Solved

Testdrive Client from runaware.com

Posted on 2009-05-17
3
5,745 Views
Last Modified: 2013-11-08
Has anyone got information on the items mentioned in the title to this question? I have a client that came in town with a laptop that was infected w/spyware and I couldn't get it cleaned to my satisfaction so I got a new hard drive, added memory and reloaded the machine from system recovery disks. I didn't think a new drive was necessary, but because of some of the symptoms the machine displayed and the situation (the client came in from Bahama's and was returning quickly and needed his laptop) I didn't want the possibility of the drive having a problem to cause a problem.
Four days after he returned I got a call and he said the machine is not working. When he broght it back it had no desktop icons or start bar so I booted to safe mode. It started fine so I went to system recovery and saw that something was installed on the day he had the problem. It was called TestDrive client. I restored to that day and the machine booted fine. I'm trying to figure what this program installs and where it puts it, also if anyone else has had a problem with this program. The client and his wife have no idea how the program got installed and also have mentioned not wanting to pay me for my services since the machine failed shortly after they began using it again. I'm also unsure if this program is what messed up the machine. All I know is I put in a lot of time sensitive work and made decisions based on his pressing schedule and am now in the hot seat with the possibliltiy of non payment because of all this.
0
Comment
Question by:bwierzbicki
3 Comments
 
LVL 12

Accepted Solution

by:
jahboite earned 500 total points
ID: 24407642
If you still have a copy of the TestDrive client executable you could submit the file to a variety of online services that can:

tell you whether any of a selection of anti-virus products detect any part of it as malicious:
https://www.virustotal.com/

give you an idea of what the executable does which might help you to decide whether the reported actions might have caused the issue you write about:
http://anubis.iseclab.org/index.php
http://www.cwsandbox.org/?page=submit
(cwsandbox is down for maintenace as of 14 May 2009, but should be back-up soon - you might try the cwsandbox link on this page instead:
http://www.sunbeltsecurity.com/      )

Bear in mind that even if there are no hits at virustotal it doesn't necessarily follow that the file isn't malicious and if you're suspicious save the url of the results from virustotal and then periodically check back to see if there are any detections.

Let us know if that helped or not.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 24410756
http://www.runaware.com/ looks clean enough - as far as I can tell, it is a generic service to allow your customers to trial software in a virtual environment (similar to how citrix delivers applications) without having access to the installer or being able to process real data in it (short of typing it in manually and then screenshotting the output) - however, if he was installing *one* trial program, maybe he installed others and one of the others installed at the same time caused the issue. however, unless you took a snapshot of the drive before performing the rollback, I suspect the evidence is now gone to determine the cause either way.

However, I would suggest that, if their system was working when delivered, and is now working again after a restore, you could make a case that their machine *at the current time point* is as was delivered to them, and that they have already a past history of making bad download/install decisions. How you go about getting your cash is another matter, but usually if you start having to get the courts involved you will sour your relationship with the customers no matter what happens. You *do* have one other option though, assuming you retained their old hard drive, of reinstalling that, giving back the machine in its original, spyware ridden state, and writing off the time you spent as unrecoverable. They will then be in the position of either having to pay you for your work, or pay some other repair center to re-do your work (and probably pay the same or more anyhow)
0
 

Author Closing Comment

by:bwierzbicki
ID: 31582401
thanks for your comment
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now