I found a receipt in my husband's credit card bill for something I think
might be something called Spectre Pro Spyware wireless keylogger.

I presume the software must "phone home" somehow the keylogging activity.

Is there any way, perhaps by looking at network activity, that I can tell
if my husband bought it for use on my winxp computer?

Donna wrote:
> I found a receipt in my husband's credit card bill for something I think
> might be something called Spectre Pro Spyware wireless keylogger.
>
> I presume the software must "phone home" somehow the keylogging activity.
>
> Is there any way, perhaps by looking at network activity, that I can tell
> if my husband bought it for use on my winxp computer?

Dear, Dear, Dear - you don't trust him - he doesn't trust you
......suggest the answer lies not in the Software - but in a heart to
heart talk?

..or even a Marriage Guidance Counsellor ...

best wishes for the future

On May 18, 10:57*am, Donna <donnaoh...@yahoo.com> wrote:
> I found a receipt in my husband's credit card bill for something I think
> might be something called Spectre Pro Spyware wireless keylogger.
>
> I presume the software must "phone home" somehow the keylogging activity.
>
> Is there any way, perhaps by looking at network activity, that I can tell
> if my husband bought it for use on my winxp computer?

It is all suspicions but anyway;

To elminate keyloggers, download and install "Spybot search and
destroy" to scan your system.
To sniff network activities, download and install "Ethereal"
http://www.ethereal.com

For other issues above, Ask Dr. Phil http://www.drphil.com ....!!

all the best.

-aljuhani

aljuhani wrote:


> To elminate keyloggers, download and install "Spybot search and
> destroy" to scan your system.


A lot of people still believe in scanning. Quite sad. Even further,
considering what Spybot S&D claims about a provably clean and secured
system, it would be even more useless on a surely infected system.

But what qualification of security expertise should we expect from someone
who's abusing MSIE as a webbrowser...

On May 18, 2:42*pm, "Sebastian G." <se...@seppig.de> wrote:
> aljuhani wrote:
> > To elminate keyloggers, download and install "Spybot search and
> > destroy" to scan your system.
>
> A lot of people still believe in scanning. Quite sad. Even further,
> considering what Spybot S&D claims about a provably clean and secured
> system, it would be even more useless on a surely infected system.
>
> But what qualification of security expertise should we expect from someone
> who's abusing MSIE as a webbrowser...

We can only suggest available tools.

On Sun, 18 May 2008 05:07:31 -0700 (PDT), aljuhani wrote:

> We can only suggest available tools.

Hi everyone,

I agree that scanning probably won't work because the software runs on a
windows system.

Looking at the disk from another system might work but that would take
daily removal of the hard drive and I'd have to know what to look for
anyway.

I was asking here because I am assuming that the network activity back to
the mother ship would be the weak point in detecting this software.

I'm still convinced there will likely be signature network activity
pinpointing the use of this software - which - by the way - all of you
should also check for. But, what do we check specifically for? And how?

Googling for "Spector network activity" I found this article
http://www.interhack.net/pubs/spector/ which said there is a certain
connection to the domain U2A1376GF-43TY-245B.COM with this software.

May I ask how you would recommend a novice look for connections (perhaps in
the past) to this domain and how to block them moving forward?

aljuhani wrote:

> On May 18, 2:42 pm, "Sebastian G." <se...@seppig.de> wrote:
>> aljuhani wrote:
>>> To elminate keyloggers, download and install "Spybot search and
>>> destroy" to scan your system.
>> A lot of people still believe in scanning. Quite sad. Even further,
>> considering what Spybot S&D claims about a provably clean and secured
>> system, it would be even more useless on a surely infected system.
>>
>> But what qualification of security expertise should we expect from someone
>> who's abusing MSIE as a webbrowser...
>
> We can only suggest available tools.


No, we can also suggest methods and procedures. That is, ensuring that
there's no keylogger in first place.

"Donna" wrote in <news:TiRXj.8983$nl7.1206@flpi146.ffdc.sbc.com>:

> I found a receipt in my husband's credit card bill for something I think
> might be something called Spectre Pro Spyware wireless keylogger.
>
> I presume the software must "phone home" somehow the keylogging activity.
>
> Is there any way, perhaps by looking at network activity, that I can tell
> if my husband bought it for use on my winxp computer?

If this is a shared computer, save all your data files to removable
media. Then reformat the drive. When the husband asks, say you don't
know why the drive got erased except for some strange error message that
popped up saying "Critical system error: Spectre Pro buffer overrun
generated raw disk error." Maybe he'll think twice before he tries to
install it again. In the meantime, get your own computer and lock it
up.

On Sun, 18 May 2008 00:57:41 -0700, Donna <donnaohl26@yahoo.com>
wrote:

>I found a receipt in my husband's credit card bill for something I think
>might be something called Spectre Pro Spyware wireless keylogger.
>
>I presume the software must "phone home" somehow the keylogging activity.
>
>Is there any way, perhaps by looking at network activity, that I can tell
>if my husband bought it for use on my winxp computer?

