VMware Workstation 5

[MageJubi]

Since a good number of people use VMware Workstation 5 to test unattended installs, app switches, etc., I thought I might mention something I ran across (at least in the final release 5.0.0.13124 ). After VM5 is installed, go to it's folder in "program files". I find a driver called "libeay32.dll"...so does Tenebrils' Spycatcher (almost 86,000 fingerprints in their database). It's listed spyware name is "RainbowCrack 1.01"--a password guesser. I isolated "libeay32.dll" on a floppy and ran a spyware check on just the floppy. Yep, it popped up as spyware. I deleted "libeay32.dll" from the VMware folder, and the program "seems" to work just fine without it. BTW, I bought and downloaded VM5 direct from VMware a month ago, and just redownloaded and installed the .exe an hour ago, with "libeay32.dll" again waiting for me. I also found that "smaller database" spyware tools such as the one in Trend Micro's Pccillin 2005, seem to miss it. Anyone else with a similar VM5 experience, or more info on "libeay32.dll"?

[Noise]

Interesting. I have this too. The file is very suspicious, it has no embeded file version, company, internal name, etc... anywhere in the file.

There's also another suspicious file in the bin directory (next to the libeay32.dll) called ssleay32.dll. This file is encrypted with no identifing information.

[dman]

libeay.dll is the encryption library for OpenSSL Secure Socket Layer. It is included in other products as well. On my computer it is used by VMWare as well as Dreamweaver, Apache & PHP. You may also find it in FTP programs like FileZilla or remote access programs.

http://www.liutilities.com/products/wintas...brary/libeay32/