by   May 18 2011   
Dr. Web for Windows waited just for the minute I logged in as the Administrator on a desktop to launch it's virus attack. So much for Standard Restrictions and Standard User Settings. So who did download the Dr. Web Anti Fake as all heck Virus? We will never know but we all know who took care of this Doctor.

Dr. Web for Windows k 2011

Installing software today normally doesn't warrant checking to see if malware is installed. During an installation of a very expensive business software ads started popping up and 3 or more applications installed.

Dr. Web for Windows k 2011

Malware which can bundled with other software which I will report here after I clean off a business system late into the evening.

 

Application: Dr. Web for Windows k 2011

Location path: C:\WINDOWS\JNIZEA.EXE

Company: CompentOne LLC

Local Address Local computer 1197

Remote Address: 184.82.94.131 : 80 (No longer associated)

Connection type: TCP

Direction: Outgoing

Process ID: 1720

Should it be blocked?

Don't answer that question, if it installed without prompting the user it should be blocked and removed.

It's still interesting that the program CD Designed for Aladdin HASP License Manager service seemed to open the door to Ad-ware almost as fast as it installed.

Application: Aladdin HASP License Manager Service

Full Path: C:\WINDOWS\SYSTEM32\HASPLMS.EXE

Company: Aladdin Knowledge Systems Ltd.

Local Address: Local Computer 1033

Remote address: 255.255.255.255 : 1947

Connection: UDP

Direction: Outgoing

Process ID: 684

 

Now it's Dr. Web for Windows H 2011

Path: C:\DOCUMENTS AND SETTINGS\JONAME\LOCAL SETTINGS\TEMP\JMS.EXE

ComponentOne LLC (this was on the notes, The host was what the software attempted to connect to. No question about it at the time but I can not say if they practice the same today. Maybe they didn't know.)

Remote IP 173.212.206.108 : 80

Closing: This application was downloaded on a system that had zero permissions to install or make any adjustments to the system settings. As a fact, I made this system so you couldn't even change the screen res or background without calling. Why? This machine was designed to run assessment software for ADHD kids and adults. So tell me, do you think a ADHD kid isn't going to test the security and settings at the computer they are using?

Seriously, if you use a computer for any type of assessment testing you need to never allow any user permissions on the login for testing. I have seen so many issues with personal information and assessment computers that you're just a sitting duck for a breach. Be safe, lock everything down and if that's not enough disconnect the system from any network. It's your IT job to protect information, just let me sit behind one of your testing stations and I'll show you just how easy I can post your full database online! (Not that I would but it's a Proof of Concept you can not ignore)

Dr. Web for Windows waited just for the minute I logged in as the Administrator on a desktop to launch it's virus attack. So much for Standard Restrictions and Standard User Settings. So who did download the Dr. Web Anti Fake as all heck Virus? We will never know but we all know who took care of this Doctor.