before it launches the app.
That is why I asked what zip32.dll actually did.
I didn’t think it would be a data file being called by WD when it started … but it does seem to be rather important to getting WD running.
Thanks for the quick reply, but I’d still like to have some idea of what it does so early in the routine, so that I can figure out how to get my system going again.
I have to say that with the “on the fly” releases of Weather Display (to incorporate all the new requests) I tend to be a bit cautious about upgrading - there’s no controlled and tested releases and it seems to be pretty much … find a release that doesn’t cause too much grief and hang on there as long as possible. Which is what I’ve done. I’m reluctant to move on from the Feb 2005 release which was working … and doesn’t seem that old … and I had assumed that it was still supported.
But let me know if I have to “bite the bullet” and move on to another release.
I think you have very cleverly turned the tables back on me on this one.
I don’t claim that this is a Weather Display problem … but there is an issue.
Claiming that my antivirus software has a problem with an old file released within the last 2 years with Weather Display seems spurious.
Can you provide a hint as to what the dll file might be doing so that I can work out whether the latest XP update or AVG update might be causing the problem?
Ive just checked mine and it is the 2002 version and I am running 10.35d. So just install 10.35d to a different folder but dont let it start, then copy over the dll. Then start your old WD install.
Hi Stuart, thanks for your suggestion. Are you running XP on your machine?
Today’s reboot was carried out because XP Update requested it - and then this new re-validataion malarkey that MS is up to kicked in. The machine runs a legit version of XP Pro, but MS want us to go through another sequence of verifying our honesty. Quite a bit of disk activity and too many bytes of info going out through the firewall for my peace of mind…
Anyway. That part went OK (after I’d surfed the web to see what this new validation malarkey was about - from another machine.)
The next two apps to start on the machine were ZoneAlarm and AVG antivirus … and then I started WD manually. BOP! AVG stomped on the dll file.
Since posting my first query, I’ve re-checked the virus vault. Isolated the machine from the network. Tried again - same result.
So, I made sure that the daily backup of data was secure on the server and re-installed Weather Display to the same directory (as per the FAQ suggestions without the opportunity to do a registry backup from a running version of W/Display).
The dll file re-appears in the wdisplay directory as part of the process, but Windows now reports an exception error. So a re-install won’t solve the issue.
I still don’t think it’s a Weather Display problem - it has to be either Windows Update or AVG, I suspect.
But until I find out what that dll is doing, I won’t be able to progress further.
That system is the only Microsoft machine that is allowed to run 24 hours on my network, and hence is tightly locked down, with its own antivirus s’ware and firewall. It can only access the Internet via an external Smoothwall router. It only runs three legacy Windows apps, so if it has been compromised with a trojan, then that can only have been passed by one of the linux machines (unlikely), or an app running on the XP system itself.
Of the three apps running on it, Weather Display is the only one that can access the Internet, and write a daily backup file to the linux server. The other two are completely self-contained collecting data from analogue interfaces on the system, and cannot be accessed from elsewhere on the network.
That’s why AVG’s claim of a trojan was a major surprise.
I’d like to know a bit more about why that dll file is so crucial to starting up Weather Display, I think.
For me a weather station is a “nice to have” but not if it becomes a major maintenance issue on an unsafe platform. If it becomes an issue, then I guess it will have to be cut back. Them’s the breaks…
It’s possible that AVG is picking the file up as a false positive. If you have access to another up to date virus checker, check your machine with that for peace of mind.
zip32.dll is a common dll, it’s not uniquely a WD file. This post appeared on alt.comp.anti-virus today, this guy has a problem with the same file in UltraVNC so I would bet it’s AVG’s problem.
