I just installed Spyware Doctor 5.0 with the free AV plugin and my first full scan threw up a high priority malicious file: C:\WINDOWS\Help\odbcjet.chm.

Usually if I just google a filename like this then I get lots of hits on <What is this file? Is it a virus?> type of sites but for this one I get mostly non-English language hits and the few English-language hits aren't helpful. Using the PC Tools "Learn More About This Threat" didn't yield anything either.

Can anyone give me any advice on this file? Is it safe to just remove it?

- Julian

Hi
Before removing this "threat", try submitting it to threat explorer for the PC Tools machine to chew on it at: http://www.pctools.com/threat-expert/submit/

Hello,

I just reformatted my hard drive last night and reinstalled Windows Xp, Zone Alarm Internet Suite (ZASS) and Spyware Doctor 5 with anti-virus protection. I just ran my first full scan of ZASS. It returned negative results. No spyware and no viruses. I ran my first full Spyware Doctor scan and had no spyware but it returned that my odbcjet.chm file was a vicious virus. I did not delete it. I submitted it per the link that was supplied in the previous post. This is what I got in return:

Your submission may not be processed: the submitted sample has
non-supported file format.

So, can anyone please explain what odbcjet.chm is? I can't find anything on google either.

Thanks,
DigitalGypsy

Hello,

I just reformatted my hard drive last night and reinstalled Windows Xp, Zone Alarm Internet Suite (ZASS) and Spyware Doctor 5 with anti-virus protection. I just ran my first full scan of ZASS. It returned negative results. No spyware and no viruses. I ran my first full Spyware Doctor scan and had no spyware but it returned that my odbcjet.chm file was a vicious virus. I did not delete it. I submitted it per the link that was supplied in the previous post. This is what I got in return:

Your submission may not be processed: the submitted sample has
non-supported file format.

So, can anyone please explain what odbcjet.chm is? I can't find anything on google either.

Thanks,
DigitalGypsy
Hi
This file is part of Microsoft Access Setup (do a search through windows). Possibly a false positive on your system? My SDv5 does not detect this (version 5.0.0.172 with AV version 4.3.11)

Hi All,

A .chm file is a help file (ODBC Microsoft Desktop Database Drivers Help). AV could be detecting this as a False Positive. Can you check the Status screen of SD + AV and give me the Database Version information? I will then forward this off to the MRC team to have this analyzed further.

Hi

ODBC stands for Open DataBase Connectivity

As far as I can tell just quickly, 'odbcjet.chm' is NORMALLY a Windows help file relating to MS Excel, Access, etc., connectivity ('ScreenHunter_23.jpg' shows contents and 'ScreenHunter_21.jpg' shows an individual sample).

The version on my PCs properties are as per 'ScreenHunter_20.jpg' and it's not flagged as dangerous by PCTAV or Kaspersky Online Scan http://www.kaspersky.com/scanforvirus.

Sounds like the odbcjet.chm that you've got something is different.

Hello,

Here's my SD information:

Product Version: 5.0.0.172
Database Version: 5.06940
Intelli-Signature: 439,024
AntiVirus Engine: 4.3.11

Under "settings" I have the following settings...

Scan Settings:
Scan Alternative Data Streams...checked
Scan for rootkit hidden files....checked

AntiVirus:
Enable full AntiVirus integration...checked
Scan Method = Full
Heuristics = High
Scan Archives...checked

I do have Microsoft Office 2003 installed and fully patched. If I do an Intelli scan, nothing is found, it's only when I do a full scan with the above settings that it flags the specified file. Also Zone Alarm Internet Suite, which uses the Kaspersky engine does not flag it.

Possible false positive?

Digital Gypsy