Maybe this can shed some light on your dilemma
http://groups.google.com/group/micro...82e0e?lnk=raot
"mabrams" <> wrote in message
news:...
>
> ::In Photoshop, scrolling through the available fonts the application
> would freeze. Suspecting a font corruption, I scanned my
> C:\Windows\Fonts folder and noticed several large unrecognized
> fonts.::
> ::Upon examining the properties of several large font files, I found
> that they were of Chinese origin and were installed under the Security
> Group: TrustedInstaller.::
> ::TrustedInstaller is not defined to my Security as a user or group.
> I
> do understand that TrustedInstaller.exe is a MS system file used in an
> OS process … ::
> ::My thoughts are: What a great way to social engineer the insertion
> of
> a rouge Chinese font with a Trojan program – masquerade a bogus
> security
> group with the same name as a system process. Examining this Chineese
> font “MingLiU-ExtB” I found that the typeface was in Western Ascii.
> The
> Chinese Unicode would support this character set on a Chinese PC .
> This
> would enable a Chinese PC with remote access to read my English data.
> If you can sneak a font onto my PC and make it look like it belongs to
> an OS process, how difficult would it be to also insert a Trojan and
> make it look like something else? AV software only detects what it
> knows either by code snippets or patterns. If it not in the Mug Book,
> it does exist for AV programs and there is always a way to exploit the
> system. ::
> ::Reading about others comments on TrustedInstaller, I found that
> TrustedInstaller was dismissed quickly because it’s a valid MS
> program.
> But it is not a valid SecurityGroup and why on my PC does the
> Administrator account or Administrators group not have permissions to
> this file? In order to remove the bloated font(s) and there are
> several families, I needed to edit into each one through the file
> properties, Security Tab, Advanced button for permissions for
> authenticated users, Owner Tab, Edit Button, Other users and groups
> button, and then add the Administrator account so that I had
> permission
> to remove the file. What a job. And no you can’t just create a
> seruciry grou called TrustedInstaller. The security encryption is
> created from the name and other hidden variables so adding
> TrustedInstaller Account or Group is useless and one needs to reformat
> or reassign file owenership inorder to remove these files.::
> :: ::
> ::Here are the properties for the largest font file at 33mb.::
> ::Title: MingLiU-ExtB; PMingLiU-ExtB; MingLiU-HKSCS-ExtB::
> ::Copyright: Copyright DynaComware Corp. 2005::
> ::Group: TrustedInstaller::
> ::So I am concerned, because I don’t know who or what really put
> several TrustedInstaller owned files on my PC . I will rebuild the PC
> when I have a few days of downtime and I will look for the
> TrustedInstaller owned fonts which are not on any other of my
> workstations, leading me to believe I visited the wrong Website or a
> virus came in under the wire …::
> ::If any reader has definitive information on this issue, please post
> as there is a lot of guessing taking place – even my post is half
> conjecture.::
>
>
> --
> mabrams
Similar Threads
Linear Mode
