Solved

"Ghost" typing incident - virus?

Posted on 2006-06-21
14
978 Views
Last Modified: 2013-12-04
Very odd thing happened to a client of mine a couple days ago and I have not been able to find anything searching on it.  He was typing an email in his email client (GoldMine 6.7 Corporate edition) and all of a sudden, "someone" else was typing as well.  Here is the email that was being typed: (ghost typing is inside *** markers)

Dear Ana,
 
Please s***He's in news in*** ee the attached  file for a corrected universal life (UL) policy.  I noticed an the error on the version I left with you last Thursday.   You will see that the recommend funding is $2,567 and th***>you still see the design of the UCLA designs and he's no of one) . This new study on the site in the year , the navy officer is based on the island in this new diet and you're looking at this is really weird that will license that will allow you to fill the activity at centennial of my youngest of this happening at the beginning of an incentive to stay home and the answer on radio in this case where the 7.77 billion yen, and I had my e-mail to one of the best in the San Jose ....................***e min. $1,366.  As I mention if you select the UL you will want to funding the recommended vs term insurance which is less costly.
 
You ***city and all the U.S. and Japan*** can have a buy-up rider that will allow the purchase of an additional $45,000 in insurance without underwriting.  But I would decline on this rider, it's not worth the cost for the little additional coverage .   We can just re-issue a new policy in the future or increase this policy's death benefit.
 
Thanks,
Paul

Notice how the ghost typing seems to be random phrases stuck together.  I have not been able to look at the computer yet as he has not been available, but when I do, I'd like to have something to look for, but right now I really have no ideas other than it could be some virus.  Thanks.
0
Comment
Question by:jtgerdes
  • 4
  • 2
  • 2
  • +4
14 Comments
 
LVL 16

Expert Comment

by:Wadski
Comment Utility
Hi there jtgerdes,

The first thing I would do is run an AV scan and Spyware scan on the PC.  Maybe consider removing it from the network too as if its spamming keystrokes it may be divulging important information out.

Once you have removed any spyware/malware/virus/trojon on there leave it and see if it happens again.

Wadski
0
 

Author Comment

by:jtgerdes
Comment Utility
Yeah that's what I told him to do - take it off the network.  And when I get a chance to look at the computer the first thing I'll do is run a virus scan, but I was wondering if anyone has seen this specific issue and had any insight into what it could be.  Thanks.
0
 
LVL 32

Expert Comment

by:r-k
Comment Utility
That's a new one. Don't have a clear answer but it does seem like one of those spam bots that may be generating random phrases and somehow (perhaps by accident) those are getting mixed into your client's email. Will be very interesting to see what it turns out to be. Please do post an update.

He isn't running VNC or some similar remote control software, by any chance?

0
 

Author Comment

by:jtgerdes
Comment Utility
Well I still haven't gotten a chance to look at it.  I had told them to run a virus scan on it when they first told me about it and in talking to them today that apparently found some viruses but they didn't know which ones.  If I ever get to look at it or they still have issues with it, I'll post an update.
0
 
LVL 10

Expert Comment

by:GuruGary
Comment Utility
Is your client using a wireless keyboard?  My guess is that they are.  I have seen a very similar scenario a few times.  Each time the user has been using a wirelss keyboard, somebody in an adjoining office also had a wireless keyboard (or mouse with pointer movements being taken over), and it was intercepting a neighboring wireless keyboard / mouse that uses the same frequency.

If on a wireless keyboard, replace with a wired keyboard to see if the problem goes away.  If that is the problem and the user wants to continue using a wireless keyboard get one with a shorter range.
0
 
LVL 32

Expert Comment

by:r-k
Comment Utility
GuruGary - very interesting. Obvious once you explain it!
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:jtgerdes
Comment Utility
Actually I can pretty much guarantee that that is not the issue - you have to look at what the "ghost" typed.  If it actually flowed and made sense then that could be a very logical explanation.  However, if you look at it, it is a bunch of nonrelated phrases put together in one long string.  Much more typical of a spambot virus than a diligent coworker in the next cubicle over.
0
 
LVL 1

Expert Comment

by:Sentinel8o
Comment Utility
well if the signal was dropping off and on then it would explain the nonrelated phrases. But i would think it was trojan/virus. what os is the client running? type of antivirrus? firewall enabled?
0
 
LVL 3

Expert Comment

by:ola_erik
Comment Utility
Hmm, quite interesting. In the paranoid corner of this issue there might be a malfunctioning keylogger releasing some of its content to the machine.

Im at a Uni where keyloggers actually have been found in the student PC rooms.

http://www.keylogger-hrd.com/
0
 
LVL 10

Expert Comment

by:GuruGary
Comment Utility
Did you ever find out if the PC was using a wireless keyboard?  That is still my guess, as I have seen the same scenario more than once.
0
 

Author Comment

by:jtgerdes
Comment Utility
I like the hardware keylogger idea - that's a new one to me, never heard of them before.

Without having the luxury of actually seeing the computer(the client is in Houston and I'm in the midwest) or being able to log in to look at it (they're like "it's working now so we don't have the time for you to login"), my opinion is that it was a trojan gone wacko.  If you look at the email that was being typed (at the very top of the thread), you will notice that multiple disconnected phrases are inserted in the middle of a word.  So it's not like he finished a paragraph or even a sentence and then his neighbor's wireless keyboard was typing away on his PC in the mean time.  You really have to study the example to see it, but when you do I really think it's quite obvious that it's a mass emailing virus or trojan gone wacky.
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
Comment Utility
PAQ / Refund
ee ai construct, community support moderator
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Join & Write a Comment

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now