Hi there, I work in IT and being an emergency readiness enthusiast have been a member here for a while.
Just recently I downloaded the desktop warning system desktop and mobile applications. Just after doing so, some issues arose with my computer. The program was also using high amounts of my CPU and was uploading and downloading quite a bit. Its the uploading I'm worried about. The total upload data in one day reached over half a gig. The domains it contacted were all defconwarningsystem.com, but it was over a few different unique IP addresses. I continued monitoring the program and it continued to do numerous fishy things.
-It requested access to a system service
-Accessed the group policy service and sent request codes to it
-Read my GUID and MAC address
-Ran code to view the taskbar, which, although could be used to run files as a user, might also be the program's odd way of checking for clicks on the task bar or creating defcon popups.
-Changed its file tracing settings as seen here:
On mobile I don't get as much info but in one day it uploaded almost as much as it downloaded, about 60kb (This was read with glasswire).
All in all, I'm giving the owners the benefit of the doubt as they probably outsourced the creation of the programs and are unaware of this issue.
I strongly recommend to anyone to remove the programs for now, and I recommend the owner to remove the program from the downloads page. In the meantime I will be creating a script for windows that checks the level (an open source bat file) which I will post in response to this thread.
I want to emphasize that I am not accusing anyone of anything, I'm just trying to find answers. Thanks.
Just recently I downloaded the desktop warning system desktop and mobile applications. Just after doing so, some issues arose with my computer. The program was also using high amounts of my CPU and was uploading and downloading quite a bit. Its the uploading I'm worried about. The total upload data in one day reached over half a gig. The domains it contacted were all defconwarningsystem.com, but it was over a few different unique IP addresses. I continued monitoring the program and it continued to do numerous fishy things.
-It requested access to a system service
-Accessed the group policy service and sent request codes to it
-Read my GUID and MAC address
-Ran code to view the taskbar, which, although could be used to run files as a user, might also be the program's odd way of checking for clicks on the task bar or creating defcon popups.
-Changed its file tracing settings as seen here:
Code:
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\TRACING\RASAPI32"; Key: "ENABLEFILETRACING"; Value: "00000000")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\TRACING\RASAPI32"; Key: "ENABLECONSOLETRACING"; Value: "00000000")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\TRACING\RASAPI32"; Key: "FILETRACINGMASK"; Value: "0000FFFF")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\TRACING\RASAPI32"; Key: "CONSOLETRACINGMASK"; Value: "0000FFFF")
On mobile I don't get as much info but in one day it uploaded almost as much as it downloaded, about 60kb (This was read with glasswire).
All in all, I'm giving the owners the benefit of the doubt as they probably outsourced the creation of the programs and are unaware of this issue.
I strongly recommend to anyone to remove the programs for now, and I recommend the owner to remove the program from the downloads page. In the meantime I will be creating a script for windows that checks the level (an open source bat file) which I will post in response to this thread.
I want to emphasize that I am not accusing anyone of anything, I'm just trying to find answers. Thanks.