I found a receipt in my husband's credit card bill for something I think might be something called Spectre Pro Spyware wireless keylogger.
I presume the software must "phone home" somehow the keylogging activity.
Is there any way, perhaps by looking at network activity, that I can tell if my husband bought it for use on my winxp computer?
Dear, Dear, Dear - you don't trust him - he doesn't trust you .....suggest the answer lies not in the Software - but in a heart to heart talk?
.or even a Marriage Guidance Counsellor ...
best wishes for the future
It is all suspicions but anyway;
To elminate keyloggers, download and install "Spybot search and destroy" to scan your system. To sniff network activities, download and install "Ethereal"
all the best.
-aljuhani
A lot of people still believe in scanning. Quite sad. Even further, considering what Spybot S&D claims about a provably clean and secured system, it would be even more useless on a surely infected system.
But what qualification of security expertise should we expect from someone who's abusing MSIE as a webbrowser...
We can only suggest available tools.
Hi everyone,
I agree that scanning probably won't work because the software runs on a windows system.
Looking at the disk from another system might work but that would take daily removal of the hard drive and I'd have to know what to look for anyway.
I was asking here because I am assuming that the network activity back to the mother ship would be the weak point in detecting this software.
I'm still convinced there will likely be signature network activity pinpointing the use of this software - which - by the way - all of you should also check for. But, what do we check specifically for? And how?
Googling for "Spector network activity" I found this article
May I ask how you would recommend a novice look for connections (perhaps in the past) to this domain and how to block them moving forward?
No, we can also suggest methods and procedures. That is, ensuring that there's no keylogger in first place.
Unlikely. It's called steganographic tunneling.
The real weak point is that the software, if installed, changes the state of the system. Comparing against a known good state will show it up.
"Donna" wrote in :
If this is a shared computer, save all your data files to removable media. Then reformat the drive. When the husband asks, say you don't know why the drive got erased except for some strange error message that popped up saying "Critical system error: Spectre Pro buffer overrun generated raw disk error." Maybe he'll think twice before he tries to install it again. In the meantime, get your own computer and lock it up.
I would visit there website
Also you could install and run Windows Defender (from Microsoft website) Ad-Aware SpyBot Search and Destroy.
One of the three should find it if it is there.
You could also get your own copy and put on your husbands computer so you can monitor his e-mail to see if he is monitoring yours.
Steve B.
Absolutely agree but needed to define an initial start point.
Now given the nature of such software, monitoring Network traffic would be the appropriate method to start with.
Sure you did.....
Going for a new trolling record, "Donna"?
When I pressed CTRL-ALT-SHIFT-S, nothing happened (that is the default method of bringing up the program) but according to what I read, the Spector program can be configured to bring it up using any other key combination.
I also checked the registry key HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\ ShellServiceObjectDelayLoad and C:\\windows\\system32 as described at
In the spirit of the best defence is a good offense, I went to the Spector web site to find out something very interesting.
They disable the keylogging software remotely if they find you using it on another machine. Hmmm... how do they know if you've used it on another machine.
Taking advantage of that 'feature', all we'd have to do is make our machines "look" like another machine and the software would disable itself.
Pretty simple. Now, the question is, how does Spector "know" what machine it's running on? And, how would we spoof that item?
Does anyone know what to do to "spoof" another computer?
Note: Here is their license information saysing what I summarize above:
This policy allows customers who are upgrading to newer computers the ability to continue to use their Spector Pro license with their new computer. This transfer of the license from an old computer to a new computer can only be done once. Any installations of a Spector Pro serial number on more than two computers or on 2 or more computers simultaneously, will result in the Spector Pro serial number being disabled and the software being deactivated.
It seems to be a reasonable topic for discussion and is hardy promoting the product.
What might be nice would be to see some helpful comments instead of the usual sniping.
-- Jim Watt
"Donna" wrote in :
Oh, so the "problem" wasn't what you claimed it to be in your first post.
I've seen this individual trolling in several other NG's including alt.comp.freeware, news.software.readers, and alt.home.repair.
Same Modus operandi is taking shape here already. Don't let me stop y'all from replying - this one has the potential for 300+ deep.
From: "G. Morgan"
| I've seen this individual trolling in several other NG's including | alt.comp.freeware, news.software.readers, and alt.home.repair.
| Same Modus operandi is taking shape here already. Don't let me stop y'all | from replying - this one has the potential for 300+ deep.
Thanx!
G. Morgan is an idiot. He can't stand it when people have manners and use the groups properly. I googled for these posts and found them all to be reasonable and informative with pictures and URLs and phone numbers all. They are limited to certain newsgroups. They are all on topic. They all are cheerful and attentive. What Morgan doesn't like is the system working. He really can't stand when it works well. Look up HIS posts for example. He's got nothing to offer except to malign good people's reputations. Idiot. G. Morgan is an idiot.
From:
| G. Morgan is an idiot. | He can't stand it when people have manners and use the groups | properly. | I googled for these posts and found them all to be reasonable and | informative with pictures and URLs and phone numbers all. | They are limited to certain newsgroups. They are all on topic. They | all are cheerful and attentive. | What Morgan doesn't like is the system working. He really can't stand | when it works well. | Look up HIS posts for example. | He's got nothing to offer except to malign good people's reputations. | Idiot. | G. Morgan is an idiot.
The information I have seen "G. Morgan" post is contrary to what you state.
You both have rights to your respective opinions.
The difference is Google Groupers don't have the credence of those who use News Clients.
BTW: Keylogger questions are indeed OT for alt.internet.wireless which negates your statement.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.