New findings

Discussion in 'Other Acronis Products' started by zebis, May 28, 2005.

Thread Status:
Not open for further replies.
  1. zebis

    zebis Registered Member

    Joined:
    Feb 25, 2005
    Posts:
    46
    dear acronis,

    I ran spysweeper about a day ago, with the latest updates. spysweeper popped up with a new finding.

    It it called Farsighter. I have never seen this before running adaware, spybot and PES7 or PES8. Even after running PES8 with the Deep scan option and latest spyware defs, it did not find the Farsighter entry. Maybe you can add this one to your list of spyware defs. It seems to have been removed with Spysweeper.

    labelled as a System Monitor by spysweeper

    System monitors are applications designed to monitor computer activity to various degrees. These programs can capture virtually everything you do on your computer including recording all keystrokes, emails, chat room dialogue, web sites visited, and programs run. System monitors usually run in the background so that you do not know that you are being monitored. The information gathered by the system monitor is stored on your computer in an encrypted log file for later retrieval. Some programs are capable of emailing the log files to another location.

    Traditionally, system monitors had to be installed by someone with administrative access to your computer, such as a system administrator or someone that shares your computer. However, there has been a recent wave of system monitoring tools disguised as email attachments or "freeware" software products.

    Also Running the deep scan Option with PES8 , i came across an entry called DSKTrojan. For some reason it was attached to a file in a game i recently purchased called " dungeon lords " ( Dreamcatcher, Heuristic park ).

    Pes8 removed the DSKTrojan from the dungeon lords directory with no problems. game runs fine after removing it.

    Just thought i would let acronis know about this little goodie.

    cheers ,

    Zebis
     
  2. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello Zebis,

    Thank you for choosing Acronis Internet Privacy and Antispyware Software.

    I will contact our Development Team and they will take care of this spyware. I suppose this will be included into spyware definitions soon.

    Thank you.
    --
    Ilya Toytman
     
  3. zebis

    zebis Registered Member

    Joined:
    Feb 25, 2005
    Posts:
    46
    Ilya,

    Thanks for your response. I've done more research on this farsighter entry. Seems like a nasty little bugger. It has a server and client installation. I'm still trying to figure out how this little critter made onto my system.

    It seems to be gone but, how do i know for sure. I've searched my pc for entries that it makes with no traces of it. thank god.

    I wish people would spend more time doing good things instead of bad things. I guess some people have to much time on there hands.

    Thanks again Ilya,

    Cheers,

    Zebis
     
  4. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Some info:

    fserv.exe (farsighter spyware) - Details

    If your pc has the fserv.exe process running on it, the spyware program 'farsighter' may be installed on your pc. This program may have been installed manually by a user using an installation package (potentially when another application was installed). The 'farsighter' program will monitor activity on your computer and potentially send this information to a third party.

    fserv.exe is considered to be a security risk, not only because spyware removal programs flag farsighter spyware as spyware, but also because a number of users have complained about its performance.

    farsighter spyware is likely spyware and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of fserv.exe may cause serious harm to your system and will likely cause a number of problems, such as slow performance, loss of data or leaking private information.

    Details of Farsighter

    Allows remote server module to view screen content of infected computer. Creates the following files and registry entries:

    Files:

    FILE:%PROGRAMFILES%\Farsighter Server\Serverconfig.exe
    FILE:%PROGRAMFILES%\Farsighter Server\Manual.html
    FILE:%PROGRAMFILES%\Farsighter Server\faq.html
    FILE:%PROGRAMFILES%\Farsighter Server\Uninstall.bat
    FILE:%PROGRAMFILES%\Farsighter Server\System\Config.cfg
    FILE:%PROGRAMFILES%\Farsighter Server\System\Fserv.exe
    FILE:%PROGRAMFILES%\Farsighter Client\farsighter.exe
    FILE:%PROGRAMFILES%\Farsighter Client\Uninst.isu
    FILE:%WINDOWSROOT%\Documents and Settings\All Users\Start Menu\Programs\Farsighter Client\Farsighter.lnk
    FILE:%PROGRAMFILES%\Farsighter Client\manual.html
    FILE:%WINDOWSROOT%\Documents and Settings\All Users\Start Menu\Programs\Farsighter Client\Manual.lnk
    FILE:%WINDOWSROOT%\Documents and Settings\All Users\Start Menu\Programs\Farsighter Client\Visit Sureshot.url
    FILE:%PROGRAMFILES%\Farsighter Client\faq.html
    FILE:%WINDOWSROOT%\Documents and Settings\All Users\Start Menu\Programs\Farsighter Client\Faq.lnk

    Registry:

    RUN:fserv.exe


    Sources: auditmypc.com & actualresearch.com
     
  5. zebis

    zebis Registered Member

    Joined:
    Feb 25, 2005
    Posts:
    46
    thanks smokey,

    Seems that all is good, i cannot find traces of this little nasty. Looks like it is gone.

    This litle bugger has a client and a server parts to it. there is nothing in my startup or running under processes in task manager. I have also looked for entries , from what i have read on the internet. GONE. for now. Nasty.

    Thanks again, Glad spysweeper caught it.

    cheers,

    Zebis
     
  6. zebis

    zebis Registered Member

    Joined:
    Feb 25, 2005
    Posts:
    46
    dear acronis,

    I just received the latest spyware updates, I'm glad to see the farsighter entry was on that list. That was really quick. KUDOS!!!.

    Thanks Ilya for mentioning that to the development team. Good work guys.

    Cheers,

    Zebis
     
  7. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello Zebis,

    Thank you for your notice and feedback. Our Development Team is constantly working on spyware base updating and your post was of great help for them. If you encounter any other issues please feel free to contact us. Your help is greatly appreciated.

    Thank you.
    --
    Ilya Toytman
     
Thread Status:
Not open for further replies.