NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
 ·AT&T Southeast
 ·Vonage
 ·Cingular Wireless
·AT&T CallVantage
| [Software] AT&T Installation software is officially a virus
F-Prot just detected and quarantined the file ATTInternetInstaller.exe. I of course already knew that it was malware, but this is official confirmation. 
|
|
Pashune
Inhaling at 675 KB per sec.
Premium
join:2006-04-14
Gautier, MS | I am once again glad I never installed their software... |
|
TheDarkRide
Pimpin' ain't easy
join:2004-06-15
Fort Lauderdale, FL
| There should be a card included with every welcome packet with URLs to the online AT&T new account registration site and to the modem manufacturer's online product manual (if applicable).
I had to get the former from a tech support agent over the phone and the latter from (of course) BBR.
Perhaps this would serve as a good false positive notification for the Security forum, Fixer. That is, if we could ever get you to admit that it is in fact a FP  |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
·Cingular Wireless
·AT&T CallVantage
| said by TheDarkRide  :Perhaps this would serve as a good false positive notification for the Security forum, Fixer. That is, if we could ever get you to admit that it is in fact a FP I do not consider it to be a false positive. The AT&T install software has every earmark of malware. It is unwanted and it can only be removed by a painstaking examination of the file system and the registry. I think that F-Prot has nailed this one to the wall, which is where it belongs.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
jimk
Premium
join:2006-04-15
Raleigh, NC
·AT&T Southeast
 ·RoadRunner Cable
| reply to NetFixer
Sadly, it is a false positive. The same trojan is being detected in other applications: »forum.f-prot.com/index.php/topic,1150.0.html
Interestingly, it is being detected in uninstallers for some applications... which almost makes me wonder if there is an uninstaller hidden somewhere in this application for the crap that it installs.
I wonder if we could get them to at least include it in the "Potentially unwanted applications" category after they fix the false positive. |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
·Cingular Wireless
·AT&T CallVantage
1 edit | said by jimk :Interestingly, it is being detected in uninstallers for some applications... which almost makes me wonder if there is an uninstaller hidden somewhere in this application for the crap that it installs. There is an "uninstaller" included. The problem is it doesn't work worth a tinker's dam. It still leaves about 90% of the garbage behind, including a number of active, registered dll's.
said by jimk :I wonder if we could get them to at least include it in the "Potentially unwanted applications" category after they fix the false positive. Speak for yourself please and leave me out of it. I am quite content to have it properly identified as malware. Any unwanted software that does not have a properly functioning uninstall procedure should be classified as malware.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
BobHelms
Premium
join:2008-06-22
Cary, NC | reply to NetFixer
Has anyone consulted Ernestine on this issue? I'm sure she could provide some ambiguous insight as to what 'malware' really is. |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
·Cingular Wireless
·AT&T CallVantage
4 edits | said by BobHelms :Has anyone consulted Ernestine on this issue? I'm sure she could provide some ambiguous insight as to what 'malware' really is. Ernestine being ambiguous? Say it ain't so!
Q: Ernestine, it has been reported that your employer, AT&T, has been forcing its DSL customers to install software that they do not want and may even be harmful to their computers. Do you have anything to say about this?
A: We don't care, we don't have to. We're the phone company! 
Ernestine and I go 'way back. The mainframe computer that she crashes in the famous "We don't care" commercial spoof is one that I used to maintain.
In fact I even took part in a special demonstration setup by the manufacturer of that system to rebut some bad publicity about how easy it was to crash it based on that Ernestine commercial spoof.
The demonstrator gave a speech about how all the display/control buttons were actively locked out when the system was actually running a program, and that while the buttons could be monitored by a program and used to control program flow, simply randomly pushing them would not crash a system. We had arranged to use a customer's live system to demonstrate this fact. At the end of the speech he announced that "Even the power off button is disabled when the system is running", and he pushed the button while the customer's live system was in the middle of a very long tape sort...
Care to guess what happened?
Here is a clue: 
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
Rob
In Deo speramus, God Bless the USA
Premium
join:2001-08-25
Kendall, FL
·Comcast
| reply to NetFixer
A friend of mine received a new DSL Modem from AT&T (She's had DSL for a few years now). And ran the CD.
Whatever the CD did, royally screwed up her machine. Her windows profile is not corrupted and other problems.
