Today a client reported an error message "Adagio Backup DLL not found" when they tried to make a backup in Adagio.

I noticed that the SSIQBACK.DLL file was missing from their \Softrak\System folder. I replaced it with mine.

The next time they tried to make a backup, McAfee popped up to complain about the file, and removed it (again).

I'm guessing there was some sort of Anti-Virus update last night that now identifies this file as a virus.

How do I rectify this?

Steve

I've had multiple clients call about this as well. Windows defender also mis-identifies the file as a trojan.

Mark the file as "Safe" or exclude the \Softrak\System Folder from your virus checker.

Our SSIQBACK.DLL file is missing too. How do I get it back?

Reinstalled GL and AP still same error "backup DLL missing" Any solution?

Check your antivirus quarantine and move it back from there.

Hi,

It's possible that this is a much bigger problem than being presented.

I have now seen this problem with Sophos and MS AV programs and Steve Schwartz has observed the problem with Mcafee as well.

(FYI - Tuesday is commonly known as Microsoft Security update day)

In my attempt to copy the SSIQBACK.DLL file on my own Server to replace it for one of our clients who needed the file replaced after trying to run their Backup this morning. MS System Center Endpoint Protection intervened and removed the file as well as modified the Windows Registry entries. Please see below for details:

Category: Trojan Downloader
Description: This program is dangerous and downloads other programs.
Recommended action: Remove this software immediately.

System Center Endpoint Protection detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
file:F:\Softrak\system\SSIQBACK.DLL
regkey:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\F:\Softrak\system\SSIQBACK.DLL
shareddll:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\F:\Softrak\system\SSIQBACK.DLL

To correct the above I have done the following:
Before recovering the SSIQBACK.DLL file from last night's Image Backup of the Guest Machine, the SSIQBACK.DLL file was excluded from the AV program on the Host Machine & Guest Servers. This allowed the replacement of the deleted file on the Guest Machine successfully.

The question I have is how best to deal with the Adagio Windows Registry entries that the AV reported as changed? Softrak, please advise action required.

Unfortunately, after replacing the file on our Server, when I try to open any Adagio module, it now requests a WKSETUP. Softrak, please advise action required

One last thing,
in response to Andrew's suggestion to exclude the \Softrak\System folder,
I have been advised by our System Support technical people that the exclusion of any Folder from AV checking potentially creates an unacceptable opportunity for Hackers to save an Virus program to that Folder and as it is an AV excluded Folder their Virus programs can run without AV intervention. Softrak, please advise action required.

I suggest everyone immediately add an exclusion to their AV programs on all Workstation & Servers that run Adagio for SSIQBACK.DLL file. Ideally prior to an Adagio Backup being run.

Warmest regards,
Kerry Gullins
IOS Consulting Group.inc.

ps.s It might be advisable to move this to the private Forum until a complete resolution is available and then later add an edited version to the Technical Forum.

Hi, Kerry,

We use Sophus also and it certainly hasn't interfered with my use of Adagio's backup function (have used it several times today already).

I've been telling people basically what Andrew did earlier. I've asked them to ensure that the full path and filename to the dll (ie. ...Softrak\System\SSIQBACK.DLL) is included in the AV s/w's list of exclusions and then to put the file back in the Softrak\System folder. In one instance only, I had to upload the dll for the person.

What you might also want to do, for any of you that are affected and if you're using a purchased antivirus software, is to contact the antivirus software developer and let them know that they are delivering a false positive. The file's an older one but it is signed and there is no virus.

Thanks for you detailed post.

Hello Support,

I have two clients now where I have put the file back and put full exclusions in place including unc pathing and mapped drive pathing to the UNC.

The file is in the proper directory in both cases, but the backup will not run and says the dll is not found.

On one client I receive an additional message first: The first and second messages are in the link below

[img]https://www.dropbox.com/s/ojk8ftjf5dx72pn/Backup.png?dl=0[/img]

Hi, Ken,

Do they have things set up on the server and on w/s's? Are they using primarily one s/w but, as sometimes it turns out, Defender has been enabled the w/s?

Makes it more of a pain to track down I know.

Thanks for providing the screenshot. I'll pass them on to R&D.

Please let me know on the other things.