How to determine if Spector Pro Spyware is running on my computer?

Discussion in 'Computer Security' started by Donna, May 18, 2008.

  1. Donna

    Donna Guest

    I found a receipt in my husband's credit card bill for something I think
    might be something called Spectre Pro Spyware wireless keylogger.

    I presume the software must "phone home" somehow the keylogging activity.

    Is there any way, perhaps by looking at network activity, that I can tell
    if my husband bought it for use on my winxp computer?
     
    Donna, May 18, 2008
    #1
    1. Advertising

  2. Donna

    J S Guest

    Donna wrote:
    > I found a receipt in my husband's credit card bill for something I think
    > might be something called Spectre Pro Spyware wireless keylogger.
    >
    > I presume the software must "phone home" somehow the keylogging activity.
    >
    > Is there any way, perhaps by looking at network activity, that I can tell
    > if my husband bought it for use on my winxp computer?


    Dear, Dear, Dear - you don't trust him - he doesn't trust you
    ......suggest the answer lies not in the Software - but in a heart to
    heart talk?

    ..or even a Marriage Guidance Counsellor ...

    best wishes for the future
     
    J S, May 18, 2008
    #2
    1. Advertising

  3. Donna

    aljuhani Guest

    Re: How to determine if Spector Pro Spyware is running on mycomputer?

    On May 18, 10:57 am, Donna <> wrote:
    > I found a receipt in my husband's credit card bill for something I think
    > might be something called Spectre Pro Spyware wireless keylogger.
    >
    > I presume the software must "phone home" somehow the keylogging activity.
    >
    > Is there any way, perhaps by looking at network activity, that I can tell
    > if my husband bought it for use on my winxp computer?


    It is all suspicions but anyway;

    To elminate keyloggers, download and install "Spybot search and
    destroy" to scan your system.
    To sniff network activities, download and install "Ethereal"
    http://www.ethereal.com

    For other issues above, Ask Dr. Phil http://www.drphil.com ....!!

    all the best.

    -aljuhani
     
    aljuhani, May 18, 2008
    #3
  4. Donna

    Sebastian G. Guest

    Re: How to determine if Spector Pro Spyware is running on my computer?

    aljuhani wrote:


    > To elminate keyloggers, download and install "Spybot search and
    > destroy" to scan your system.



    A lot of people still believe in scanning. Quite sad. Even further,
    considering what Spybot S&D claims about a provably clean and secured
    system, it would be even more useless on a surely infected system.

    But what qualification of security expertise should we expect from someone
    who's abusing MSIE as a webbrowser...
     
    Sebastian G., May 18, 2008
    #4
  5. Donna

    aljuhani Guest

    Re: How to determine if Spector Pro Spyware is running on mycomputer?

    On May 18, 2:42 pm, "Sebastian G." <> wrote:
    > aljuhani wrote:
    > > To elminate keyloggers, download and install "Spybot search and
    > > destroy" to scan your system.

    >
    > A lot of people still believe in scanning. Quite sad. Even further,
    > considering what Spybot S&D claims about a provably clean and secured
    > system, it would be even more useless on a surely infected system.
    >
    > But what qualification of security expertise should we expect from someone
    > who's abusing MSIE as a webbrowser...


    We can only suggest available tools.
     
    aljuhani, May 18, 2008
    #5
  6. Donna

    Donna Guest

    Re: How to determine if Spector Pro Spyware is running on my computer?

    On Sun, 18 May 2008 05:07:31 -0700 (PDT), aljuhani wrote:

    > We can only suggest available tools.


    Hi everyone,

    I agree that scanning probably won't work because the software runs on a
    windows system.

    Looking at the disk from another system might work but that would take
    daily removal of the hard drive and I'd have to know what to look for
    anyway.

    I was asking here because I am assuming that the network activity back to
    the mother ship would be the weak point in detecting this software.

    I'm still convinced there will likely be signature network activity
    pinpointing the use of this software - which - by the way - all of you
    should also check for. But, what do we check specifically for? And how?

    Googling for "Spector network activity" I found this article
    http://www.interhack.net/pubs/spector/ which said there is a certain
    connection to the domain U2A1376GF-43TY-245B.COM with this software.

    May I ask how you would recommend a novice look for connections (perhaps in
    the past) to this domain and how to block them moving forward?
     
    Donna, May 18, 2008
    #6
  7. Donna

    Sebastian G. Guest

    Re: How to determine if Spector Pro Spyware is running on my computer?

    aljuhani wrote:

    > On May 18, 2:42 pm, "Sebastian G." <> wrote:
    >> aljuhani wrote:
    >>> To elminate keyloggers, download and install "Spybot search and
    >>> destroy" to scan your system.

    >> A lot of people still believe in scanning. Quite sad. Even further,
    >> considering what Spybot S&D claims about a provably clean and secured
    >> system, it would be even more useless on a surely infected system.
    >>
    >> But what qualification of security expertise should we expect from someone
    >> who's abusing MSIE as a webbrowser...

