?
Solved

iTivity program connects to remote server on PC without permission.

Posted on 2007-04-10
7
Medium Priority
?
635 Views
Last Modified: 2010-04-11
Well, I think I will feel stupid either way with this question. Have an 8 compuer LAN with SBS 2003 R2 connected to 8 Windows XP Pro computers with a Cisco PIX 501 router configured in default set up and Symantec 10.1 Corporate Edition.

As the pseudo IT person, I am the only administrator and pretty much the only one downloading and installing software on any computer.

I was working on one of the workstations when I noticed an Icon which wasn't there yesterday. It was a help icon for a company called iTivity. I looked it up, and it seems to be software for remote computer viewing. When I clicked on the icon to open the help file, it connected to iserver.emdeonps.net. It had the name of the computer and the domain along with an 11 digit number. We do have some billing software on the PC, but it only sends data via a modem and not over our broadband cable connection.

There seems to be tons of information about it on the Internet about it with its own site, etc. But, I don't really feel comfortable with a program connecting to a server that I didn't install. It said on the site that it can be downloaded to your PC with one click from certain web sites.

Anyway, sorry about my ignorance about this. I hope there is some reasonable explanation. Until, then I have turned off the computer.
0
Comment
Question by:Bert2005
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 70

Accepted Solution

by:
Merete earned 1000 total points
ID: 18887368
Hello Bert, I do feel your pain nothing more frustrating than unknowns, personally cant say I have heard of this either but how it was installed is somewaht puzzeling If your the only the IT administrator there, has there been any other IT staff before you any bosses with admin privs?
Who else uses that particular computer?
If you feel it should not be there you can dis-able by add ing it to the firewall restrictions list.
It coudl be spyware and related to data mining.
download HijackThis 1.99.1,from the direct link top right corner
http://www.hijackthis.de/ 
save it to a folder on your desktop and then install to that.
run the scan and save a log but dont fix
copy the entire log and paste it there as well>>   http://www.hijackthis.de/ 
below the panel  hit analyze, now just scroll down to
have a look at the results of the analyzed log.
--------------------------------------------------------------

What is iTivity?
iTivity is a software product that allows system administrators to deploy remote administration tools either within an intranet or safely across firewalls over the Internet. Deployment is simple, with one-click installation from an e-mail or web page.
Its all here please read it then decide your actions.
http://www.tridia.com/iTivityUserGuide/welcome.htm
Installing and Running iTivity Manager
http://www.tridia.com/iTivityUserGuide/ch3InstallingiTivityManager.htm

but I find it hard to believe this program is installed without some kind management involved.
Post back the hijackthis results.
Merete
0
 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 1000 total points
ID: 18887886
Bert,

with 'I am the only administrator' do you mean that all other users are NOT local administrator on their PC's?
If not so, then anyone can install this. You would have to look in your internal organisation.
Similar, if the local admin password of the PC's is known or empty then again anyone could have done it.

If you are the only administrator and noone else knows the admin passwords, then you should be worried.
iTivity by itself is not known to be malware - it's a legitimate remote management tool - but it could be used for malicious purpose and been installed by exployting a vulnerability. Then it's indeed a good idea to post your hijackthis log. Altough that would not show the possible entry point, it can be a good start to see if anything else malicious is installed.

Fyi, that server is located in Tampa, Florida. Does this ring a bell?

J.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 18888932
J and Merete,

See, I told you I would feel stupid. My office biller installed a program for sending online billing to insurance companies. Apparently, this was part of that. Whew!

I am somewhat computer savvy, but this domain SBS thing is a bit confusing for me at times (well most of the time) when I was used to peer-to-peer where I worked before. I guess I am wasn't completely sure about the local admin vs the server admin thing. Obviously, they can't log into the server, etc.

I do feel a little nervous about users being able to download anything they want.

Thanks for the quick response.
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
LVL 1

Author Comment

by:Bert2005
ID: 18888935
I guess when you split points evenly, the first person chosen gets accepted? Well, both were equally as helpful.
0
 
LVL 70

Expert Comment

by:Merete
ID: 18891112
Bert I think you showed good concerns and a healthy attitude, they better apprecoate you as this quality is rare these days most peopel dont give ?? so long as they can make a quick buck.
Malware threats are so disguided and numerous now one can never be complacent.
Thank you have a nice day.
Merete


0
 
LVL 1

Author Comment

by:Bert2005
ID: 18891468
Merete,

Thank you very much for the compliment. I try.
0
 
LVL 70

Expert Comment

by:Merete
ID: 18896283
;)
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
Check out what's been happening in the Experts Exchange community.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question