Solved

iTivity program connects to remote server on PC without permission.

Posted on 2007-04-10
7
617 Views
Last Modified: 2010-04-11
Well, I think I will feel stupid either way with this question. Have an 8 compuer LAN with SBS 2003 R2 connected to 8 Windows XP Pro computers with a Cisco PIX 501 router configured in default set up and Symantec 10.1 Corporate Edition.

As the pseudo IT person, I am the only administrator and pretty much the only one downloading and installing software on any computer.

I was working on one of the workstations when I noticed an Icon which wasn't there yesterday. It was a help icon for a company called iTivity. I looked it up, and it seems to be software for remote computer viewing. When I clicked on the icon to open the help file, it connected to iserver.emdeonps.net. It had the name of the computer and the domain along with an 11 digit number. We do have some billing software on the PC, but it only sends data via a modem and not over our broadband cable connection.

There seems to be tons of information about it on the Internet about it with its own site, etc. But, I don't really feel comfortable with a program connecting to a server that I didn't install. It said on the site that it can be downloaded to your PC with one click from certain web sites.

Anyway, sorry about my ignorance about this. I hope there is some reasonable explanation. Until, then I have turned off the computer.
0
Comment
Question by:Bert2005
  • 3
  • 3
7 Comments
 
LVL 70

Accepted Solution

by:
Merete earned 250 total points
ID: 18887368
Hello Bert, I do feel your pain nothing more frustrating than unknowns, personally cant say I have heard of this either but how it was installed is somewaht puzzeling If your the only the IT administrator there, has there been any other IT staff before you any bosses with admin privs?
Who else uses that particular computer?
If you feel it should not be there you can dis-able by add ing it to the firewall restrictions list.
It coudl be spyware and related to data mining.
download HijackThis 1.99.1,from the direct link top right corner
http://www.hijackthis.de/ 
save it to a folder on your desktop and then install to that.
run the scan and save a log but dont fix
copy the entire log and paste it there as well>>   http://www.hijackthis.de/ 
below the panel  hit analyze, now just scroll down to
have a look at the results of the analyzed log.
--------------------------------------------------------------

What is iTivity?
iTivity is a software product that allows system administrators to deploy remote administration tools either within an intranet or safely across firewalls over the Internet. Deployment is simple, with one-click installation from an e-mail or web page.
Its all here please read it then decide your actions.
http://www.tridia.com/iTivityUserGuide/welcome.htm
Installing and Running iTivity Manager
http://www.tridia.com/iTivityUserGuide/ch3InstallingiTivityManager.htm

but I find it hard to believe this program is installed without some kind management involved.
Post back the hijackthis results.
Merete
0
 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 250 total points
ID: 18887886
Bert,

with 'I am the only administrator' do you mean that all other users are NOT local administrator on their PC's?
If not so, then anyone can install this. You would have to look in your internal organisation.
Similar, if the local admin password of the PC's is known or empty then again anyone could have done it.

If you are the only administrator and noone else knows the admin passwords, then you should be worried.
iTivity by itself is not known to be malware - it's a legitimate remote management tool - but it could be used for malicious purpose and been installed by exployting a vulnerability. Then it's indeed a good idea to post your hijackthis log. Altough that would not show the possible entry point, it can be a good start to see if anything else malicious is installed.

Fyi, that server is located in Tampa, Florida. Does this ring a bell?

J.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 18888932
J and Merete,

See, I told you I would feel stupid. My office biller installed a program for sending online billing to insurance companies. Apparently, this was part of that. Whew!

I am somewhat computer savvy, but this domain SBS thing is a bit confusing for me at times (well most of the time) when I was used to peer-to-peer where I worked before. I guess I am wasn't completely sure about the local admin vs the server admin thing. Obviously, they can't log into the server, etc.

I do feel a little nervous about users being able to download anything they want.

Thanks for the quick response.
0
Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

 
LVL 1

Author Comment

by:Bert2005
ID: 18888935
I guess when you split points evenly, the first person chosen gets accepted? Well, both were equally as helpful.
0
 
LVL 70

Expert Comment

by:Merete
ID: 18891112
Bert I think you showed good concerns and a healthy attitude, they better apprecoate you as this quality is rare these days most peopel dont give ?? so long as they can make a quick buck.
Malware threats are so disguided and numerous now one can never be complacent.
Thank you have a nice day.
Merete


0
 
LVL 1

Author Comment

by:Bert2005
ID: 18891468
Merete,

Thank you very much for the compliment. I try.
0
 
LVL 70

Expert Comment

by:Merete
ID: 18896283
;)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now