She called AT&T and tech told her she shouldn't have run the CD...
--
CheckSite.us | YourIP.US |
|
David
No,there is another.
Premium,VIP
join:2002-05-30
Granite City, IL
clubs: | Question, what's the version number of the CD and if you can get me that can you get me product ID number printed underneath that would be great.
Also was this an XP system or ? |
|
Rob
In Deo speramus, God Bless the USA
Premium
join:2001-08-25
Kendall, FL
·Comcast
| said by David :Question, what's the version number of the CD and if you can get me that can you get me product ID number printed underneath that would be great. Also was this an XP system or ? Windows Media. I'll have to see if she has the CD, the tech told her to throw it out. |
|
TheDarkRide
Pimpin' ain't easy
join:2004-06-15
Fort Lauderdale, FL
| reply to NetFixer
said by NetFixer :I do not consider it to be a false positive. You wouldn't be NetFixer if you did.
said by NetFixer :The AT&T install software has every earmark of malware. It is unwanted and it can only be removed by a painstaking examination of the file system and the registry. I think that F-Prot has nailed this one to the wall, which is where it belongs. Considering that a) the customer inserts the media and executes the very program being tagged by F-Prot's signature with prior warning of the program's components and intent, and b) other installers/uninstallers have been reported to trigger alerts based on the same signature, I'm fairly confident in proclaiming it a false positive.
In the spirit of this thread, however, I agree there needs to be an easily-available alternative to running the full AT&T installer just to get a user ID and e-mail address. I worked around this by calling support and telling them I had a linux-based laptop I was using to install the service. They offered up the web-link to the activation/e-mail pages (which, amusingly, closely resembles the GUI used by the AT&T installer software) where I was able to get my PPP login of choice created. After that, it was a simple matter of configuring my perimeter network router to make and maintain the connection.
As I mentioned earlier, this is information ATTSE should definitely consider making more widespread. I'd post the link I was given now but it's in the history of an old laptop at home that I can't remotely access. I'll add it later if I remember to fire up the old beast.
--
I thought you said that you'd come find me, I thought you said you'd be home by now. |
|
DSLxPert
join:2008-07-31
Austin, TX
|  reply to NetFixer
NetFixer...can you tell me what version of the F-PROT software you are running?
I have FPROT Antivirus Version Number 6.0.9.1 with F-PROT Antivirus Scanning Engine version number 4.4.4.
I also have a virus signature file from 7/31/2008, 12:43 PM
To find this I Clicked Updates, then Current Versions.
When I run against my machine, it is not picking up any viruses. Also, where did you get that file, was it from a website or was it on the CD you received in the mail?
Thanks! |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
·Cingular Wireless
·AT&T CallVantage
| I currently have the same version, scan engine and def files. The def file that tagged the AT&T install file was dated 07/30/2008.
I am currently on the road, but I just VNC'ed into my server, took the file out of quarantine, and rescanned it. Now it does not detect it as malware, which is too bad because it really is.
The file was downloaded from the on-line registration process beginning at »dslinstallation.bellsouth.net/ no CD was used.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
BobHelms
Premium
join:2008-06-22
Cary, NC | reply to NetFixer
Mainframe? Did you type Mainframe? How far do you go back NetFixer? System 360, System 370?
BTW: Nobody can snicker better than Ernestine! |
|
David
No,there is another.
Premium,VIP
join:2002-05-30
Granite City, IL
clubs: | reply to NetFixer
anybody ever the the part number off the CD that caused this? |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
·Cingular Wireless
·AT&T CallVantage
| reply to BobHelms
said by BobHelms :Mainframe? Did you type Mainframe? How far do you go back NetFixer? System 360, System 370?
Wrong vendor, but right time frame (System 360 era).
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to Rob
said by Rob :Windows Media. I'll have to see if she has the CD, the tech told her to throw it out. You wouldn't, by any chance, mean, "Windows Media Center Edition 200x" (aka, "Windows MCE 200x"), would you?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
Rob
In Deo speramus, God Bless the USA
Premium
join:2001-08-25
Kendall, FL
·Comcast
| said by NormanS :said by Rob :Windows Media. I'll have to see if she has the CD, the tech told her to throw it out. You wouldn't, by any chance, mean, "Windows Media Center Edition 200x" (aka, "Windows MCE 200x"), would you? Yea. |
|
