Doctor's laptop and odd programs.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Spork Schivago
    Badcaps Legend
    • Mar 2012
    • 4734
    • United States of America

    #1

    Doctor's laptop and odd programs.

    Hello,

    Fixing a doctor's laptop. This one he says is special and the files need to be preserved. I believe it's infected with a few things. I've cloned the hard drive, hooked the machine up externally to my machine and ran Norton. It detected two things.

    SAPE.Somoto.13 (fully resolved) --jameelnoorinastaleeq_downloader_by_ffonts.exe

    PUA.Gen.3 (not resolved) -- Advanced System Optimizer 3 files.

    It's the potentially unwanted application gen 3 I have a question about. I've googled the program and it looks like it might have been purposefully installed. I wouldn't download it, but the link for it is here: http://www.systweak.com/advanced-system-optimizer/

    Should I remove that? Even though my anti-virus program detected it as bad and there's probably ad's in it, he might have bought the program and purposefully installed it. What would you guys do?

    There's a bunch of "infected" files for the Optimizer 3.

    Code:
    Filename: ASEng.dll
    Threat name: PUA.Gen.3Full Path: e:\program files\advanced system optimizer 3\aseng.dll
    
    ____________________________
    
    ____________________________
    
    
    On computers as of*
    4/24/2016 at 6:48:53 PM
    
    Last Used*
    4/24/2016 at 6:50:54 PM
    
    Startup Item*
    No
    
    Launched*
    No
    
    Threat type: Security Risk. Programs that pose a security or privacy risk and are not already classified as malicious.
    
    
    ____________________________
    
    
    ASEng.dll Threat name: PUA.Gen.3
    Locate
    
    
    Many Users
    Thousands of users in the Norton Community have used this file.
    
    Mature
    This file was released 4 years 8 months ago.
    
    Low
    This file risk is low.
    
    
    ____________________________
    
    
    Source: External Media
    
    Source File:
    aseng.dll
    
    ____________________________
    
    File Actions
    
    Infected file: e:\program files\advanced system optimizer 3\ ASEng.dll No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ asinvoker.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ ASO3.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ asores.dll No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ asohelper.dll No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ asohtm.dll No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ backupmanager.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ checkupdate.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ diskdoctor.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ requireadministrator.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ diskexplorer.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ securedelete.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ secureshell.dll No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ secureencryptor.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ sqlite3.dll No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ sysfilebakres.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ startupmanager.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ Network.dll No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ newscheduler.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ privacyprotector.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ driverupdater.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ downloader.dll No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ gameoptimizer.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ PCFixer.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ duplicatefilesremover.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ GOHelper.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ gameoptlauncher.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ killasoprocesses.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ gameoptlauncher64.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ launcher.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ highestavailable.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ memoryoptimizer.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ HookDll.dll No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ hookdll64.dll No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ Undelete.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ systemanalyzerandadvisor.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ undeletedll.dll No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ uninstallmanager.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ systemcleaner.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ xmllite.dll No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ volumecontrol.exe No fix attempted
    Infected file: e:\program files\advanced system optimizer 3\ volumecontrol64.exe No fix attempted
    ____________________________
    
    
    File Thumbprint - SHA:
    6f611d66e50bb4286c1eb4d2114e15e1f4a767bd38adc8903ffc6758f0498f6a
    File Thumbprint - MD5:
    Not available
    Also, I've been thinking maybe it's not the bestest idea to hook hard drives externally to a Microsoft Windows machine and scan for viruses. Has anyone used that ClamAV for Linux? It's supposed to scan Windows machines I believe. I'd feel a lot more comfortable scanning for viruses on my Linux box.
    -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full
  • R_J
    Badcaps Legend
    • Jun 2012
    • 9515
    • Canada

    #2
    Re: Doctor's laptop and odd programs.

    I usually use something like kaspersky rescue 10 on a cd or usb drive, that way its basically only the antivirus program running and scaning the drive.

    Comment

    • Spork Schivago
      Badcaps Legend
      • Mar 2012
      • 4734
      • United States of America

      #3
      Re: Doctor's laptop and odd programs.

