Published on February 11, 2005 By Zinto In Stardock Support General
I'm using norton antivirus and check my computer every week.
Today, my norton antivirus found spyware, jpgutils.dll from my computer.
I don't know how this file was installed in my com.
When I checked this file in google, some websites said it is normally used in converting some picture files like bmp or jpg.
I suspect this jpgutils.dll from object desktop.
Is this really from one of stardock programs? and is it necessary file to work in object desktop?
Or is it ok I get rid of this from my com?

Comments
on Feb 12, 2005
Thats interesting, the exact same thing happened to me yesterday and AFAIK the only new installations over the last few days has been Stardock software.

Norton detected this file as being at risk from ABCKeylogger spyware.

I have quarantined the file but would appreciate an official word from stardock as to whether this file is part of any of their distributions or coincidental.


Posted via WinCustomize Browser/Stardock Central
on Feb 12, 2005
jpgutils.dll is an important system file and part of Windows, do not delete it or some things will stop working! This is NAV incorrectly identifying a safe file as being at risk
on Feb 12, 2005
I think I found what component installed this file.

Hi, PhlangePhace. Did you install bootskin?

I uninstalled & reinstalled some components from stardock & check NAV (ah... what I'm doing in this weekend...)
I didn't check all of components, but I think theme manager, windowblinds, iconpackager, desktopX are ok, they don't install this file.
BUT "BOOTSKIN" installed this, when i repaired this bootskin in control panel, it reinstalled jpgutils.dll.

I think (not quite sure!) jpgutils.dll can be considered as a normal work file.
I hope I can hear official word from stardock about this happening.

Thanks a lot! PhlangePhace & Wizop Fuzzy Logic!
on Feb 12, 2005
http://www.iamnotageek.com/a/file_info.php
Link to a list of file types, both good and bad.
on Feb 12, 2005
There's not a lot of info out there about this, but I did find 2 messageboad posts that might shed a little light on the subject...

JPGutils.dll is used by several programs not as a key logger - but as a converter library file for converting bitmaps to jpeg formats for use only as the program reguires to have it so as not to use the bitmap. Which the bitmap is a larger file and needs more to run it in the program. Thus the program fails to run due to error of file capacity. So with the conversion by the JPGutilty to a jpeg file it use's less space and the program will run as it should.
Now where is the key logger part of this - someone got confused at symantec and has yet to make the changes. Now I have seen where this Jpgutils.dll does work with a keylogger program to convert the file it would send out of ones computer.

I use JPGUtils.DLL as a tool to convert bitmaps captured from a webcam into JPEGs. I found it on PlanetSourceCode.COM and have been using it successfully for 5 years in a VB6 application I wrote.
on Feb 12, 2005
Hi, PhlangePhace. Did you install bootskin?

I uninstalled & reinstalled some components from stardock & check NAV (ah... what I'm doing in this weekend...)
I didn't check all of components, but I think theme manager, windowblinds, iconpackager, desktopX are ok, they don't install this file.
BUT "BOOTSKIN" installed this, when i repaired this bootskin in control panel, it reinstalled jpgutils.dll.


Indeed I do have BootSkin installed and running.
However, I did uninstall and reinstall BootSkin to test this theory and yet the file in question has not reappeared!?

Mmm, strange



Posted via WinCustomize Browser/Stardock Central
on Feb 12, 2005
Since bootskin images are low quality 4-bit 16 color bitmap images applied when the systems video driver can only handle such an image, I don't see where a dll that converts bitmaps to jpegs would fall into play with that program.
on Feb 12, 2005
Sorry, PhlangePhace

You're right. When I reinstalled bootskin, there was no jpgutils.dll...
Hmm... Strange... That time, I didn't test bootskin by reinstalling. I did repair in control panel in windows xp (in add or remove program).

Ya... still in mystery... where did it come from?
on Feb 12, 2005
I've got it......... If you load a jpg in LogonStudio, and try to save the skin, JPGUtils.dll loads and converts the jpg to bmp....... (obviously it works both ways)
I read this in a newsgroup post by TheGreenReaper, and then confirmed it for myself using a tool called "Process Explorer".

Mystery sovled as far as I'm concerned. (If anyone wants to believe that it's spyware that activates when you save a jpg in LogonStudio, be my guest.

on Feb 13, 2005
I've got it......... If you load a jpg in LogonStudio, and try to save the skin, JPGUtils.dll loads and converts the jpg to bmp.


Thats it ...repaired my LogonStudio install and indeed, the file in question has reappeared in windows/system32 folder.

Mystery solved, thanks Koasati, as I suspected this file was included in a StarDock distribution. And as you have discovered a legitimate reason for this file to be present, we can all safely assume that NAV is incorrect in identifying this file as malicious.

I wonder whether anyone has actually bothered reporting this to Symantec, for their information?


Posted via WinCustomize Browser/Stardock Central
on Feb 13, 2005
Yet another reason I don't use Norton anymore.

Good info all around gang.
on Feb 13, 2005
I SEE!

THANKS A LOT!
Everyone is GREAT!