A lot of people still believe in scanning. Quite sad. Even further, considering what Spybot S&D claims about a provably clean and secured system, it would be even more useless on a surely infected system.
But what qualification of security expertise should we expect from someone who's abusing MSIE as a webbrowser...
I agree that scanning probably won't work because the software runs on a windows system.
Looking at the disk from another system might work but that would take daily removal of the hard drive and I'd have to know what to look for anyway.
I was asking here because I am assuming that the network activity back to the mother ship would be the weak point in detecting this software.
I'm still convinced there will likely be signature network activity pinpointing the use of this software - which - by the way - all of you should also check for. But, what do we check specifically for? And how?
Googling for "Spector network activity" I found this article
which said there is a certain connection to the domain U2A1376GF-43TY-245B.COM with this software.
May I ask how you would recommend a novice look for connections (perhaps in the past) to this domain and how to block them moving forward?
If this is a shared computer, save all your data files to removable media. Then reformat the drive. When the husband asks, say you don't know why the drive got erased except for some strange error message that popped up saying "Critical system error: Spectre Pro buffer overrun generated raw disk error." Maybe he'll think twice before he tries to install it again. In the meantime, get your own computer and lock it up.
When I pressed CTRL-ALT-SHIFT-S, nothing happened (that is the default method of bringing up the program) but according to what I read, the Spector program can be configured to bring it up using any other key combination.
I also checked the registry key HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\ ShellServiceObjectDelayLoad and C:\\windows\\system32 as described at
It doesn't seem to be here. That's good. I'll go to the Spector web site to see what I can find out about disabling the program anyway, just to be sure.
In the spirit of the best defence is a good offense, I went to the Spector web site to find out something very interesting.
They disable the keylogging software remotely if they find you using it on another machine. Hmmm... how do they know if you've used it on another machine.
Taking advantage of that 'feature', all we'd have to do is make our machines "look" like another machine and the software would disable itself.
Pretty simple. Now, the question is, how does Spector "know" what machine it's running on? And, how would we spoof that item?
Does anyone know what to do to "spoof" another computer?
Note: Here is their license information saysing what I summarize above:
Spector Pro software license agreement allows a user to install on an additional computer, if the new installation is being done to a computer that is replacing the original computer which Spector Pro was installed. The original computer must be taken out of service.
This policy allows customers who are upgrading to newer computers the ability to continue to use their Spector Pro license with their new computer. This transfer of the license from an old computer to a new computer can only be done once. Any installations of a Spector Pro serial number on more than two computers or on 2 or more computers simultaneously, will result in the Spector Pro serial number being disabled and the software being deactivated.
G. Morgan is an idiot. He can't stand it when people have manners and use the groups properly. I googled for these posts and found them all to be reasonable and informative with pictures and URLs and phone numbers all. They are limited to certain newsgroups. They are all on topic. They all are cheerful and attentive. What Morgan doesn't like is the system working. He really can't stand when it works well. Look up HIS posts for example. He's got nothing to offer except to malign good people's reputations. Idiot. G. Morgan is an idiot.
| G. Morgan is an idiot. | He can't stand it when people have manners and use the groups | properly. | I googled for these posts and found them all to be reasonable and | informative with pictures and URLs and phone numbers all. | They are limited to certain newsgroups. They are all on topic. They | all are cheerful and attentive. | What Morgan doesn't like is the system working. He really can't stand | when it works well. | Look up HIS posts for example. | He's got nothing to offer except to malign good people's reputations. | Idiot. | G. Morgan is an idiot.
The information I have seen "G. Morgan" post is contrary to what you state.
You both have rights to your respective opinions.
The difference is Google Groupers don't have the credence of those who use News Clients.
BTW: Keylogger questions are indeed OT for alt.internet.wireless which negates your statement.