Solved

iTivity program connects to remote server on PC without permission.

Posted on 2007-04-10
7
613 Views
Last Modified: 2010-04-11
Well, I think I will feel stupid either way with this question. Have an 8 compuer LAN with SBS 2003 R2 connected to 8 Windows XP Pro computers with a Cisco PIX 501 router configured in default set up and Symantec 10.1 Corporate Edition.

As the pseudo IT person, I am the only administrator and pretty much the only one downloading and installing software on any computer.

I was working on one of the workstations when I noticed an Icon which wasn't there yesterday. It was a help icon for a company called iTivity. I looked it up, and it seems to be software for remote computer viewing. When I clicked on the icon to open the help file, it connected to iserver.emdeonps.net. It had the name of the computer and the domain along with an 11 digit number. We do have some billing software on the PC, but it only sends data via a modem and not over our broadband cable connection.

There seems to be tons of information about it on the Internet about it with its own site, etc. But, I don't really feel comfortable with a program connecting to a server that I didn't install. It said on the site that it can be downloaded to your PC with one click from certain web sites.

Anyway, sorry about my ignorance about this. I hope there is some reasonable explanation. Until, then I have turned off the computer.
0
Comment
Question by:Bert2005
  • 3
  • 3
7 Comments
 
LVL 69

Accepted Solution

by:
Merete earned 250 total points
ID: 18887368
Hello Bert, I do feel your pain nothing more frustrating than unknowns, personally cant say I have heard of this either but how it was installed is somewaht puzzeling If your the only the IT administrator there, has there been any other IT staff before you any bosses with admin privs?
Who else uses that particular computer?
If you feel it should not be there you can dis-able by add ing it to the firewall restrictions list.
It coudl be spyware and related to data mining.
download HijackThis 1.99.1,from the direct link top right corner
http://www.hijackthis.de/
save it to a folder on your desktop and then install to that.
run the scan and save a log but dont fix
copy the entire log and paste it there as well>>   http://www.hijackthis.de/
below the panel  hit analyze, now just scroll down to
have a look at the results of the analyzed log.
--------------------------------------------------------------

What is iTivity?
iTivity is a software product that allows system administrators to deploy remote administration tools either within an intranet or safely across firewalls over the Internet. Deployment is simple, with one-click installation from an e-mail or web page.
Its all here please read it then decide your actions.
http://www.tridia.com/iTivityUserGuide/welcome.htm
Installing and Running iTivity Manager
http://www.tridia.com/iTivityUserGuide/ch3InstallingiTivityManager.htm

but I find it hard to believe this program is installed without some kind management involved.
Post back the hijackthis results.
Merete
0
 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 250 total points
ID: 18887886
Bert,

with 'I am the only administrator' do you mean that all other users are NOT local administrator on their PC's?
If not so, then anyone can install this. You would have to look in your internal organisation.
Similar, if the local admin password of the PC's is known or empty then again anyone could have done it.

If you are the only administrator and noone else knows the admin passwords, then you should be worried.
iTivity by itself is not known to be malware - it's a legitimate remote management tool - but it could be used for malicious purpose and been installed by exployting a vulnerability. Then it's indeed a good idea to post your hijackthis log. Altough that would not show the possible entry point, it can be a good start to see if anything else malicious is installed.

Fyi, that server is located in Tampa, Florida. Does this ring a bell?

J.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 18888932
J and Merete,

See, I told you I would feel stupid. My office biller installed a program for sending online billing to insurance companies. Apparently, this was part of that. Whew!

I am somewhat computer savvy, but this domain SBS thing is a bit confusing for me at times (well most of the time) when I was used to peer-to-peer where I worked before. I guess I am wasn't completely sure about the local admin vs the server admin thing. Obviously, they can't log into the server, etc.

I do feel a little nervous about users being able to download anything they want.

Thanks for the quick response.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 1

Author Comment

by:Bert2005
ID: 18888935
I guess when you split points evenly, the first person chosen gets accepted? Well, both were equally as helpful.
0
 
LVL 69

Expert Comment

by:Merete
ID: 18891112
Bert I think you showed good concerns and a healthy attitude, they better apprecoate you as this quality is rare these days most peopel dont give ?? so long as they can make a quick buck.
Malware threats are so disguided and numerous now one can never be complacent.
Thank you have a nice day.
Merete


0
 
LVL 1

Author Comment

by:Bert2005
ID: 18891468
Merete,

Thank you very much for the compliment. I try.
0
 
LVL 69

Expert Comment

by:Merete
ID: 18896283
;)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now