Security

General discussion

Gravatar
0 Votes
Locked

Trojan or Spyware?

By Oldefar ·
I started having some problems with my laptop - Outlook failed with no meaningful error message. The problem started around the time a friend sent my a copy of system information so I could try and resolve a USB issue he has. The email contained ajava script to access an email service. Saved the text file with system info and deleted the message.

I decided to fix the Outlook issue and went hunting for the error log. What I found was a program folder called Motive with a bunch of log files and an application motmon.exe in it. Log file time stamps matched my failure. Motmon is apparently part of Dell Resolution Assistant, known to cause problems, and no longer used by Dell. Looking in the log files, I find all sorts of info about where I have been and what I have done. Since I don't save browser history and clean out cookies and temp folders, it was a surprise.

Hunting for info on the log files, I did a search by file name and got a single result. This was to a user account record. The account name is that of my friend, and the record shows what appears to be my directory including these Motive logs.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

continued

by Oldefar In reply to Trojan or Spyware?

I don't recognize the site, and moving back along the URL I lose access. Going straight to the home page, it is some kind of tech support site but the links offer no access and the services are not listed.

I try the other log files in motive, and the search again returns the same spot with my friend listed as the account owner.

Dell support isn't. The Motmon software firm has no technical info on their site, only that they do CRM. All reference to motmon.exe stops at telling me its notnecessary and can be uninstalled, but no info on the logs or what happens with them.

I am thinking trojan or spyware on my system. A call to the referenced site contact info only gets me a recorder and no call back.

gravatar
Collapse -

It was a bad program.

by admin In reply to continued

Quite intrusive, as you have found out. I was curious as to whether someone had crafted it into a malicious snoop program (it could be described as factory spyware) but didn't find anything at my usual haunts.

Just a guess, but since it was buggyto begin with and crashed stuff, it's probably not the best for a trojan base. Ideally you would want something that gave no indication it was there, although using a "factory spyware" might be attractive to get past the usual AV shields.

Anyway,I don't think there is anything you don't know here, but maybe it will at least get some recognition for your problem :)

Best of Luck to You!

gravatar
Collapse -

No fool like an old fool

by Oldefar In reply to It was a bad program.

I thought there might be some more input, but apparently not. Turns out the link was legit - an actual person getting a backup service from a company. Pure coincedense that he has the same name as my friend. Strange that it was the only link thatshowed up with the search by file name.

As for directory looking like mine - the backup was on a Dell, and only showed files that had changed. These were the Dell installed c:\Program\Motive\ log files generated by Dell Resolution Assistant. That is why the directory lookes so familiar.

This one goes in the file with other bizarre problems I have encountered:
- the system jamming caused whenever a specific reconnaissance operator went to the head on a particular aircraft - he insistedon carrying the large oxygen bottle and when he hung it up on the rack it pressed a cable out of its back shell until he picked it back up.
- the power supply that would not start on only one of 18 aircraft unless the console controls were connected using the mockup cable - a 2 inch difference in cable length caused the control voltage to drop below the usable minimum.
- the extra characters that intermittently appeared on the bank system when a specific admin was using the terminal - caused by her natural endowments pressing down keys when she reached to answer the telephone.
- the "network down error" message that put bank management in crisis mode for two weeks - caused by poorly written error messages that showed "network down" for any error external to the mainframe application, in this case a loose printer cover.
- the engineering system that crashed whenever and only when a particular use logged in on a particular console and pulled up a particular part - the combination ofhis user ID plus the terminal ID plus the part code spoofing the loop back tone on the analog modem line to the data center.

gravatar
Collapse -

"Network Down" Error

by admin In reply to No fool like an old fool

Reminds me at my frustration at the generic "disabled by administrator" messages within MS (and others).

Why is it that when I get an error message saying the "network is down" it makes me attempt to explore or call the admin rather than stop working? When I see "disabled by your administrator" I immediately think it is a way to protect my ability to work efficiently rather than immediately running to the lunch room to talk about ways the function I couldn't get to might be an impedimant tomy work in some possible scenario that has never existed?

I'm glad you figured out the problem, at least you don't have to wonder now :) When I suspect malicious possibility I check new order, bugtraq, security focus and the like. If it is around, or soon to be around, it usually shows up in a search of the forums IME. :)

gravatar
Collapse -

Right

by Oldefar In reply to "Network Down" Error

I rarely panic. However, when the only reference takes you to an account page, and the name is not just a friend but someone you just received some data from, it just seems too coincental.

That network down error was classic - system had been operational for about 15 years. All other data seemed to point to a problem with the Federal Reserve section, hence the crisis mode. I discovered it only because I had to hang around waiting for security to open a communications closet for me. Whilewaiting, one of the guys in that department asked if anyone was going to fix that printer now that my company was taking over IT. He showed me how it was falling apart, and as he did the data center paged me to let me know they had another network down message.

gravatar
Collapse -

Definetly Trojan

by jkaras In reply to Trojan or Spyware?

I prefer Trojan, they work great and their commercials are so funny.

gravatar
Collapse -

Won't stay on

by Oldefar In reply to Definetly Trojan

hehehe

I tried putting it on my USB port but my cable is too small and limp. Might work if I had that stiff ether hose connection of my youth.

gravatar
Collapse -

Durex

by GuruOfDos In reply to Won't stay on

...is the UK leading brand of 'rubber raincoat'...

Of course, as Julian will tell you, in Australia Durex is a brand of adhesive tape. Causes a lot of confusion, don't ya know!!

I remember the mid '70s when Lola had a Formula 1 Grand Prix racing team, which was sponsored by Durex...the condom company, not the sticky tape manufacturer.

A classic commentary from one race had the line...

"...three minutes into the action. Lola are in trouble after suffering a ****-out on the first stretch...yes, I see the car now...in the pits with a puncture."

What this has to do with Spyware is anyones guess!

gravatar
Collapse -

Zonealarm

by obi_wan93 In reply to Trojan or Spyware?

Zonealarm might solve your problem. Go to zonealarm.com

gravatar
Collapse -

Thanks for input

by Oldefar In reply to Zonealarm

As noted in the first thread, it was a wierd set of coincidences that nailed me. No trojan, no spyware, no hacker. Just a handful of unrelated things that caught me being paranoid.

I do have a firewall in place now, but only because I moved offdial up to a dedicated line.

Back to Security Forum

Start or search

Related Discussions

Related Forums