Starting Homeseer Brings Up Windows Installer

[siliconmelt]

Maybe an attempt for HS servers that aren't open 24/7?
I'm guesing at this, but with all the problems arising and all the recent spamming on HS forum, I can't help but wonder if someone isn't trying to figure a way in HS server. Windows isn't immune either. If only hackers would go away LOL

 

[smee]

It sounds like it may just be a coincidence. Something in HS and some spyware are probably both using the same OCX/DLL/etc. and giving a similar signature.

 

[kyham]

I would be really surprised if someone was trying to get into HS sites that are not connected all the time. Much easier to get into those, like mine that are always connected. For most, HS sites are just not that exciting except to other HA fans.

I think it is just the new spy finder program CounterSpy has included some old routines that might now be standard use modules for some functions. The routines have dates of late 1998-2000 and were used for Year 2000 compliance. They are probably either similar names or routines that are still useful.

I have support requests to both HS and CounterSpy and pointed both to the HS forum thread.

 

[alexeck]

If you think there's a false positive, click Scan Results in CounterSpy, copy the info and email it to [email protected]. We are very aggressive in cleaning anything up if it's found.

Again, I'm not sure it's CounterSpy, but I would use a possible false positive as an avenue of diagnosis.

Alex Eckelberry
Sunbelt

 

[Chakara]

I have a "pristine" HS server, only 21 days old - well almost. I used it for 1 day surfing for drivers for my main PC who's hard drive died. While I used google to search - I only click links that looked like the legitimate website to get the drivers.


(Click on Picture for Full Sized Image)

My suspicion is that HS is being tagged tagging due to the use of some very old controls that may or may not also be used by spyware. Either way, they are not spyware and Sunbelt needs to fix this.

=====Begin e-mail to Sunbelt
This machine is an almost pristine install of Homeseer. The web server has never been exposed to the internet and the only surfing done from it has been for drivers for either itself or for my main machine who lost a hard drive a few days ago.

Anyway, this in combination with http://www.cocoontech.com/index.php?showtopic=1635&st=0 and the information on the link to the HS thread in this link should be enough to at the very least cause an evaluation of this false positive.

======End e-mail

Now, having seen how Sunbelt does business in the past, I suspect this will be resolved by then end of the week...

(prepares for the flames to come if date is missed)

-Chak

 

[electron]

The CSFTP32.OCX file is an activeX component which makes connecting to FTP a little easier. I can't think of one single plugin which uses this, but maybe the HS FTP scripting command relies on it.

As for ActiveLog, looks like pretty nasty spyware, but this is definitely a false positive. At least the author seems to be interested in updating his definitions asap, pretty cool!

FYI, none of the Catalyst softare should be tagged as spyware, as they provide several free controls to make things easier in VB, so many programmers will rely on this control (including spyware appearantly).

 

[alexeck]

Chakara,

Thanks for sending the info to Sunbelt, as it was invaluable in helping us track this problem down. We got your report this morning, and after researching the issue, we have confirmed the existence of a false positive. We are turning around an update to the software this evening.

In short, what is occurring is that csftp32.ocx is being flagged in the registry as a part of AtomicLog2.3, a survelience tool/keylogger. We have corrected this problem.

If you have quarantined this file in CounterSpy or have a system restore point, please contact our support department ([email protected]) for assistance in recovering it.

Our apologies.

Alex Eckelberry
Sunbelt

 

[Chakara]

Alex,

I just ran an update and another scan but still get the AtomicLog2.3