    >
    > We can only suggest available tools.



    No, we can also suggest methods and procedures. That is, ensuring that
    there's no keylogger in first place.
     
    Sebastian G., May 18, 2008
    #7
  8. Donna

    Sebastian G. Guest

    Re: How to determine if Spector Pro Spyware is running on my computer?

    Donna wrote:


    > I was asking here because I am assuming that the network activity back to
    > the mother ship would be the weak point in detecting this software.



    Unlikely. It's called steganographic tunneling.

    The real weak point is that the software, if installed, changes the state of
    the system. Comparing against a known good state will show it up.
     
    Sebastian G., May 18, 2008
    #8
  9. Donna

    VanguardLH Guest

    "Donna" wrote in <news:TiRXj.8983$>:

    > I found a receipt in my husband's credit card bill for something I think
    > might be something called Spectre Pro Spyware wireless keylogger.
    >
    > I presume the software must "phone home" somehow the keylogging activity.
    >
    > Is there any way, perhaps by looking at network activity, that I can tell
    > if my husband bought it for use on my winxp computer?


    If this is a shared computer, save all your data files to removable
    media. Then reformat the drive. When the husband asks, say you don't
    know why the drive got erased except for some strange error message that
    popped up saying "Critical system error: Spectre Pro buffer overrun
    generated raw disk error." Maybe he'll think twice before he tries to
    install it again. In the meantime, get your own computer and lock it
    up.
     
    VanguardLH, May 18, 2008
    #9
  10. Donna

    aljuhani Guest

    Re: How to determine if Spector Pro Spyware is running on mycomputer?

    On May 18, 3:59 pm, "Sebastian G." <> wrote:
    > aljuhani wrote:
    > > We can only suggest available tools.

    >
    > No, we can also suggest methods and procedures. That is, ensuring that
    > there's no keylogger in first place.


    Absolutely agree but needed to define an initial start point.

    Now given the nature of such software, monitoring Network traffic
    would be the appropriate method to start with.
     
    aljuhani, May 18, 2008
    #10
  11. Donna

    G. Morgan Guest

    Donna wrote:

    >I found a receipt



    Sure you did.....

    Going for a new trolling record, "Donna"?

    --

    I kill all Google Group posts, you can too.
    Take back Usenet <--> http://improve-usenet.org
     
    G. Morgan, May 18, 2008
    #11
  12. Donna

    Donna Guest

    On Sun, 18 May 2008 09:52:54 -0400, Steve B. wrote:

    > http://www.spectorsoft.com/products/SpectorPro_Windows/systemrequirements.asp
    > and call the support department to find out what the key sequence is
    > to bring up the application. If it works then you know it is there.


    When I pressed CTRL-ALT-SHIFT-S, nothing happened (that is the default
    method of bringing up the program) but according to what I read, the
    Spector program can be configured to bring it up using any other key
    combination.

    I also checked the registry key
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
    ShellServiceObjectDelayLoad and C:\windows\system32 as described at
    http://www.farmfreshmeat.com/2007/04/removing-spector-pro-60-keylogger.html

    It doesn't seem to be here. That's good. I'll go to the Spector web site to
    see what I can find out about disabling the program anyway, just to be
    sure.
     
    Donna, May 19, 2008
    #12
  13. Donna

    Donna Guest

    On Sun, 18 May 2008 09:52:54 -0400, Steve B. wrote:

    > You could also get your own copy


    In the spirit of the best defence is a good offense, I went to the Spector
    web site to find out something very interesting.

    They disable the keylogging software remotely if they find you using it on
    another machine. Hmmm... how do they know if you've used it on another
    machine.

    Taking advantage of that 'feature', all we'd have to do is make our
    machines "look" like another machine and the software would disable itself.

    Pretty simple. Now, the question is, how does Spector "know" what machine
    it's running on? And, how would we spoof that item?

    Does anyone know what to do to "spoof" another computer?









    Note: Here is their license information saysing what I summarize above:
    http://www.spectorsoft.com/support/SpectorPro_Windows/faq.html
    The Spector Pro software license agreement allows a user to install on an
    additional computer, if the new installation is being done to a computer
    that is replacing the original computer which Spector Pro was installed.
    The original computer must be taken out of service.

    This policy allows customers who are upgrading to newer computers the
    ability to continue to use their Spector Pro license with their new
    computer. This transfer of the license from an old computer to a new
    computer can only be done once. Any installations of a Spector Pro serial
    number on more than two computers or on 2 or more computers simultaneously,
    will result in the Spector Pro serial number being disabled and the
    software being deactivated.
     
    Donna, May 19, 2008
    #13
  14. Donna

    Jim Watt Guest

    On Sun, 18 May 2008 20:56:58 +0000 (UTC), G. Morgan <>
    wrote:

    >Going for a new trolling record, "Donna"?


    It seems to be a reasonable topic for discussion
    and is hardy promoting the product.