      Originally posted by R_J
      I usually use something like kaspersky rescue 10 on a cd or usb drive, that way its basically only the antivirus program running and scaning the drive.
      Okay. I will give that a shot. Do I have to update the signatures or if there's an ethernet cable plugged in, will it connect to the net and download the latest? I'll check into the Kaspersky Rescue 10.
      -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

      Comment

      • R_J
        Badcaps Legend
        • Jun 2012
        • 9515
        • Canada

        #4
        Re: Doctor's laptop and odd programs.

        You can update the signatures over the internet, or you can update them on the pc you use to make the usb drive first
        I beleve this site has the instructions http://www.neowin.net/forum/topic/11...ns-up-to-date/

        Comment

        • fzabkar
          Badcaps Veteran
          • Mar 2009
          • 772
          • Australia

          #5
          Re: Doctor's laptop and odd programs.

          You can upload any suspect files to virustotal.com. The file will then be scanned by about 40 AV products, including Kaspersky.

          Comment

          • ddscentral
            Senior Member
            • Mar 2008
            • 151
            • Lithuania, EU

            #6
            Re: Doctor's laptop and odd programs.

            Remove Advanced System Optimizer. There should be an uninstaller available.

            Systweak tools (including Advanced System Optimizer) are labeled by some AV vendors as PUA (potentially unwanted program) because they are often installed as "optional offers" when installing other programs.
            This is the same tactic that toolbar/adware vendors use to get their software installed.
            Last edited by ddscentral; 04-25-2016, 03:53 PM. Reason: Typo

            Comment

            • ChaosLegionnaire
              HC Overclocker
              • Jul 2012
              • 3264
              • Singapore

              #7
              Re: Doctor's laptop and odd programs.

              a doctor's laptop with a program that poses a security and privacy risk? get rid of it, i say too. if it compromises patients' privacy, that could open up a lawsuit for the doc to be sued for failing to ensure or protect the privacy of his patients.

              if he needs a program to maintain his system in tip top shape, there are better programs out there that dont pose such a privacy and security risk!

              Comment

              • stj
                Great Sage 齊天大聖
                • Dec 2009
                • 30934
                • Albion

                #8
                Re: Doctor's laptop and odd programs.

                if it's running updated win7 / 8.1 or win10 then it has no privacy and is already technically illegal for a doctor to use.

                Comment

                • Spork Schivago
                  Badcaps Legend
                  • Mar 2012
                  • 4734
                  • United States of America

                  #9
                  Re: Doctor's laptop and odd programs.

                  Originally posted by fzabkar
                  You can upload any suspect files to virustotal.com. The file will then be scanned by about 40 AV products, including Kaspersky.
                  It's not a matter of figuring out if it's a bad program or not. I've used virustotal.com before, and it's great. The problem is though, if the user purposefully put it there, even though it's bad, do I remove it? There were times in the past where people had toolbars that showed up as PUA's and after removing it, they called asking for it back, despite some of them were spying on them.
                  -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                  Comment

                  • Spork Schivago
                    Badcaps Legend
                    • Mar 2012
                    • 4734
                    • United States of America

                    #10
                    Re: Doctor's laptop and odd programs.

                    Originally posted by ChaosLegionnaire
                    a doctor's laptop with a program that poses a security and privacy risk? get rid of it, i say too. if it compromises patients' privacy, that could open up a lawsuit for the doc to be sued for failing to ensure or protect the privacy of his patients.

                    if he needs a program to maintain his system in tip top shape, there are better programs out there that dont pose such a privacy and security risk!
                    That's good logic. Even if he paid for the program, he should have no problems with me removing it. I've cloned his hard drive, so if he really insists on needing it, I can always restore it. Thanks.
                    -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                    Comment

                    • Spork Schivago
                      Badcaps Legend
                      • Mar 2012
                      • 4734
                      • United States of America

                      #11
                      Re: Doctor's laptop and odd programs.

