How to determine if Spector Pro Spyware is running on my computer?

Discussion in 'Computer Security' started by Donna, May 18, 2008.

  1. Donna

    G. Morgan Guest


    Thanks David, on a side note... I bookmarked one of your pages just yesterday
    on the topic of security. Thanx for that>>
    http://www.claymania.com/removal-trojan-adware.html
     
    G. Morgan, May 20, 2008
    #21
    1. Advertisements

  2. Donna

    Sebastian G. Guest


    If you carried these out, then... well... you spent a lot of time for
    achieving absolutely nothing.
     
    Sebastian G., May 20, 2008
    #22
    1. Advertisements

  3. Donna

    G. Morgan Guest

    Ahh Sebastian, I've read your stuff. Your the one who thinks a clean
    re-install is the only way to remove crapware, eh?
     
    G. Morgan, May 20, 2008
    #23
  4. Donna

    Sebastian G. Guest

    G. Morgan wrote:


    Not if you have a decent backup. At any rate, this is not a matter of
    opinions, but simple scientific facts.
     
    Sebastian G., May 20, 2008
    #24
  5. Donna

    Kayman Guest

    Just ignore this person! He has wealth of knowledge but is incapable to
    pass it on to those in need. He does not believe that newsgroups should be
    used as a vehicle to provide (specific) assistance, go figure.

    Reformatting of HDD is the preferred course of action!

    "The only way to clean a compromised system is to flatten and rebuild.
    That¢s right. If you have a system that has been completely compromised,
    the only thing you can do is to flatten the system (reformat the system
    disk) and rebuild it from scratch (re-install Windows and your
    applications)..."
    http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

    There are however a number of reasons where this may not be possible and/or
    achievable. Not everybody is technically apt to so or has an 'savvy'
    acquaintance who may be able to assist. There are many users who don't live
    in cities but reside in less developed environments where professional help
    just does not exist. They may find the procedures as per:
    http://michaelstevenstech.com/cleanxpinstall.html
    too overwhelming and shy away from the perceived complexity.
    The procedures as per:
    http://www.claymania.com/removal-trojan-adware.html
    (especially David's MULTI_AV Tool) have had helped solving uncountable
    users over many years. And is IMO the next best thing to flatten and
    rebuild an operating system. Moreover, the best to my knowledge, David
    never has never denied anybody reasonable assistance figuring out malware
    challenges.
     
    Kayman, May 20, 2008
    #25
  6. Donna

    Jim Watt Guest

    <snip>

    Albeit the bitching is interesting, nobody seems to
    have actually answered the original question ...
     
    Jim Watt, May 20, 2008
    #26
  7. Donna

    G. Morgan Guest

    [alt.internet.wireless] removed from x-post
    Well I would have to argue that it *is* a matter of opinion. I have
    personally resurrected many a machine from the brink of uselessness by
    applying (freeware) solutions. The one-two punch of Adaware, and SpyBot S&D
    is often all it takes to clean an infected PC.

    While I do agree that a re-format/install is best, it's not always feasible to
    do so. There is nothing wrong with David L's techniques as a first step.
    "Flattening" the system is a last resort.
     
    G. Morgan, May 20, 2008
    #27
  8. Donna

    G. Morgan Guest

    [alt.internet.wireless] removed from x-post
    Of course not, everybody knows that newsgroups are for downloading porn. ;-)
    Agreed. Another reason not to re-build is when the client does not have the
    installation media for everything needing to be re-installed.
     
    G. Morgan, May 20, 2008
    #28
  9. Donna

    Sebastian G. Guest


    Calling trivial facts bogus is the reason why you should better shut up.
     
    Sebastian G., May 21, 2008
    #29
  10. Donna

    Sebastian G. Guest


    No, you didn't. In fact, it's likely that they're still compromised.

    Gotta laugh even more. These tools are absolutely useless, since even at
    perfectly clean machines they're claiming a lot of nonsense. How should they
    even provide any useful information about a system that actively lies to them?
     
    Sebastian G., May 21, 2008
    #30
  11. Donna

    Kayman Guest

    Now, even if a certain Sebastian Gottschalk from .de is spewing snipes
    proclaiming that using David's Multi-AV to clean operating systems isn't is
    accord with (his) scientific facts...the pragmatic/realistic proof is in
    the pudding. Users living in the Islands, Booneys, Bush, Outback, Beyond
    the Black Stump etc. don't need your claptrap and don't care for your
    condescending manner. As a frequent lurker in various pertinent newsgroups,
    I haven't seen one post where David's Multi-AV wasn't helpful and
    beneficial.

    So, Sebastian Gottschalk of .de, go and stick your scientific facts in one
    of your bodily cavities, save us from your snipes and keep your
    grandiosities within the circle of your associates in the sophisticated
    milieu of Berlin. (You are a prime example of German arrogance but your
    like minded buckos wouldn't know, now would they?).
     
    Kayman, May 21, 2008
    #31
  12. Donna

    G. Morgan Guest

    Yes, I did. No they're not.
    Like a mental patient I'm sure.
    That's not been my experience. I've run both on brand new images of XP SP2 &
    3 and got -zero- false positives.

    So, being the "scientist" you are I'm sure you will now be offering the proof
    of your hypothesis. I will be waiting.
     