I would visit there website
http://www.spectorsoft.com/products/SpectorPro_Windows/systemrequirements.asp
and call the support department to find out what the key sequence is
to bring up the application. If it works then you know it is there.

Also you could install and run
Windows Defender (from Microsoft website)
Ad-Aware
SpyBot Search and Destroy.

One of the three should find it if it is there.


You could also get your own copy and put on your husbands computer so
you can monitor his e-mail to see if he is monitoring yours.

Steve B.

On May 18, 3:59*pm, "Sebastian G." <se...@seppig.de> wrote:
> aljuhani wrote:
> > We can only suggest available tools.
>
> No, we can also suggest methods and procedures. That is, ensuring that
> there's no keylogger in first place.

Absolutely agree but needed to define an initial start point.

Now given the nature of such software, monitoring Network traffic
would be the appropriate method to start with.

Donna wrote:

>I found a receipt


Sure you did.....

Going for a new trolling record, "Donna"?

--

I kill all Google Group posts, you can too.
Take back Usenet <--> http://improve-usenet.org

On Sun, 18 May 2008 09:52:54 -0400, Steve B. wrote:

> http://www.spectorsoft.com/products/SpectorPro_Windows/systemrequirements.asp
> and call the support department to find out what the key sequence is
> to bring up the application. If it works then you know it is there.

When I pressed CTRL-ALT-SHIFT-S, nothing happened (that is the default
method of bringing up the program) but according to what I read, the
Spector program can be configured to bring it up using any other key
combination.

I also checked the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
ShellServiceObjectDelayLoad and C:\windows\system32 as described at
http://www.farmfreshmeat.com/2007/04/removing-spector-pro-60-keylogger.html

It doesn't seem to be here. That's good. I'll go to the Spector web site to
see what I can find out about disabling the program anyway, just to be
sure.

On Sun, 18 May 2008 09:52:54 -0400, Steve B. wrote:

> You could also get your own copy

In the spirit of the best defence is a good offense, I went to the Spector
web site to find out something very interesting.

They disable the keylogging software remotely if they find you using it on
another machine. Hmmm... how do they know if you've used it on another
machine.

Taking advantage of that 'feature', all we'd have to do is make our
machines "look" like another machine and the software would disable itself.

Pretty simple. Now, the question is, how does Spector "know" what machine
it's running on? And, how would we spoof that item?

Does anyone know what to do to "spoof" another computer?









Note: Here is their license information saysing what I summarize above:
http://www.spectorsoft.com/support/SpectorPro_Windows/faq.html
The Spector Pro software license agreement allows a user to install on an
additional computer, if the new installation is being done to a computer
that is replacing the original computer which Spector Pro was installed.
The original computer must be taken out of service.

This policy allows customers who are upgrading to newer computers the
ability to continue to use their Spector Pro license with their new
computer. This transfer of the license from an old computer to a new
computer can only be done once. Any installations of a Spector Pro serial
number on more than two computers or on 2 or more computers simultaneously,
will result in the Spector Pro serial number being disabled and the
software being deactivated.

On Sun, 18 May 2008 20:56:58 +0000 (UTC), G. Morgan <no_em@il.invalid>
wrote:

>Going for a new trolling record, "Donna"?

It seems to be a reasonable topic for discussion
and is hardy promoting the product.

What might be nice would be to see some helpful
comments instead of the usual sniping.
--
Jim Watt
http://www.gibnet.com

"Donna" wrote in <news:AAaYj.9093$nl7.7023@flpi146.ffdc.sbc.com>:

> In the spirit of the best defence is a good offense, I went to the Spector
> web site to find out something very interesting.
>
> They disable the keylogging software remotely if they find you using it on
> another machine. Hmmm... how do they know if you've used it on another
> machine.
>
> Taking advantage of that 'feature', all we'd have to do is make our
> machines "look" like another machine and the software would disable itself.
>
> Pretty simple. Now, the question is, how does Spector "know" what machine
> it's running on? And, how would we spoof that item?
>
> Does anyone know what to do to "spoof" another computer?

Oh, so the "problem" wasn't what you claimed it to be in your first
post.

Jim Watt wrote:

>>Going for a new trolling record, "Donna"?
>
>It seems to be a reasonable topic for discussion
>and is hardy promoting the product.
>
>What might be nice would be to see some helpful
>comments instead of the usual sniping.


I've seen this individual trolling in several other NG's including
alt.comp.freeware, news.software.readers, and alt.home.repair.

Same Modus operandi is taking shape here already. Don't let me stop y'all
from replying - this one has the potential for 300+ deep.



