• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5842
  • Last Modified:

Testdrive Client from runaware.com

Has anyone got information on the items mentioned in the title to this question? I have a client that came in town with a laptop that was infected w/spyware and I couldn't get it cleaned to my satisfaction so I got a new hard drive, added memory and reloaded the machine from system recovery disks. I didn't think a new drive was necessary, but because of some of the symptoms the machine displayed and the situation (the client came in from Bahama's and was returning quickly and needed his laptop) I didn't want the possibility of the drive having a problem to cause a problem.
Four days after he returned I got a call and he said the machine is not working. When he broght it back it had no desktop icons or start bar so I booted to safe mode. It started fine so I went to system recovery and saw that something was installed on the day he had the problem. It was called TestDrive client. I restored to that day and the machine booted fine. I'm trying to figure what this program installs and where it puts it, also if anyone else has had a problem with this program. The client and his wife have no idea how the program got installed and also have mentioned not wanting to pay me for my services since the machine failed shortly after they began using it again. I'm also unsure if this program is what messed up the machine. All I know is I put in a lot of time sensitive work and made decisions based on his pressing schedule and am now in the hot seat with the possibliltiy of non payment because of all this.
0
bwierzbicki
Asked:
bwierzbicki
1 Solution
 
jahboiteCommented:
If you still have a copy of the TestDrive client executable you could submit the file to a variety of online services that can:

tell you whether any of a selection of anti-virus products detect any part of it as malicious:
https://www.virustotal.com/

give you an idea of what the executable does which might help you to decide whether the reported actions might have caused the issue you write about:
http://anubis.iseclab.org/index.php
http://www.cwsandbox.org/?page=submit
(cwsandbox is down for maintenace as of 14 May 2009, but should be back-up soon - you might try the cwsandbox link on this page instead:
http://www.sunbeltsecurity.com/      )

Bear in mind that even if there are no hits at virustotal it doesn't necessarily follow that the file isn't malicious and if you're suspicious save the url of the results from virustotal and then periodically check back to see if there are any detections.

Let us know if that helped or not.
0
 
Dave HoweCommented:
http://www.runaware.com/ looks clean enough - as far as I can tell, it is a generic service to allow your customers to trial software in a virtual environment (similar to how citrix delivers applications) without having access to the installer or being able to process real data in it (short of typing it in manually and then screenshotting the output) - however, if he was installing *one* trial program, maybe he installed others and one of the others installed at the same time caused the issue. however, unless you took a snapshot of the drive before performing the rollback, I suspect the evidence is now gone to determine the cause either way.

However, I would suggest that, if their system was working when delivered, and is now working again after a restore, you could make a case that their machine *at the current time point* is as was delivered to them, and that they have already a past history of making bad download/install decisions. How you go about getting your cash is another matter, but usually if you start having to get the courts involved you will sour your relationship with the customers no matter what happens. You *do* have one other option though, assuming you retained their old hard drive, of reinstalling that, giving back the machine in its original, spyware ridden state, and writing off the time you spent as unrecoverable. They will then be in the position of either having to pay you for your work, or pay some other repair center to re-do your work (and probably pay the same or more anyhow)
0
 
bwierzbickiAuthor Commented:
thanks for your comment
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now