Needed experience

Discussion in 'privacy problems' started by neologic, Nov 15, 2010.

Thread Status:
Not open for further replies.
  1. neologic

    neologic Registered Member

    Joined:
    Nov 15, 2010
    Posts:
    2
    I have a user that believes they have spy software installed on their computer and I need some help to determine if they do and possible track where its sending, if any data out. Usually, I would just either replace the machine or reimage but this has some legal ramifications if its true. The machine is running the latest version of KAS and is Win7 Ent.

    When I do a netstat -b with nothing running I see this.

    [lsass.exe]
    TCP 10.1.4.125:49355 tennesse-2f72ca:13000 TIME_WAIT
    TCP 10.1.4.125:49357 65.55.53.190:http TIME_WAIT
    TCP 10.1.4.125:49359 65.55.53.156:https ESTABLISHED

    after a few minutes it goes away. It always goes to that ip with I believe is Hotmail but the service using it changes. Last time it was outlook.exe and before then it was avp.exe.

    So now when I see that connection I start wireshark to capture the data but its going across https so it should be encrypted...

    Any advice?
     
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Does this situation allow for help from malware removal forums or is it an internal only issue (security concerns)?

    Mike
     
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  4. neologic

    neologic Registered Member

    Joined:
    Nov 15, 2010
    Posts:
    2
    For now I think I'm ok reaching out. The security concerns would be personal not business related.
     
Thread Status:
Not open for further replies.