?
Solved

how to detect spy-ware

Posted on 2003-02-20
11
Medium Priority
?
394 Views
Last Modified: 2010-04-11
i just found out my password had been stolen, and i think the most likely reason is there was some activity logging software in the public computers. how can i detect these spies?  
0
Comment
Question by:foxroom2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 7993166
The best product is Adaware:
http://www.lavasoft.com

Run it and it will find all these vermin that steal your stuff...
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7993182
Sorry, wrong url

http://www.lavasoft.nu

0
 

Expert Comment

by:mjelwood
ID: 7993227
Another good Spybot removal program is Spybot Search & Destroy by PepiMK Software.

http://spybot.eon.net.au/

I would suggest using both the Adaware and Spybot. Each of them will pickup Items in which the other missed. Install and run both of them. They both seem to very well. Enjoy

Michael
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Expert Comment

by:Da5id
ID: 7993421
Although those two will work if the system has commertial spyware installed, this is unlikely to be the problem. I think it is more likely that someone has loaded up a keystroke recorder. Simple versions of these simply write each keystroke to a hidden txt file, however better ones will store all keystrokes in ram and only write to file occasionally in order to make detection more difficult. If they are good you will not be able to detect them however for simple ones try viewing the processes or programs running on the computer and look for anything suspecious. Good ones will hide themselves, have different names etc.
Goodluck
Tris
0
 

Expert Comment

by:el_burizone
ID: 7993861
Try also www.pestpatrol.com.
But: There's also another method to monitor, what you are sending to the net: I.E. Man-in-the-midle. There is a computer (usually) proxyserver, which can easily catch all traffic from tha whole lan, you are connected to. There is one more easy way to monitor the traffic on the lan and it is called sniffing. This can be done also easily, but not so easily as being man-in-the-middle. These cannot be detected (you simply must presume that someone is monitoring your net activities). They can see everything you do, pages you look at, your icq commmunication, your login/passwords etc. etc.  And there are not many things you can do about it. Fullstop.
0
 
LVL 10

Expert Comment

by:LRI41
ID: 7994337
In addition to the three programs cited, Ad-Aware,
Spybot and Pest Patrol which I use all three, you
might also want to take a look at:

Lockergnome Windows Digest] Bullhead Graffiti and the Nucleus  
Date: 2/15/2003 11:52:54 AM Pacific Standard Time

Spyware-Guide.com

http://www.spywareguide.com/

{Guide to stopping spies} Spyware Guide provides information about
spyware and adware, something we all despise, right? OK, who
shouted, "No?" You must write spyware. If not, e-mail me; I've
gotta meet you. The site does clearly state that it does neither
agrees nor disagree with the makers of spyware or adware software,
and it is NOT a sounding board for debate. It's there as a
resource to serve the Internet community. Recently, two spyware
programs attacked me; one was from a program that I was testing
for you Gnomies (which I immediately removed it from the review
list), and another came out of nowhere. I looked them up and this
source listed one of them, explaining what it is and how to squash
it. I dropped a line to the folks behind the site telling them
about the second piece of spyware that I encountered, and maybe
it'll be posted soon. Especially nice is the Blocklist File
download [

http://www.spywareguide.com/blockfile.php

] and the list
of companies who create spyware and malware. Take a bite out of
spyware! [Meryl]




...list of known spywares, how to remove them, who is a maker, and more

http://www.spywareguide.com/

Spyware guide was created to provide an all inclusive resource to spy ware applications, what they do and how they’re used. These resources include: which software applications can detect and defeat spyware, an extensive database of all known spy ware applications and contact information. Take the time to create a username and password to take advantage of these and many more features of Spyware Guide.
·     Spyware Guide has a large frequently asked questions (FAQ) library that’s easily searchable with down to earth terms that will help you understand
·     Spyware Guide has provided the largest database of spyware applications for you to search and become more informed. Each information is crosslinked, so you dig around for related information if you want.
·     Want to inoculate your Pc against malicious ActiveX components? Check the latest Spyware BlockList File
·     Don't forget our hand-picked and categorised privacy products section.
We answer our email. If you’ve discovered something, a spy ware application or if you need to know more information about a term or how it works. Then feel free to drop us a note. Spyware Guide will help.

:  http://www.spywareguide.com/  On main page check also "Blocklist File Download" link.  

Spyware Block List File
What and Why?
Tired of all that Spyware and Adware crap being installed by ActiveX ?
But don't want to loose out on functionality?
We have created a system that blocks all known "bad" ActiveX controls from running inside Internet Explorer by setting the "Kill bit".
When a page tries to install a component from our list, it will fail.
When a page tries to use a component from our list that was already present on your system, it will fail too!
Other, "friendly" components are not affected.
Download and Installation
The best part of it is that we can pull this off without any programs running on your Pc, without even having to run a program to install the block list! All you need to down is download the -small- registry file below (Right-Click, choose "Save As...") and then double click it to enter it into the registry and activate the protection.
 Download Now!
Last Update: 2003-2-12 20:10:52
Check back here often!


I haven't used this one yet.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 7996901
Interesting. I've heard pro/con on all. Adaware seems more commonly popular but not best, but I run none yet, so I'll make no vote, other than to try something of the above since you are interested. My next curiousity would be best way to kill MS messenger, IM, etc., when I have to reload OS frequently (and bring them new life). These get me as many popups as I get on surfing to 'bad' sites. Even though I've disabled many such IM functions in registry.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 7996920
> i just found out my password had been stolen

Sorry, had minor distraction of the comments there. In end, Run a rebuild of your PC is in order, apply all patches for hacks, and install firewall like ZoneAlarm to cut the traffic to and from your PC.

You have cable? This is getting common where people in same neighborhood have gotten SW to read the wire, so it may be that you are in a network promiscuos mode. More likely they've wun a hack on your IE or IM, and if you want that stopped, wou'd best consider an alternative to each, such as Opera or NetScape.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 7996931
OS makes a difference. For forensics, try BlackIce, and if you run NT family you should review its event logs to find out what the computer itself knows has been going on. Do not forget to change passwords frequently, and make both ID and password as long in length as you can.
0
 
LVL 5

Expert Comment

by:zenlion420
ID: 9816057
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

PAQ - no points refunded

Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

zenlion420
EE Page Editor
0
 

Accepted Solution

by:
YensidMod earned 0 total points
ID: 9863218
This question is PAQed  and no points refunded (of 25).

YensidMod
Community Support Moderator
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A look at what happened in the Verizon cloud breach.
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question