                      Originally posted by stj
                      if it's running updated win7 / 8.1 or win10 then it has no privacy and is already technically illegal for a doctor to use.
                      Why would it be illegal for a doctor to use a laptop that has Windows 7, 8.1 or Windows 10 on it? If this is true, there is going to be a very huge problem for doctors and doctors offices. If I'm not mistaken, isn't Microsoft requiring all PCs that ship with Windows to ship with Windows 10 after a certain date? That date might had already came, I don't remember when it was.
                      -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                      Comment

                      • stj
                        Great Sage 齊天大聖
                        • Dec 2009
                        • 30934
                        • Albion

                        #12
                        Re: Doctor's laptop and odd programs.

                        professionals (not just doctors) are legally responsible for the protection of customer data.
                        storing it on a machine that openly admits to collecting data in the user license is legal suicide.

                        you cant say you didnt know you were legally obliged to keep customer data secure,
                        and you cant say you didnt know the o.s. was collecting data and phoning home.
                        so you can be sued or imprisoned and frankly - you have no legal defense.

                        Comment

                        • keeney123
                          Lauren
                          • Sep 2014
                          • 2536
                          • United States

                          #13
                          Re: Doctor's laptop and odd programs.

                          Originally posted by Spork Schivago
                          Why would it be illegal for a doctor to use a laptop that has Windows 7, 8.1 or Windows 10 on it? If this is true, there is going to be a very huge problem for doctors and doctors offices. If I'm not mistaken, isn't Microsoft requiring all PCs that ship with Windows to ship with Windows 10 after a certain date? That date might had already came, I don't remember when it was.
                          If he is associated with a hospital, which many doctors are then the hospital should have technical people who handle virus/etc. security that are train in the most up to date systems and software. You may want to see if they have such a department at Corning Hospital. I know they are small, but they may also be a part of a large Hospital network. Perhaps if you could contact such a technical department manager you could find out what training they go through so you could qualify to provide a similar service for doctors in your area outside of the hospital.

                          Comment

                          • Spork Schivago
                            Badcaps Legend
                            • Mar 2012
                            • 4734
                            • United States of America

                            #14
                            Re: Doctor's laptop and odd programs.

                            Originally posted by stj
                            professionals (not just doctors) are legally responsible for the protection of customer data.
                            storing it on a machine that openly admits to collecting data in the user license is legal suicide.

                            you cant say you didnt know you were legally obliged to keep customer data secure,
                            and you cant say you didnt know the o.s. was collecting data and phoning home.
                            so you can be sued or imprisoned and frankly - you have no legal defense.
                            What about the Enterprise versions of Windows? Would they too have the same spying features? I would think if Microsoft is requiring all new computers to ship with 10, there'd have to be some exception to the law. For example, although there's a HIPPA law, I believe the government is legally allowed to pull those records, if they needed too, without written consent from the patient. If I'm wrong on this, feel free to let me know.

                            I'd imagine the doctor probably wouldn't have patient information on his personal laptop as well. I'd think that would go against S.O.P. For good reason as well. Take me, for instance. If he had patient information on that laptop, I now have full access to it. I didn't sign any non-disclosure agreements. It wasn't the hospital who asked me to fix it, but the doctor himself. He brought it to my house.

                            For some reason, he asked me to upgrade the Windows Vista to 10, not Windows 7. I don't feel right snooping through the information, trying to figure out if personal information for patients are on there. I am going to have to go through the files and try to identify what gets backed up, what doesn't though.
                            Last edited by Spork Schivago; 04-25-2016, 09:10 PM.
                            -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                            Comment

                            • Spork Schivago
                              Badcaps Legend
                              • Mar 2012
                              • 4734
                              • United States of America

                              #15
                              Re: Doctor's laptop and odd programs.

                              Originally posted by keeney123
                              If he is associated with a hospital, which many doctors are then the hospital should have technical people who handle virus/etc. security that are train in the most up to date systems and software. You may want to see if they have such a department at Corning Hospital. I know they are small, but they may also be a part of a large Hospital network. Perhaps if you could contact such a technical department manager you could find out what training they go through so you could qualify to provide a similar service for doctors in your area outside of the hospital.
                              Corning Hospital and Guthrie do have some nice IT stuff. I'm pretty sure they outsource. They have this program that gives doctors all kinds of patient information. I'd love to work on their PCs. The people they call actually wrote the software and maintain it. I believe more than just Guthrie use it. Sometimes I can catch a glimpse of the screen and it'll say something like, All Doctors in NY should try ordering this medicine for patients taking medicine X because there's a shortage for medicine X.