--

I kill all Google Group posts, you can too.
Take back Usenet <--> http://improve-usenet.org

From: "G. Morgan" <no_em@il.invalid>


| I've seen this individual trolling in several other NG's including
| alt.comp.freeware, news.software.readers, and alt.home.repair.

| Same Modus operandi is taking shape here already. Don't let me stop y'all
| from replying - this one has the potential for 300+ deep.


Thanx!

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

On May 19, 1:23*pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> | I've seen this individual trolling in several other NG's including
> | alt.comp.freeware, news.software.readers, and alt.home.repair.

G. Morgan is an idiot.
He can't stand it when people have manners and use the groups
properly.
I googled for these posts and found them all to be reasonable and
informative with pictures and URLs and phone numbers all.
They are limited to certain newsgroups. They are all on topic. They
all are cheerful and attentive.
What Morgan doesn't like is the system working. He really can't stand
when it works well.
Look up HIS posts for example.
He's got nothing to offer except to malign good people's reputations.
Idiot.
G. Morgan is an idiot.

From: <execadmin158@gmail.com>



| G. Morgan is an idiot.
| He can't stand it when people have manners and use the groups
| properly.
| I googled for these posts and found them all to be reasonable and
| informative with pictures and URLs and phone numbers all.
| They are limited to certain newsgroups. They are all on topic. They
| all are cheerful and attentive.
| What Morgan doesn't like is the system working. He really can't stand
| when it works well.
| Look up HIS posts for example.
| He's got nothing to offer except to malign good people's reputations.
| Idiot.
| G. Morgan is an idiot.

The information I have seen "G. Morgan" post is contrary to what you state.

You both have rights to your respective opinions.

The difference is Google Groupers don't have the credence of those who use News Clients.

BTW: Keylogger questions are indeed OT for alt.internet.wireless which negates your
statement.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

David H. Lipman wrote:

>The information I have seen "G. Morgan" post is contrary to what you state.
>
>You both have rights to your respective opinions.


Thanks David, on a side note... I bookmarked one of your pages just yesterday
on the topic of security. Thanx for that>>
http://www.claymania.com/removal-trojan-adware.html


--

I kill all Google Group posts, you can too.
Take back Usenet <--> http://improve-usenet.org

G. Morgan wrote:

> David H. Lipman wrote:
>
>> The information I have seen "G. Morgan" post is contrary to what you state.
>>
>> You both have rights to your respective opinions.
>
>
> Thanks David, on a side note... I bookmarked one of your pages just yesterday
> on the topic of security. Thanx for that>>
> http://www.claymania.com/removal-trojan-adware.html


If you carried these out, then... well... you spent a lot of time for
achieving absolutely nothing.

Sebastian G. wrote:

>G. Morgan wrote:
>
>> David H. Lipman wrote:
>>
>>> The information I have seen "G. Morgan" post is contrary to what you state.
>>>
>>> You both have rights to your respective opinions.
>>
>>
>> Thanks David, on a side note... I bookmarked one of your pages just yesterday
>> on the topic of security. Thanx for that>>
>> http://www.claymania.com/removal-trojan-adware.html
>
>
>If you carried these out, then... well... you spent a lot of time for
>achieving absolutely nothing.

Ahh Sebastian, I've read your stuff. Your the one who thinks a clean
re-install is the only way to remove crapware, eh?

--

I kill all Google Group posts, you can too.
Take back Usenet <--> http://improve-usenet.org

G. Morgan wrote:


>> If you carried these out, then... well... you spent a lot of time for
>> achieving absolutely nothing.
>
> Ahh Sebastian, I've read your stuff. Your the one who thinks a clean
> re-install is the only way to remove crapware, eh?


Not if you have a decent backup. At any rate, this is not a matter of
opinions, but simple scientific facts.

On Tue, 20 May 2008 02:24:41 +0000 (UTC), G. Morgan wrote:

> Sebastian G. wrote:
>
>>G. Morgan wrote:
>>
>>> David H. Lipman wrote:
>>>
>>>> The information I have seen "G. Morgan" post is contrary to what you state.
>>>>
>>>> You both have rights to your respective opinions.
>>>
>>>
>>> Thanks David, on a side note... I bookmarked one of your pages just yesterday
>>> on the topic of security. Thanx for that>>
>>> http://www.claymania.com/removal-trojan-adware.html
>>
>>
>>If you carried these out, then... well... you spent a lot of time for
>>achieving absolutely nothing.
>
> Ahh Sebastian, I've read your stuff. Your the one who thinks a clean
> re-install is the only way to remove crapware, eh?

Just ignore this person! He has wealth of knowledge but is incapable to
pass it on to those in need. He does not believe that newsgroups should be
used as a vehicle to provide (specific) assistance, go figure.

Reformatting of HDD is the preferred course of action!

