Solved

iTivity program connects to remote server on PC without permission.

Posted on 2007-04-10
7
633 Views
Last Modified: 2010-04-11
Well, I think I will feel stupid either way with this question. Have an 8 compuer LAN with SBS 2003 R2 connected to 8 Windows XP Pro computers with a Cisco PIX 501 router configured in default set up and Symantec 10.1 Corporate Edition.

As the pseudo IT person, I am the only administrator and pretty much the only one downloading and installing software on any computer.

I was working on one of the workstations when I noticed an Icon which wasn't there yesterday. It was a help icon for a company called iTivity. I looked it up, and it seems to be software for remote computer viewing. When I clicked on the icon to open the help file, it connected to iserver.emdeonps.net. It had the name of the computer and the domain along with an 11 digit number. We do have some billing software on the PC, but it only sends data via a modem and not over our broadband cable connection.

There seems to be tons of information about it on the Internet about it with its own site, etc. But, I don't really feel comfortable with a program connecting to a server that I didn't install. It said on the site that it can be downloaded to your PC with one click from certain web sites.

Anyway, sorry about my ignorance about this. I hope there is some reasonable explanation. Until, then I have turned off the computer.
0
Comment
Question by:Bert2005
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 70

Accepted Solution

by:
Merete earned 250 total points
ID: 18887368
Hello Bert, I do feel your pain nothing more frustrating than unknowns, personally cant say I have heard of this either but how it was installed is somewaht puzzeling If your the only the IT administrator there, has there been any other IT staff before you any bosses with admin privs?
Who else uses that particular computer?
If you feel it should not be there you can dis-able by add ing it to the firewall restrictions list.
It coudl be spyware and related to data mining.
download HijackThis 1.99.1,from the direct link top right corner
http://www.hijackthis.de/ 
save it to a folder on your desktop and then install to that.
run the scan and save a log but dont fix
copy the entire log and paste it there as well>>   http://www.hijackthis.de/ 
below the panel  hit analyze, now just scroll down to
have a look at the results of the analyzed log.
--------------------------------------------------------------

What is iTivity?
iTivity is a software product that allows system administrators to deploy remote administration tools either within an intranet or safely across firewalls over the Internet. Deployment is simple, with one-click installation from an e-mail or web page.
Its all here please read it then decide your actions.
http://www.tridia.com/iTivityUserGuide/welcome.htm
Installing and Running iTivity Manager
http://www.tridia.com/iTivityUserGuide/ch3InstallingiTivityManager.htm

but I find it hard to believe this program is installed without some kind management involved.
Post back the hijackthis results.
Merete
0
 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 250 total points
ID: 18887886
Bert,

with 'I am the only administrator' do you mean that all other users are NOT local administrator on their PC's?
If not so, then anyone can install this. You would have to look in your internal organisation.
Similar, if the local admin password of the PC's is known or empty then again anyone could have done it.

If you are the only administrator and noone else knows the admin passwords, then you should be worried.
iTivity by itself is not known to be malware - it's a legitimate remote management tool - but it could be used for malicious purpose and been installed by exployting a vulnerability. Then it's indeed a good idea to post your hijackthis log. Altough that would not show the possible entry point, it can be a good start to see if anything else malicious is installed.

Fyi, that server is located in Tampa, Florida. Does this ring a bell?

J.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 18888932
J and Merete,

See, I told you I would feel stupid. My office biller installed a program for sending online billing to insurance companies. Apparently, this was part of that. Whew!

I am somewhat computer savvy, but this domain SBS thing is a bit confusing for me at times (well most of the time) when I was used to peer-to-peer where I worked before. I guess I am wasn't completely sure about the local admin vs the server admin thing. Obviously, they can't log into the server, etc.

I do feel a little nervous about users being able to download anything they want.

Thanks for the quick response.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 1

Author Comment

by:Bert2005
ID: 18888935
I guess when you split points evenly, the first person chosen gets accepted? Well, both were equally as helpful.
0
 
LVL 70

Expert Comment

by:Merete
ID: 18891112
Bert I think you showed good concerns and a healthy attitude, they better apprecoate you as this quality is rare these days most peopel dont give ?? so long as they can make a quick buck.
Malware threats are so disguided and numerous now one can never be complacent.
Thank you have a nice day.
Merete


0
 
LVL 1

Author Comment

by:Bert2005
ID: 18891468
Merete,

Thank you very much for the compliment. I try.
0
 
LVL 70

Expert Comment

by:Merete
ID: 18896283
;)
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question