Friend's Computer being SPYd?

Discussion in 'privacy problems' started by cmij, Dec 5, 2003.

Thread Status:
Not open for further replies.
  1. cmij

    cmij Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    6
    For all my years using computers, I'm ashamed to say I really know nothing about security. But my friend is having a problem, and it worries me because we share the same internet connection - every e-mail he sends from his computer gets sent to his ex-girlfiend's e-mail and also to some bitch friend of hers who then replies to him with snide comments like "oh, wouldn't Kim like to know about this?!!"

    He has used different e-mail servers, changed his passwords, all to no avail. Recently, he claims to have had some photos in his "my pictures" folder go missing - as in wiped off the drive - nowhere to be found.

    I have no answers for him. I would love to get to the bottom of this. My brother-in-law sent me here. He thinks someone sent him a "spy card." Can someone help?
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    There are a couple different approaches that can be taken to investigate this problem. The first involves scanning the system for malware (viruses, trojans, backdoors and keyloggers mainly). Does that system have any Anti-Virus software on it and is it maintained? If not, your friend needs to get something. An evaluation of some Anti-Virus and perhaps a separate Anti-Trojan would be a good start at analyzing what's on that system.

    Perhaps the first thing to try is an online virus scan such as the Panda Scan. These types of scans run right from your browser when you go to the scanning website. See this page for a link to it and others:

    http://www.wilders.org/free_services.htm

    Also, an evaluation of either of these two different Anti-Trojan packages could be really helpful: Trojan Hunter or TDS-3.

    The other approach (though it is best to do the above first, then follow this second recommendation) is to run a tool called HijackThis and post a log here for analysis by the experts. See this thread about what to do:

    https://www.wilderssecurity.com/showthread.php?t=15913
     
  3. cmij

    cmij Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    6
    Thank you! I will do all those things. I forgot to mention too, he's been complaining that something is "recording" evertything he types on his computer.

    So there must be some kind of keylogger on his machine. Wow. OK, I can't believe I'm just learning about all this stuff. I will also run HijackThis and post it.
     
  4. libbo1

    libbo1 Registered Member

    Joined:
    May 28, 2003
    Posts:
    123
    Location:
    florida
    A keylogger wud explain things, but that is a lot of info for the spy to decipher!

    How about a email password change?
     
  5. cmij

    cmij Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    6
    He's tried that - several diffent e-mail accounts and password changes almost daily.
     
  6. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :) Here's an idea you might try to determine whether there is a resident keylogger or spyware on his machine. Get him to open a new email or webmail account. There are plenty of free ones. Tell him not to use his other accounts to send mail for awhile. See what happens??

    If you have already tried this and his mail is still being redirected then it's a sure bet that the ex-girlfriend installed some resident spyware program before she became an ex. She may have been spying on his online activities from the start of their relationship. Jealousy has many faces.

    Make a record of the steps you use to remove this problem and what it did before you started fixing it. It is a sure bet that what she may have done is a crime and he can take her to court. ;)
     
  7. cmij

    cmij Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    6
    He did try different Web mail accounts and changed his passwords regularly. He still had the problem - nothing he did made it stop. So from this we can tell that someone installed spyware on his machine.

    I have now removed it with X-Cleaner.

    The question is, how? Did it require someone having actual physical contact with the machine here in our house? Or could it have been done remotely? He says he never downloads attachments from anyone he communicates with online.

    She has a friend who is computer literate. And it was this person who was also intercepting his e-mail and making snide responses to it. Maybe this person gave the girlfriend something to install while he wasn't at home? The ex most certainly had physical access to the computer.
     
  8. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hey cmij

    Did he check the back of his computer for any device added between keyboard and tower?

    Was reading an article about a guy whose ex wife planted some device on back of his computer to log his keystrokes.

    I have a programme installed on my box called SPYCOP.

    Very good just for this type of thing. It already caught some keylogger thing on my box about 6 months ago.

    Maybe your friend should look into SPYCOP.



    Snowbound
     
  9. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    o_O or maybe the friend should call a real live cop and lay a complaint. That is a real nasty piece of work if something was physically done to your friend's computer by an ex for vengeful purposes. :mad:
     
  10. cmij

    cmij Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    6
    I think I've gotten rif of the problem. X-Cleaner found some things and removed them. I downloaded and installed the Sygate Personal Firewall I use, ran a Trojan Horse killing program, it found nothing.

    I'm going to run HijackThis and post it, but how does this sort of thing get installed in the first place? How does Spyware end up on someone's machine?

    My friend says he never downloads attachments unless he knows what it is. Can it happen from Instant messaging? This hacker <snip> did send him a photo - could malicious code be embedded in there?

    I've also read about programs that allow a remote user to control a person's machine. Could she be using that? Because I still don't know how the photos in his MY Documents folder got erased.

    edited one word out to keep it clean - Detox
     
  11. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :) Hello again,

    If you feel and want to press charges be sure to have an itemized accounting of everything, including times and dates, of what was done with the PC and the email, both by him and by her and her friend. Make it as complete as possible. If he has deleted everything to do with this then the best you can do is either trap them using this stuff again or clean the spywares all off. You can indeed still report this to your local police. Spywares used by an individual to spy on another individual may be equivalent to illegal wiretapping. It's a crime, in my humble opinion, but the laws in your area have precedence.

    On the other hand if you find a physical device, as suggested above, then even if he deleted much of what happened in his email, he can describe what he experienced in his own words, and also have the logs of what spywares you found and removed. Then report it to the police. They will know, far better than us, what to do next.

    Spywares can be embedded within other programs you download from the Internet. When you install these programs, the embedded spywares are also installed. Another way is for someone to hack into the computer while it's online. The third way is to have physical access to install a hidden program. This is my general understanding. I am not a computer expert but I do professional security and paralegal work. :D


    Best regards
     
  12. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :D Just remembered,

    Link to SPYCOP

    Good Luck! ;)
     
Thread Status:
Not open for further replies.