    G. Morgan, May 21, 2008
    #32
  13. Donna

    Sebastian G. Guest

    ^^^^^
    Proof that you're an idiot.

    There is none. You cannot proof that you've cleaned the system just by the
    absence of obvious signs.


    Of course, since those fools don't understand the meaning of system
    integrity. It was helpful insofar that it seemed to cure the symptoms, but
    it never restored the system to a well-defined state, leaving all future
    work unreliable and potentially compromised.
     
    Sebastian G., May 21, 2008
    #33
  14. Donna

    Sebastian G. Guest


    Trivial counter-proof of your statement: Universal trojan horses exist.

    Question: What's the difference between a brand new image and a well secured
    and hardened system?

    Trivial: Just change
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath
    and it will complain that something isn't right.
     
    Sebastian G., May 21, 2008
    #34
  15. Donna

    G. Morgan Guest

    Universal Trojans? What the heck are you on about now? I said AA and SBS&D
    could (and does) remove a lot of malware making the system clean again. Sure,
    not one size fits all. Nobody has invented a one-stop shop for cleaning
    crapware.

    What is this, an interrogation? A brand new image of XP would be the state
    the system is in as soon as Setup is complete.

    A well hardened system would be that image + a good A/V w/updates and a
    firewall running before the system becomes a node on the (Inter)network.


    Of course a good scanner is going to detect a change in the location of HOSTS,
    I fully expect it to.


    Now, what about your claim that SBS&D and Ad aware detect false positives on a
    brand new XP install? <-- *brand new* meaning no editing of the registry
    before scan (especially something as critical as the location of HOSTS)
     
    G. Morgan, May 21, 2008
    #35
  16. Donna

    Sebastian G. Guest

    G. Morgan wrote:


    And if the malware is an universal trojan horse, the system will remain
    infected, albeit appearing clean. So stop claiming the contrary. Most
    malware implementations are universal trojan horses.


    Bullshit. Not just that something like "good A/V" doesn't exist (both by
    design and by availability), it's far away from being a security
    improvement, and even further away from hardening.

    But once again: I have setup a system that is provably clean, but not in a
    fresh state. I have AdAware and Sypbot S&D run over it, and it claimed
    multiple infections and security issues, which were provably nonsense. Your
    example of how it behaves on a fresh systems doesn't disprove my claims at all.

    Nonsense. HKEY_LOCAL_MACHINE is read-only to normal users, so this change
    must have been applied by an administrator.
    In fact, it was done exactly so for a better management of ACLs, grouping
    together various relevant files for which one specifically limits access to
    NT-AUTHORITY\SYSTEM and 'named' only.

    And this was only one example. It also claims some group policy settings
    (which improve security) as issues, noises about cookies with a DOMAIN
    attribute (albeit the webbrowser is configured to not care about it), and
    even complains about some known good software (like FlashGet).

    Or did you ever try the "immunization" function? It spams the registry full
    of useless CLSIDs, fails to do so on HKLM, claims success, then reports
    incompleteness on next run, and tries again. WTF?

    Not gonna mention AdAware. One does need a test machine just to get around
    the broken installer (which tries to write some temporary files to
    %SystemRoot%\system32), and then it presents you with an almost empty GUI
    (since it tries to use a MSHTML style GUI without even checking if rendering
    pictures is active), and then pulls of shit similar to Sypbot S&D.


    This claim is merely a fiction of yours, or your inability to read and
    understand.

    Aside from that, why can't it detect the most obvious security issues of
    such a fresh install?
     
    Sebastian G., May 21, 2008
    #36
  17. Donna

    Kayman Guest

    Ah, So typical and predictable. You must be running out of arguments.
    I only wish you'd meet some of them Outback "fools" face to face...
    Now we know. To quote H.L.Mencken:"Puritanism: The haunting fear that
    someone, somewhere, may be happy."
     
    Kayman, May 21, 2008
    #37
  18. Donna

    Sebastian G. Guest


    Another proof that you're an idiot. You're claiming trivial scientific facts
    as solely my facts, which is exactly your lack of arguments.


    Yet another proof that you're lacking arguments.

    I do. And interestingly most of them know what they're doing wrong, and
    typically beg for the consequences not happening.

    If you would bother to understand what an universal trojan horse is (and
    feel ashame that you ever dared operating a computer without the most basic
    knowledge), then you might get a clue where to place reasonable assumptions.
    A compromised system, by definition, remains compromised until it returns
    into a well-defined state. Changing the state based on assumptions about the
    current state can't achieve that. But well, that's just trivial math...
     
    Sebastian G., May 21, 2008
    #38
  19. Donna

    Donna Guest

    Why so suspicious.

    Actually, in hindsight, I wish I knew how programs figure out exactly who
    is running them. This Spector program, which I apparently don't have on my
    system based on the help here, apparently wires back home who is using it.

    How does it do that? (Is this a right group to ask that question?)

    It's a privacy spying computer security internet issue.

    I'm assuming it keys off the MAC ID, which can easily be changed.

    In general, how does a program (such as Spector) know EXACTLY who is using
    it and on what computer? Is it the MAC ID or something else that it keys
    off of?

    D
     
    Donna, May 21, 2008
    #39
  20. Donna

    Donna Guest

    And better yet, could we all foil such keyloggers simply by changing
    whatever it is that it uses to key off of?
     
    Donna, May 21, 2008
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.