Ok, so Kerio keeps popping up and telling me that the Generic host process or somesuch is trying to execute a SimpleRecordDatabase module...

It's only happening on one PC and only recently too. Google shows nothing, nor does the MS Knowledge Base. Anyone know what it is? Sounds like a keylogger to my paranoid self... :huh:


Not sure if it's related but Mozilla keeps logging me out and won't let me in the AdminCP on this machine at all! :blink:

Sounds like malware to me too. You tried running bazook or adaware? With Bazooka you have to remove the spyware manually but its probably more 56k friendly.

Definately sounds like something nasty.

Another alternative is Hijackthis. That'll tell you everything that is running and it should be a realtively small download.

Hmm, I thought I had... but then I thought I had SpyBotS&D on this machine too... :huh:
Hmm, looks like I haven't finished updating everything then.
Back soon, cheers guys.

Hmm, I thought I had... but then I thought I had SpyBotS&D on this machine too... :huh:
Hmm, looks like I haven't finished updating everything then.
Back soon, cheers guys.
Hey Pug maybe this will help?
http://www.cybertechhelp.com/forums/showthread.php?t=40259&goto=nextoldest

And btw if you can get your hands on microsoft antispyware it has to be the best spyware removal tool i've used. And thats tough for me to say, I usually wont recommend a microsoft product like that :)

Hey Pug maybe this will help?
http://www.cybertechhelp.com/forums/showthread.php?t=40259&goto=nextoldest

And btw if you can get your hands on microsoft antispyware it has to be the best spyware removal tool i've used. And thats tough for me to say, I usually wont recommend a microsoft product like that :)
I'm in agreement with you there man, I still don't like it coz it's M$ but I got it a few days ago and it works aswell as if not better than S&D and AdAware (found stuff both of those missed http://wizdforums.co.uk/images/smilies/confused.gif)

lol i didnt even know MS made antispyware. :)

They bought Giant Software, and repackaged it.

My only hope is that you can control it in Domain Policy. That would be DOPE, and make my user's live's much better.

Yeah, I read about the MS one over the weekend, ta (had forgotten though).

Well, I've now done Ad-aware, SpybotS&D and the MS one is installed too.
I've blocked its execution with KPF for now, as nothing referenced it.
I think I still have a problem though. :unsure:
My monitor keeps flicking off every now and again and when it comes back I have a weird ghosted mouse pointer until I mouseout of the active window. :wacko:

My Sharp TFT flicks on and off in certain circumstances, it's done it since I bought it but only does it in Outlook Express when checking mail or one certain webpages. I've no idea what causes it but I put it down to software/computer hardware rather than the monitor but i'm yet to test that out.

Hope it isn't f***ed since the company I bought it from just went into receivership http://wizdforums.co.uk/images/smilies/unsure.gif

i was just looking for a link to CWshredder and i found this (http://www.spywareinfo.com/~merijn/downloads.html) page. 'bout half way down youll see a list of d/ls and mirrors including the cwshredder for that blasted CoolWeb and its varients. Also, as suggested earlier there is hijack this which scans your comp for any file that wants to attach to the net. be careful though its very powerful and you can easily remove the wrong thing.

Yeah I've run cwshredder too. I've got HijackThis on my thumbdrive somewhere, can't remember if I ran it on this one yet though.

Phil - you don't get a weird mouse pointer when it comes back do you?

Yeah I've run cwshredder too. I've got HijackThis on my thumbdrive somewhere, can't remember if I ran it on this one yet though.

Phil - you don't get a weird mouse pointer when it comes back do you?
Not that i've noticed - how long is the cursor 'weird' for, or is it perm'?

I've also got CursorXP running so maybe that's something to do with it...

No error messages such as the one you posted, and I have pestpatrol and M$ antispyware running permanently as well as running S&D + AdAware regularly, so hopefully i'm spyware/adware free.

I'm gonna try and return it now since Order24/7 are still answering the phone, if not does anyone know if I can get it changed direct from Sharp under manufacturers gurantee?
(I have an entire law library at my disposal but don't have time to look due to exams)

It lasts just until I mouseout of whatever happens to be the application in focus at the time (explorer, browser, mail client, photoshop, dreamweaver, etc).

It was doing this before that simpleDatabase thing cropped up (unless it took a kerio update to spot that).

The cursor goes kinda corrupted over a 100x100 pixel area. I get a duplicate pointer arrow to the right and a pointed finger one below. I'll try & screenshot it when it does it next.

[Edit] I can't screenshot a mouse pointer can I? Duh!
It just did it as I was typing this and I got the top half of the I shaped cursor in the normal place, the bottom half off to the right and a big ghosted pointer one below it.
It's weird. :wacko: My PC's acting haunted. :unsure: :D

you can SS a mouse pointer if you use irfanview and set the appropriate option.

My probs sound similiar, if for instance it does it in Outlook, if I tab to a Firefox window or out of Outlook it stops - only does it in outlook when checking for mail.

It's started doing it when I start windows up now. Screen flashes on and off uncontrolably until all prog's etc loaded @ startup http://wizdforums.co.uk/images/smilies/confused.gif


[EDIT] Just tried the tft on my g/f's pc and on mine with the VGA connection instead of DVI and it behaves impecably. So that narrows it down to shitty old Geforce3 Ti or dodgy cable/DVI port for the screen.

you can SS a mouse pointer if you use irfanview and set the appropriate option.
Really? I've got it but I don't see anything for that...
No matter. I'm sure I'll find the culprit for it eventually.