                              The hospital where this doctor works have their own IT people as well. I've looked into getting hired but was told it's a small department and the people who have worked there have worked there for a good long time. They said one of them is reaching retirement age and I might be able to get in. I'll look into this further. His hospital is a lot smaller than the Corning Hospital.
                              -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                              Comment

                              • Spork Schivago
                                Badcaps Legend
                                • Mar 2012
                                • 4734
                                • United States of America

                                #16
                                Re: Doctor's laptop and odd programs.

                                I would think any hospital running Microsoft Windows, would be running Enterprise edition. From what I've read, I believe the data collection policy can be completely turned off in the Enterprise edition. The customer can also sign a BAA. Here's more information on this:

                                http://blog.capterra.com/hipaa-compl...-need-to-know/

                                There's only one computer I ever worked on that had Enterprise 7 installed on it. It was the most secure PC I had ever encountered and I was not able to do what I was hired to do. I believe the PC was stolen and gave it back. I told the user something was wrong. Supposedly, the corporation threw out the PC. It was new, had a solid state drive. The hard drive was fully intact but encrypted. During bootup, it'd decrypt but if you hooked it up to another PC, you couldn't access any of the data. There were two accounts. You could only see the first account at the login screen and there was no password for it. The only program that you could run was a web browser. Run, start menu, CTRL-ALT-DEL were disabled. You couldn't create folders or files. You couldn't save anything to the drive. You could start Windows help though and gain read access to most of the entire hard drive (program files, windows, etc). You could also gain access to the users directory but you couldn't access the user directory for the other user. The main users was some simple name, like comp1002. It had special tracking software built into the computer, at a hardware level. There was also some weird encryption chip on it. I never hooked it up to the internet, but I had hooked it up to a hub. Using a sniffer, I could see it trying to connect back to the company and to Dell. This was as soon as the PC was turned on, before the OS loaded. I thought that was really weird and never heard of anything like that before. I don't know what it was trying to do. I think maybe it was a trap. I think the corporation knew someone was stealing from them and just let them take it. I don't know what ever happened to the customer.

                                I should probably contact the doctor before putting 10 on there and let him know it's not HIPPA compliant. Thanks for letting me know Stj.
                                Last edited by Spork Schivago; 04-25-2016, 09:23 PM.
                                -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                                Comment

                                • keeney123
                                  Lauren
                                  • Sep 2014
                                  • 2536
                                  • United States

                                  #17
                                  Re: Doctor's laptop and odd programs.

                                  One of my Nephews in MA works for a large hospital called Baystate Hospital. they own several other hospitals. He does security for their servers. They are constantly sending him to learn update programs on security.
                                  My brother who practice in Corning use to practice at Corning Hospital, a hospital in Elmira and a hospital in Binghamton. You might see if one of those hospitals have more openings. I know a few Drs and none of them want to be bothered with computers.
                                  My Nephew in MA was train as a phlebotomist in the Air Force and he did this for a living after he got out. He found that the current position paid way more so he just pick it up on his own and then applied and was accepted.
                                  Last edited by keeney123; 04-26-2016, 12:35 AM.

                                  Comment

                                  • diif
                                    Badcaps Legend
                                    • Feb 2014
                                    • 6978
                                    • England

                                    #18
                                    Re: Doctor's laptop and odd programs.

                                    Don't believe the spying BS that some people thing is going on.
                                    Microsoft are well aware of the various laws around the world and would not do anything to hamper those sales.
                                    http://www.zdnet.com/article/no-micr...th-windows-10/

                                    There is no free upgrade from Vista to 10 he will need to pay for it.
                                    Last edited by diif; 04-26-2016, 01:16 AM.

