Remote Spying? Does this need "removal"?

AFTerry
AFTerry used Ask the Experts™
on
I donwloaded Gem for Onenote. "OneNote Gem"
at  http://www.onenotegem.com/onenote-gem---favorites.html
and I had a problem with an element called "Keyword Tags."
[as you apply keywords into OneNote this add-in places them in a pop-up window].  
See: http://www.onenotegem.com/onenote-gem---keyword-tags.html

The problem is that I hit the button and when the window popped open I could not see any items listed.  It had worked when installed, but now it wasn't].

THE POINT:  On the support page you can IM the creator.  I did.  "James" asked me to send him a screen shot, I did.  He wanted the page with the "keyword," so he could see if I did it properly [ it requires this:  {"the keyword"} ... and a screen shot of the blank pop-up window.  I sent that using Snagit 11.  He sent me back an email [see attached file].  The first image is the one that I sent him -  a keyword in braces and a blank pop-up window.  THEN I SAW, attached to his email, several screen shots I DID NOT SEND!  And in these I could read the keywords that were not visible in my screen shot that I sent to him!  WORSE -- what was written in english on my screenshot, in the background, which was not relevant to him, had been translated into chinese [I think].

Please help... what is this?  Do I have to notify anyone?  Who would I notify?  Panda Cloud Cleaner showed no vulnerabilities, no virus, or trojans.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
there is no attachment
TeksquisiteSecurity Technology Editor
Commented:
A huge red flag = The company discloses very little information and has no privacy policy or TOS.

The owner is from China

If I was you, I would upload the add-on to Virus Total

Are you able to post the screenshots?
Yea dude I would say wipe your system and start from scratch / reinstall OS, also change your passwords.  Sounds like there may be some social engineering going on there along with some potentially nasty malware on your system.  Remember just because your AV doesn't pick it up, doesn't mean its not malware.  AV only pick up certain signatures and / or behaviors.  Many ways to avert the AV...  Hope this helps!
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Seems kind of fishy to me. Considering where there from and what reputation China has on the malware market I would definitely suspect some misuse of information and possible illegal remote access. I would ditch the software. Usually if the user has not been verified to be a legitimate seller and developer its would be recommended to cut your loses and file a report with the FCC or someone like Microsoft Digital Crimes Unit.

http://www.microsoft.com/en-us/news/presskits/dcu/
http://www.ic3.gov
http://www.fbi.gov

Author

Commented:
Wow!  I want you to see the attachment so I can inform MS Digital crimes more accurately.  But this is not right.  Not right.  I sent him a screen shot without "tags" and he sends back screen shots with "tags" visible TO HIM.  

So do I wipe wipe the drive and use another 1 TB WD HD I have spare?  I use Acronis back up and I have a good copy from before I installed the program 9 days ago!

They use OneNote?  If it's true, I would think MS was all over this.. or will be.

Thanks
Gmail---Screenshots-Sent-without.pdf
AFTerry,
I don't have the time right now to look at the PDF itself. Though I will take a look at it in the morning. MS uses OneNote, of course. If you don't have anything to lose you can wipe it, though I would not recommend it unless you are in a time bind and can't afford a better look to find out what it is that is doing it and remove it properly.

In the morning I'll give you a site to send the program for them to analyse the program that supposedly did this and they can tell you themselves what they find and its behaviour. In the meantime I would check your process list and try to identify anything unusual and out of the norm.

Meantime, you can read this article and run the diagnostic tool listed. Its also on the tool I made at the bottom of the article and post the log it gives. I have had many years of fighting malware and have yet to find one I can't defeat.

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_10722-Links-Tool.html

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial