Member Avatar for Cyber 14

Hi all,

I just have a quick question about the application REGPLIB.EXE. I was browsing through ZoneAlarm's Program Control feature and I spotted this program in my System32 folder. Apparently it is something known as a 'Register Plugin Library". Now, some sites on which information about this can be found treat it as a legitimate part of windows, specifically the SoundBlaster card, which I have, an SB Audigy 2 ZS, while others classify it as malware. I was wondering if anyone has any conclusive information about this program.

A scheduled ultra-deep ZoneAlarm scan turned up no infections on my system, and a scan of the file itself in System32 showed none either.

According to the file properties, it was created on Saturday, April 3rd, 2010, the day I reinstalled my sound card, and was last modified back in 2001. A C drive search showed that it (regplib.exe) turned up in the System32 folder and in the Windows prefetch folder.

Thanks for your help.

  • 2 Contributors
  • 5 Replies
  • 131 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by PhilliePhan

Recommended Answers

All 5 Replies

Member Avatar for PhilliePhan

According to the file properties, it was created on Saturday, April 3rd, 2010, the day I reinstalled my sound card, and was last modified back in 2001. A C drive search showed that it (regplib.exe) turned up in the System32 folder and in the Windows prefetch folder.

Sounds to me as though it is legit and SB related.
When you looked at properties, was there Version info? That would probably ease your mind.

If not, upload it here for analysis ---> http://virusscan.jotti.org/

Let us know what you find.

Cheers :)
PP

Member Avatar for Cyber 14

The scans found nothing. That's a useful site.

I copied the file to my desktop and double clicked on it, and it gave me this message. (Attached as screen1)

Also, here's the ZoneAlarm program control's info on it. (attached as screen2)

Finally, here's where it is in the System32 folder. (Attached as screen3)

I'm not too worried about this one, as I seem to remember it being there for as long as I can remember. I'm just trying to be cautious as I've just come out the other end of a bout of very serious computer issues lasting several weeks.

Thanks for your help.

screen1.JPG 67.9 KB screen2.JPG 129.11 KB screen3.JPG 139.21 KB
Edited by Cyber 14 because: n/a
Member Avatar for PhilliePhan

I'm not too worried about this one, as I seem to remember it being there for as long as I can remember. I'm just trying to be cautious as I've just come out the other end of a bout of very serious computer issues lasting several weeks.
Thanks for your help.

Happy to help - It is always good to err on the side of caution these days.
Sites such as Jotti are good for checking out those iffy files. I also like the Kaspersky Online scanner as a "backup" to a resident AV app, but I think it is still offline as they are upgrading it.....

Cheers :)
PP

Member Avatar for Cyber 14

You're quite right about erring on the side of caution. Thanks for the help.

So, based on the screens I posted, what's the final verdict? System file?

I found it listed at these sites, among others, as an audio card driver.

http://forum.ea.com/eaforum/posts/list/222504.page
http://www.vistax64.com/drivers/198199-directx-9-0c-problem.html
http://forums.ubi.com/eve/forums/a/tpc/f/7961032962/m/8961031396
http://www.ataricommunity.com/forums/showthread.php?p=11757250

I think the main reason it showed up as potentially unsafe on some sites is that it could potentially become infected through a bad driver download or other malicious process. Luckily I use Zonealarm Extreme security with ForceField Browser Virtualization, so I think I'm relatively bulletproof, provided I don't let anything in on my own.

Thanks for all your help.

Member Avatar for PhilliePhan

So, based on the screens I posted, what's the final verdict? System file?

There should be version info when you check the properties - that would give you the best answer as to what it belongs to.

If all the scanners employed by Jotti deem it clean, I wouldn't worry about it.
You could rename it REGPLIB.exe.old to keep it from running if you wanted and see if anything is adversely affected. If so, change it back.

But, based on Jotti, I think it's benign.

Cheers :)
PP

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.