Hmm, now you've said that Phil, I can't think if I tried a different monitor on this machine. It's a 19" CRT but it doesn't do it on any other machine.
However, coincidentally, it is a GF3 Ti in here too (VGA connector though).
It hasn't always done it though. :mellow:

Holy schnit, he's got Wideband (ADSL's not fast enough to be called broad). If I hit the lotto i am SO going to fly your ass over here to use Penn State's network... mmm... QUAD REDUNDANT OC192!

Anyway, MS announced a vulnerability in the way windows handles cursors that could possibly be related to this. Patch your stuff, mang.

Holy schnit, he's got Wideband (ADSL's not fast enough to be called broad). If I hit the lotto i am SO going to fly your ass over here to use Penn State's network... mmm... QUAD REDUNDANT OC192!

Anyway, MS announced a vulnerability in the way windows handles cursors that could possibly be related to this. Patch your stuff, mang. :D 1.1 Mbps after 56K feels soooooooooooooooooooooooooooooooooooooo good though. :lol:


Got a linky? I'll hit the mskb now but I'm nearly always patched to the hilt unless the machine in question's in the DMZ. :unsure:

[Edit] This one? http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx

Doesn't apply to SP2 (but it was doing it before I patched)

:D 1.1 Mbps after 56K feels soooooooooooooooooooooooooooooooooooooo good though. :lol:


Got a linky? I'll hit the mskb now but I'm nearly always patched to the hilt unless the machine in question's in the DMZ. :unsure:

[Edit] This one? http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx

Doesn't apply to SP2 (but it was doing it before I patched)

Ah. Good man. That is definitly the patch. You might want to watch you outgoing traffic for a bit, especially outbound to destination port 6667. You mighta gotten r00ted :mad: :h34r:.

I have to deal with that shit all time, unfortunately the answer is always to nuke it. even if you remove the initial infection, god knows what they've left behind. If you need a backup device, lemme know. i've got some good stuff.

My monitor flicking on and off looks more and more like it was a fault with the actual tft. I just had it swapped today (Sharp does a great 3yr onsite swap-out warranty http://wizdforums.co.uk/images/smilies/cool2.gif) and it hasn't been behaving anywhere near as badly as the other one did. No random fluctuations in screen alignment or hissy fits when running Outlook.

Did you try the patch Star suggested or has it been remedied another way? http://wizdforums.co.uk/images/smilies/unsure.gif

Well, I need to get my router and a bunch of blank DVDs so I can back up.
I've just locked things down as best I can for the meantime. :o)

Nobody ever heard of this SimpleRecordDatabase module then?
Neither google or the mskb seem to have heard of it still. :unsure:

Would a 20GB/40GB tape drive and 10 tapes or so cover you? I could post them if you like, along with a SCSI card. Might get a shade expensive though.

SimpleRecordDatabase... nope. never heard of it. If I ever find it one of my users machine's, I'll exclaim "ITS GOT PUGS DISEASE!!!" and run...

Nah, it's cool m8. Thx tho'.
I have about 80Gb of images to burn off, then I'll back up across the network.
I need to consolidate all my files where I've been working on different machines individually while they were all stored separately.

Damn. That's one thing I'd rather not be associated with! :wacko: (unless it's harmless and we cure it). ;)

If you're still worried about what you've got running, you could always try the ServiceFilter script;

http://www.antispyware.nextdesigns.net/showsoftware.php?id=10

It's for NT systems and compares the running processes with a list of known good ones, outputting info about the ones it doesn't recognise to a text file.

i would recommend always using your spyware programs when in safemodebecause apparently it helps but i have no idea why so dont ask:blink:

i would recommend always using your spyware programs when in safemodebecause apparently it helps but i have no idea why so dont ask:blink:When running in safe mode windows will only load drivers/modules/programs specific to getting the OS up and working, therefore it prevents most if not all spyware/executables from running at start up.
Some spyware can't be removed whilst it's loaded up so by running in safe mode you guarantee it isn't running and thus you can run the anti-spyware to greatest effect.

Running anti-spyware off of a BartPE CD works very well too.

well i dis like the microsoft anti sypware program because some reports show it says non sypware things are spyware

things such as msn plus and even firefox (although i think that might be a hox)

It's never reported Firefox as a threat on my comp so that sounds like crap to me. It's true that it may pick up on things that aren't actually spyware but it does this for a reason. The reason being that they display characteristics reminiscent of a threat - e.g. TightVNC, because it allows a remote connection to be established with my system.
All you need to do is tell M$ Anti-spyware to ignore it in future as I've done for just 3 of my installed applications. (and I have plenty of crap installed on this thing )

It's by far the most thorough anti-spyware tool i've used and although M$ can't really take credit for developing it since they bought out the company who did, it's still an excellent tool and one you should try regardless of what all those M$ haters out there say. http://wizdforums.co.uk/images/smilies/wink.gif

I've been using that and SysInternals RootkitRevealer.
I actually provided some feedback to the MS development/porting team as it flagged a couple of things due to a machine I was working on having once had ObjectDesktop installed reporting shell32.dll & the antispyware prog as being suspicious in the advanced tools bit.

I found at least two spelling mistakes in the interface too... :p


I had it flag MsgPlus, TightVNC and the updater for my Accounting package but if you read the details, it does say that they may well be legit.
I think in the case of Plus & VNC, it's because they're providing services that MS offer in their own s/ware... ;)
Will have to try running it on a PC with OpenOffice installed & see what it makes of that. :rolleyes: :lol:


I still never found the source of the SRDBM... I just blocked it with Kerio and haven't had a warning since. I hate not knowing though. :(

As far as the screen prob - I switched the 19" to my 9800Pro and have a TFT on the GF3 and it's not done it since (though I may have changed driver versions too, so I can't really put my finger on anything there either).