"The only way to clean a compromised system is to flatten and rebuild.
That¢s right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system
disk) and rebuild it from scratch (re-install Windows and your
applications)..."
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

There are however a number of reasons where this may not be possible and/or
achievable. Not everybody is technically apt to so or has an 'savvy'
acquaintance who may be able to assist. There are many users who don't live
in cities but reside in less developed environments where professional help
just does not exist. They may find the procedures as per:
http://michaelstevenstech.com/cleanxpinstall.html
too overwhelming and shy away from the perceived complexity.
The procedures as per:
http://www.claymania.com/removal-trojan-adware.html
(especially David's MULTI_AV Tool) have had helped solving uncountable
users over many years. And is IMO the next best thing to flatten and
rebuild an operating system. Moreover, the best to my knowledge, David
never has never denied anybody reasonable assistance figuring out malware
challenges.

> Not if you have a decent backup. At any rate, this is not a matter of
> opinions, but simple scientific facts.

Your advice is bogus, at best. If this is all you have to offer perhaps
shutting up would be better.

Bill Kearney wrote:

>> Not if you have a decent backup. At any rate, this is not a matter of
>> opinions, but simple scientific facts.
>
> Your advice is bogus, at best.


Calling trivial facts bogus is the reason why you should better shut up.

On Mon, 19 May 2008 08:55:18 -0500, VanguardLH wrote:
> Oh, so the "problem" wasn't what you claimed it to be in your first
> post.

Why so suspicious.

Actually, in hindsight, I wish I knew how programs figure out exactly who
is running them. This Spector program, which I apparently don't have on my
system based on the help here, apparently wires back home who is using it.

How does it do that? (Is this a right group to ask that question?)

It's a privacy spying computer security internet issue.

I'm assuming it keys off the MAC ID, which can easily be changed.

In general, how does a program (such as Spector) know EXACTLY who is using
it and on what computer? Is it the MAC ID or something else that it keys
off of?

D

On Wed, 21 May 2008 08:50:12 -0700, Donna wrote:

> In general, how does a program (such as Spector) know EXACTLY who is using
> it and on what computer? Is it the MAC ID or something else that it keys
> off of?

And better yet, could we all foil such keyloggers simply by changing
whatever it is that it uses to key off of?

"Sebastian G." <seppi@seppig.de> wrote in message
news:69h69mF31vkatU2@mid.dfncis.de...
> Bill Kearney wrote:
>
>>> Not if you have a decent backup. At any rate, this is not a matter of
>>> opinions, but simple scientific facts.
>>
>> Your advice is bogus, at best.
>
> Calling trivial facts bogus is the reason why you should better shut up.

Yeah, right. Why continue to post your useless drivel? You're not actually
helping the people asking the question. What's the point? Make yourself
feel better? All you're doing is making an ass of yourself. Ah well,
someone had to say it.

Bill Kearney wrote:

> "Sebastian G." <seppi@seppig.de> wrote in message
> news:69h69mF31vkatU2@mid.dfncis.de...
>> Bill Kearney wrote:
>>
>>>> Not if you have a decent backup. At any rate, this is not a matter of
>>>> opinions, but simple scientific facts.
>>> Your advice is bogus, at best.
>> Calling trivial facts bogus is the reason why you should better shut up.
>
> Yeah, right. Why continue to post your useless drivel? You're not actually
> helping the people asking the question.


I do, by pointing out bogus advise.

where's Brendon?

"Donna" <donnaohl26@yahoo.com> wrote in message
news:TiRXj.8983$nl7.1206@flpi146.ffdc.sbc.com...
>I found a receipt in my husband's credit card bill for something I think
> might be something called Spectre Pro Spyware wireless keylogger.
>
> I presume the software must "phone home" somehow the keylogging activity.
>
> Is there any way, perhaps by looking at network activity, that I can tell
> if my husband bought it for use on my winxp computer?

Donna <donnaohl26@yahoo.com> wrote in news:TiRXj.8983$nl7.1206
@flpi146.ffdc.sbc.com:

> I found a receipt in my husband's credit card bill for something I think
> might be something called Spectre Pro Spyware wireless keylogger.

Ouch... That's probably not a good thing.
Maybe it's not for your computer?

> I presume the software must "phone home" somehow the keylogging activity.

Depending on the version, it's storing a copy on your computer; if it's
installed there. Not my place to say why it may be present on your
computer, but it's worth noting that previous versions basically did a
snapshot, so anything you do, is copied. Chat sessions, email, web surfing,
and no, you can't erase it from those programs easily.

> Is there any way, perhaps by looking at network activity, that I can tell
> if my husband bought it for use on my winxp computer?

If it's on that computer, and properly installed, under normal conditions,
you shouldn't notice it's presence.



--
Regards,
Dustin Cook - http://bughunter.it-mate.co.uk
BugHunter v2.2e AntiMalware Removal Utility