Virus infection of churchsupportselfprovision.exe

Discussions around the setup, operation, replacement, and disposal of clerk computers, not to include using MLS
Post Reply
emperornortoni
New Member
Posts: 1
Joined: Sun Mar 03, 2024 1:14 pm

Virus infection of churchsupportselfprovision.exe

#1

Post by emperornortoni »

I consistently receive computers for my stake without the self-provisioning software pre-installed. That, in and of itself, is it's own problem.

Today, I prepared to set up a new computer by downloading the churchsupportselfprovision.exe file from the link in the clerk computer setup wiki, and received a notification from my personal computer's antivirus software that the file I was trying to download was infected with a trojan Win/Polazert.A

Has anyone else received this notice from any other antivirus software? Is it just me? I run very strict privacy controls on my browser, but I don't think that's the problem.
User avatar
Mikerowaved
Community Moderators
Posts: 4786
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Re: Virus infection of churchsupportselfprovision.exe

#2

Post by Mikerowaved »

I just now uploaded the churchsupportselfprovision.exe tool to VirusTotal for analysis and 5 of 75 security vendors flagged it as malicious. It kind of makes sense, since it has similar activities with some malicious programs. For example, it does the following:
VirusTotal wrote: Matches Rules:
PowerShell Create Local User
Winlogon Helper DLL
User Added to Local Administrator Group
Powershell Detect Virtualization Environment
Powershell LocalAccount Manipulation
File Download From Browser Process Via Inline URL
PSScriptPolicyTest Creation against Applocker.
Suspicious Get Local Groups Information
Local User Creation
A Member Was Added to a Security-Enabled Global Group
Of course, it uses all the above tools to setup Windows exactly as they want it.

The file is digitally signed by the following:
VirusTotal wrote: Signers
Intellectual Reserve, Inc.
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
DigiCert Trusted Root G4
DigiCert

Counter Signers
DigiCert Timestamp 2023
DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
DigiCert Trusted Root G4
DigiCert

x509 Certificates
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Intellectual Reserve, Inc.
DigiCert Timestamp 2023
DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
DigiCert Trusted Root G4
In my opinion, this is a safe file to use and can be trusted to get the job done.
So we can better help you, please edit your Profile to include your general location.
Post Reply

Return to “Clerk Computers”