From: ****…@gmail.com - view profile
Date: Thurs, Jun 15 2006 7:37 pm
Email: [email protected]
Groups: alt.comp.anti-virus
Not yet ratedRating:
show options
Hello,
As of last scan my AVG anti-virus (free edition) is reporting that the
Zip32.dll file located in the program folder of the UltraVNC program is
Torjan Horse Backdoor.Generic2.YJY. My other PC has Norton which does
not report this file as a virus. Can anyone confirm that this is a
false positive?
note that i use WD here myself, and I do test the new releases myself…i am a bit surprsied about your negative attacks towards wd adn me in your posts…why?
Hi All,
I am running vista with so many virus checkers that I slays me. I also have etrust virus checker. I have no problems. So it must be the MSN update or your virus checker. A couple of years ago I was getting a worm notice about wd from norton checker. after lots of time and trouble I found that it was the checker not wd.
Chuck
My normal scan with Norton has shown no problem. I removed AVG some time ago and apart from MS update closing down PC (my fault- hadn’t checked box to give me control of installing updates) don’t have any probs I’m aware of.
[color=blue]If you suspect a file to be a false positive. Test the file at virusscan.jotti.org and if it is a false positive, archive (zip, arc, tar etc) the file using a password and email a copy to [email protected] with a brief description as well as the password you used to archive it with.
If it is a false positive , turn off hueristic scanning for the time being. When Grisoft adjusts the virus defintions you can turn it back on.[/color]
virusscan.jotti.org appears to be a very useful site that will scan an uploaded file with 15 different AV programs
AVG is ok, and I used to use it, but after a lot of testing of alternatives and a fair amount of research, I now use f-prot http://www.f-prot.com
It is inexpensive; $29/year for home users which give you a license to install and use it (legally) on up to 5 PC’s in your home. It has a good antivirus engine and, very important to me, it is not a giant piece of bloatware that slows everything on your computer down to a crawl. It has a very simple, maybe even rudimentary user interface, but that’s fine with me. It is a focused, compact piece of software that does its job with minimal impact on your computer’s resources.
For corporate users, if I remember correctly, it is $50/yr which gives a license for up to 10 computers.
I hadn’t noticed an attack. Perhaps you misread a “tongue-in-cheek” comment about being “up a creek without a paddle” and what was intended as a constructive comment about releases of Weather Display as such. If so, I apologise. Note that I have maintained that I did NOT think that it was a problem with Weather Display.
Thanks everyone for the research and feedback. It certainly does seem to be the result of an overactive antivirus app and the need to do a reboot to activate Windows updates.
It seems that posting this item under “Chatter” was the right idea - it’s the part of the forum where we sometimes get a bit philosophical.
Having slept on it overnight, I have suddenly realised that running a weather website is much like owning a dog - it requires real on-going commitment!
When I pulled the file on the system after yesterday’s failure, I was astonished to note that I’ve had to do a major system rebuild about every 4 months since deciding to run up the weather station 18 months ago.
The weather station itself, which is largely mechanical and sits out in all sorts of weather, is remarkably robust and reliable.
It’s the weather computer that chews up the time. Because it accesses the Internet, it needs protection with a firewall and virus-checker. The firewall, virus-checker and operating system have to be kept up to date to keep the system safe - this requires monitoring and bandwidth.
Then, all the software components have to work harmoniously to keep the system running.
There’s also maintenance work to be done. Data has to be backed up to another machine, and checked and tested periodically. I also check the webpage once a day, making sure its updating, and that the previous day’s historical data has been posted.
Wow, its starting to add up!
Weather Display makes it easy to put up a webpage - and I’ve run with Brian’s standard page design since day one - it’s good and well-recognised. It’s hardly been altered - last change was made last October when I altered the colour of two panels to make it a bit more distinctive. I simply don’t tinker much, apart from look at the data.
But it was a revelation to find that the story had grown with the telling! What seemed like a self-sustaining project has turned into quite a commitment.
There are 3 components here - the weather station, the weather PC and the website. I now need to see whether I can go without one or two of them - the weather station itself is still running. I suspect that I’m hooked but will see whether I start twitching over the next few days. There’s plenty of other things which need attention. #-o