    What might be nice would be to see some helpful
    comments instead of the usual sniping.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, May 19, 2008
    #14
  15. Donna

    VanguardLH Guest

    "Donna" wrote in <news:AAaYj.9093$>:

    > In the spirit of the best defence is a good offense, I went to the Spector
    > web site to find out something very interesting.
    >
    > They disable the keylogging software remotely if they find you using it on
    > another machine. Hmmm... how do they know if you've used it on another
    > machine.
    >
    > Taking advantage of that 'feature', all we'd have to do is make our
    > machines "look" like another machine and the software would disable itself.
    >
    > Pretty simple. Now, the question is, how does Spector "know" what machine
    > it's running on? And, how would we spoof that item?
    >
    > Does anyone know what to do to "spoof" another computer?


    Oh, so the "problem" wasn't what you claimed it to be in your first
    post.
     
    VanguardLH, May 19, 2008
    #15
  16. Donna

    G. Morgan Guest

    Jim Watt wrote:

    >>Going for a new trolling record, "Donna"?

    >
    >It seems to be a reasonable topic for discussion
    >and is hardy promoting the product.
    >
    >What might be nice would be to see some helpful
    >comments instead of the usual sniping.



    I've seen this individual trolling in several other NG's including
    alt.comp.freeware, news.software.readers, and alt.home.repair.

    Same Modus operandi is taking shape here already. Don't let me stop y'all
    from replying - this one has the potential for 300+ deep.



    --

    I kill all Google Group posts, you can too.
    Take back Usenet <--> http://improve-usenet.org
     
    G. Morgan, May 19, 2008
    #16
  17. David H. Lipman, May 19, 2008
    #17
  18. Donna

    Guest

    Re: How to determine if Spector Pro Spyware is running on mycomputer?

    On May 19, 1:23 pm, "David H. Lipman" <DLipman~>
    wrote:
    > | I've seen this individual trolling in several other NG's including
    > | alt.comp.freeware, news.software.readers, and alt.home.repair.


    G. Morgan is an idiot.
    He can't stand it when people have manners and use the groups
    properly.
    I googled for these posts and found them all to be reasonable and
    informative with pictures and URLs and phone numbers all.
    They are limited to certain newsgroups. They are all on topic. They
    all are cheerful and attentive.
    What Morgan doesn't like is the system working. He really can't stand
    when it works well.
    Look up HIS posts for example.
    He's got nothing to offer except to malign good people's reputations.
    Idiot.
    G. Morgan is an idiot.
     
    , May 19, 2008
    #18
  19. From: <>



    | G. Morgan is an idiot.
    | He can't stand it when people have manners and use the groups
    | properly.
    | I googled for these posts and found them all to be reasonable and
    | informative with pictures and URLs and phone numbers all.
    | They are limited to certain newsgroups. They are all on topic. They
    | all are cheerful and attentive.
    | What Morgan doesn't like is the system working. He really can't stand
    | when it works well.
    | Look up HIS posts for example.
    | He's got nothing to offer except to malign good people's reputations.
    | Idiot.
    | G. Morgan is an idiot.

    The information I have seen "G. Morgan" post is contrary to what you state.

    You both have rights to your respective opinions.

    The difference is Google Groupers don't have the credence of those who use News Clients.

    BTW: Keylogger questions are indeed OT for alt.internet.wireless which negates your
    statement.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, May 19, 2008
    #19
  20. Donna

    G. Morgan Guest

    Someone Else wrote:

    >>I've seen this individual trolling in several other NG's

    >
    >You claim this person is the same as you've seen elsewhere. You
    >claim this person is not Donna. What do you see in the headers
    >that matches the troll you've seen?


    Do your own research if you're that interested. Use 'her' old nym for
    Google's archive though.

    <>

    http://groups.google.com/groups?as_...81&as_maxd=19&as_maxm=5&as_maxy=2008&safe=off
    --

    I kill all Google Group posts, you can too.
    Take back Usenet <--> http://improve-usenet.org
     
    G. Morgan, May 20, 2008
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kaindia

    Spector pro 4

    Kaindia, Feb 2, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    4,664
    cderenberger
    Dec 14, 2007
  2. Harvey Haswood

    MS Anti Spyware been running since yesterday

    Harvey Haswood, Aug 3, 2005, in forum: Computer Support
    Replies:
    6
    Views:
    394
  3. PeterOut

    spyware.bearshare found by "Spyware Detector"

    PeterOut, Oct 27, 2007, in forum: Computer Support
    Replies:
    21
    Views:
    962
    Dustin Cook
    Nov 13, 2007
  4. PeterOut

    spyware.bearshare found by "Spyware Detector"

    PeterOut, Oct 27, 2007, in forum: Computer Security
    Replies:
    18
    Views:
    1,006
    Jim Watt
    Nov 14, 2007
  5. dfinc
    Replies:
    1
    Views:
    924
    Kayman
    Jan 23, 2009
Loading...

Share This Page