                                    Comment

                                    • tazmaniand1221
                                      New Member
                                      • Apr 2016
                                      • 3
                                      • Philippines

                                      #19
                                      Re: Doctor's laptop and odd programs.

                                      Hi!! i am newbie..

                                      Comment

                                      • stj
                                        Great Sage 齊天大聖
                                        • Dec 2009
                                        • 30934
                                        • Albion

                                        #20
                                        Re: Doctor's laptop and odd programs.

                                        Originally posted by diif
                                        Microsoft are well aware of the various laws around the world
                                        and they dont give a fuck, because they probably have a sharing agreement with most governments.

                                        Comment

                                        Related Topics

                                        Collapse

                                        • Forest79
                                          Lenovo ThinkStation P520 BIOS file needed
                                          by Forest79
                                          Hello,

                                          I got a Lenovo ThinkStation P520 (Type 30BF) from a friend, asking me for a repair. Windows 11 offered a firmware upgrade as an optional update, and it failed.
                                          The emergency flash procedure from the hardware manual has also failed. So, I asked an acquaintance with better skills to flash the BIOS directly.

                                          However, the chip (a Macronix MX25L25673GMI-08G) has a size of 32 MB, and the BIOS file from the Lenovo website (extracted with UEFITool) has a little more than 16 MB. Thus, the software my acquaintance used (SiberiaProg v1.45, with a CH341A Programmer)...
                                          07-23-2023, 07:39 AM
                                        • hazem3636
                                          need Bios Bin file Dell server 220
                                          by hazem3636
                                          hi everyone

                                          i need dump file for dell server r220
                                          i have download Flash BIOS executable file but i dont know how to conver it to Bin file

                                          i have check on youtube there is some programs are doing this method of creating Bin file from ExE file .


                                          if anyone has this method please need his supporting .

                                          all the best

                                          EXE file is attched and Original Bin file from the Bios Chip is attached also

                                          and dell website "https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=mrxv...
                                          11-05-2022, 06:20 AM
                                        • Sebastian Codrean
                                          BIOS file for ASUS F542UN laptop
                                          by Sebastian Codrean
                                          Hello to all of you! I need help with a BIOS file.
                                          The BIOS chip is fried on my Asus F542UN laptop, and I bought a new chip that needs programming. I have a CH341a programmer but I need a .bin BIOS file. On Asus support page the firmware has another extension, .310 and from reading on this forum I understand that that file is not complete BIOS.
                                          So, in short I need the "complete" BIOS .bin file to flash on the new chip. Another issue is that on back of the case the label says F542UN but on the sticker on the motherboard it's X542UN.
                                          02-20-2025, 10:25 AM
                                        • maanee11
                                          Help to get Lenovo BIOS bin file for Thinkpad T560
                                          by maanee11
                                          Hello Everyone,

                                          I have Thinkpad T560 Which has corrupted BIOS. I have acquired Ch341A SPI flasher to program the BIOS externally. I see that to program the BIOS, i need a bin file for the BIOS. I was able to extract the .exe file of BIOS from Lenovo given here in this link:

                                          https://pcsupport.lenovo.com/au/en/p...me=BIOS%2FUEFI

                                          In the extracted files, I see that BIOS containing file has extension .FL1 and I need to extract or convert it...
                                          05-15-2022, 11:59 AM
                                        • pretendjury84
                                          Decrypt Keychain file
                                          by pretendjury84
                                          Hi,

                                          Sorry if this is posted in the wrong section.

                                          I need to decrypt a .keychain file. The methods listed on github (https://github.com/n0fate/chainbreaker) unfortunately dont seem to work. Im getting stuck on the first bit,
                                          1. Navigate to the directory containing the file setup.py
                                          2. Enter the command (from terminal): $ python setup.py bdist_wheel -d dist. This creates a wheel file (extension: .whl) in the /dist folder.
                                          qashifmasud@Qashifs-MacBook-Pro chainbreaker-master % python setup.py bdist_wheel -d dist
                                          zsh: command not found: python

                                          qashifmasud@Qashifs-MacBook-Pro...
                                          10-12-2024, 02:31 AM
                                        • Loading...
                                        • No more items.
                                        Working...