Jdurkacs
2014-01-27, 21:13
This is a component of the ADASHI software, which is an application for Emergency Responders. This particular executable is called by the ADASHI program when it needs to generate a vehicle route between 2 points on a street network. The ADASHI software is made by ADASHI Systems LLC, which is the company I work for.
http://adashisystems.com/
We noticed today that it was flagged on one of our employees' PCs. We wrote this application's code and compiled it ourselves, so it's definitely not infected. The info on this one is as follows:
OS: Windows 7 x64
Browser: IE 10 but it had nothing to do with the browser
Version of Spybot: 1.6.2.0 (System Settings Protector 1.6.6.32)
What reported it: Teatimer, updated today 1/27/2014. Our program was launched, it then called ExternalParallelRouteRunner.exe and Teatimer popped up, notifying us that it was infected with Win32.Badur
I was also able to replicate this on another PC using the latest Spybot:
OS: Windows 7 32-bit
Browser: IE 9 (but again, had nothing to do with browser)
Version of Spybot: 2.2.18.0 (Single file on-demand scanner)
What reported it: File Scan wherein I selected our application's install folder. It was updated today 1/27/2014. I had initiated a manual scan.
Interestingly enough, in 2.2.18.0 I did a system scan and it did not flag it. Only when I did File Scan did it pop up.
Scan log:
Spybot - Search & Destroy
File Scanner 2.2.18.135
Log created at 1/27/2014 2:37:55 PM
Results Copyright (c) 2009-2014 Safer-Networking Ltd.
C:\Program Files\OptiMetrics\ADASHI\ExternalParallelRouteRunner.exe
Win32.Badur (47863CA6)
http://adashisystems.com/
We noticed today that it was flagged on one of our employees' PCs. We wrote this application's code and compiled it ourselves, so it's definitely not infected. The info on this one is as follows:
OS: Windows 7 x64
Browser: IE 10 but it had nothing to do with the browser
Version of Spybot: 1.6.2.0 (System Settings Protector 1.6.6.32)
What reported it: Teatimer, updated today 1/27/2014. Our program was launched, it then called ExternalParallelRouteRunner.exe and Teatimer popped up, notifying us that it was infected with Win32.Badur
I was also able to replicate this on another PC using the latest Spybot:
OS: Windows 7 32-bit
Browser: IE 9 (but again, had nothing to do with browser)
Version of Spybot: 2.2.18.0 (Single file on-demand scanner)
What reported it: File Scan wherein I selected our application's install folder. It was updated today 1/27/2014. I had initiated a manual scan.
Interestingly enough, in 2.2.18.0 I did a system scan and it did not flag it. Only when I did File Scan did it pop up.
Scan log:
Spybot - Search & Destroy
File Scanner 2.2.18.135
Log created at 1/27/2014 2:37:55 PM
Results Copyright (c) 2009-2014 Safer-Networking Ltd.
C:\Program Files\OptiMetrics\ADASHI\ExternalParallelRouteRunner.exe
Win32.Badur (47863CA6)