iTivity program connects to remote server on PC without permission.

Well, I think I will feel stupid either way with this question. Have an 8 compuer LAN with SBS 2003 R2 connected to 8 Windows XP Pro computers with a Cisco PIX 501 router configured in default set up and Symantec 10.1 Corporate Edition.

As the pseudo IT person, I am the only administrator and pretty much the only one downloading and installing software on any computer.

I was working on one of the workstations when I noticed an Icon which wasn't there yesterday. It was a help icon for a company called iTivity. I looked it up, and it seems to be software for remote computer viewing. When I clicked on the icon to open the help file, it connected to iserver.emdeonps.net. It had the name of the computer and the domain along with an 11 digit number. We do have some billing software on the PC, but it only sends data via a modem and not over our broadband cable connection.

There seems to be tons of information about it on the Internet about it with its own site, etc. But, I don't really feel comfortable with a program connecting to a server that I didn't install. It said on the site that it can be downloaded to your PC with one click from certain web sites.

Anyway, sorry about my ignorance about this. I hope there is some reasonable explanation. Until, then I have turned off the computer.
LVL 1
Bert2005Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MereteCommented:
Hello Bert, I do feel your pain nothing more frustrating than unknowns, personally cant say I have heard of this either but how it was installed is somewaht puzzeling If your the only the IT administrator there, has there been any other IT staff before you any bosses with admin privs?
Who else uses that particular computer?
If you feel it should not be there you can dis-able by add ing it to the firewall restrictions list.
It coudl be spyware and related to data mining.
download HijackThis 1.99.1,from the direct link top right corner
http://www.hijackthis.de/ 
save it to a folder on your desktop and then install to that.
run the scan and save a log but dont fix
copy the entire log and paste it there as well>>   http://www.hijackthis.de/ 
below the panel  hit analyze, now just scroll down to
have a look at the results of the analyzed log.
--------------------------------------------------------------

What is iTivity?
iTivity is a software product that allows system administrators to deploy remote administration tools either within an intranet or safely across firewalls over the Internet. Deployment is simple, with one-click installation from an e-mail or web page.
Its all here please read it then decide your actions.
http://www.tridia.com/iTivityUserGuide/welcome.htm
Installing and Running iTivity Manager
http://www.tridia.com/iTivityUserGuide/ch3InstallingiTivityManager.htm

but I find it hard to believe this program is installed without some kind management involved.
Post back the hijackthis results.
Merete
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PowerITCommented:
Bert,

with 'I am the only administrator' do you mean that all other users are NOT local administrator on their PC's?
If not so, then anyone can install this. You would have to look in your internal organisation.
Similar, if the local admin password of the PC's is known or empty then again anyone could have done it.

If you are the only administrator and noone else knows the admin passwords, then you should be worried.
iTivity by itself is not known to be malware - it's a legitimate remote management tool - but it could be used for malicious purpose and been installed by exployting a vulnerability. Then it's indeed a good idea to post your hijackthis log. Altough that would not show the possible entry point, it can be a good start to see if anything else malicious is installed.

Fyi, that server is located in Tampa, Florida. Does this ring a bell?

J.
0
Bert2005Author Commented:
J and Merete,

See, I told you I would feel stupid. My office biller installed a program for sending online billing to insurance companies. Apparently, this was part of that. Whew!

I am somewhat computer savvy, but this domain SBS thing is a bit confusing for me at times (well most of the time) when I was used to peer-to-peer where I worked before. I guess I am wasn't completely sure about the local admin vs the server admin thing. Obviously, they can't log into the server, etc.

I do feel a little nervous about users being able to download anything they want.

Thanks for the quick response.
0
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

Bert2005Author Commented:
I guess when you split points evenly, the first person chosen gets accepted? Well, both were equally as helpful.
0
MereteCommented:
Bert I think you showed good concerns and a healthy attitude, they better apprecoate you as this quality is rare these days most peopel dont give ?? so long as they can make a quick buck.
Malware threats are so disguided and numerous now one can never be complacent.
Thank you have a nice day.
Merete


0
Bert2005Author Commented:
Merete,

Thank you very much for the compliment. I try.
0
MereteCommented:
;)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.