How to determine if Spector Pro Spyware is running on my computer?

I found a receipt in my husband's credit card bill for something I think
might be something called Spectre Pro Spyware wireless keylogger.

I presume the software must "phone home" somehow the keylogging activity.

Is there any way, perhaps by looking at network activity, that I can tell
if my husband bought it for use on my winxp computer?

Donna wrote:
> I found a receipt in my husband's credit card bill for something I think
> might be something called Spectre Pro Spyware wireless keylogger.
>
> I presume the software must "phone home" somehow the keylogging activity.
>
> Is there any way, perhaps by looking at network activity, that I can tell
> if my husband bought it for use on my winxp computer?

Dear, Dear, Dear - you don't trust him - he doesn't trust you
......suggest the answer lies not in the Software - but in a heart to
heart talk?

..or even a Marriage Guidance Counsellor ...

best wishes for the future

On May 18, 10:57*am, Donna <donnaoh...@yahoo.com> wrote:
> I found a receipt in my husband's credit card bill for something I think
> might be something called Spectre Pro Spyware wireless keylogger.
>
> I presume the software must "phone home" somehow the keylogging activity.
>
> Is there any way, perhaps by looking at network activity, that I can tell
> if my husband bought it for use on my winxp computer?

It is all suspicions but anyway;

To elminate keyloggers, download and install "Spybot search and
destroy" to scan your system.
To sniff network activities, download and install "Ethereal"
http://www.ethereal.com

For other issues above, Ask Dr. Phil http://www.drphil.com ....!!

all the best.

-aljuhani

aljuhani wrote:


> To elminate keyloggers, download and install "Spybot search and
> destroy" to scan your system.


A lot of people still believe in scanning. Quite sad. Even further,
considering what Spybot S&D claims about a provably clean and secured
system, it would be even more useless on a surely infected system.

But what qualification of security expertise should we expect from someone
who's abusing MSIE as a webbrowser...

On May 18, 2:42*pm, "Sebastian G." <se...@seppig.de> wrote:
> aljuhani wrote:
> > To elminate keyloggers, download and install "Spybot search and
> > destroy" to scan your system.
>
> A lot of people still believe in scanning. Quite sad. Even further,
> considering what Spybot S&D claims about a provably clean and secured
> system, it would be even more useless on a surely infected system.
>
> But what qualification of security expertise should we expect from someone
> who's abusing MSIE as a webbrowser...

We can only suggest available tools.

On Sun, 18 May 2008 05:07:31 -0700 (PDT), aljuhani wrote:

> We can only suggest available tools.

Hi everyone,

I agree that scanning probably won't work because the software runs on a
windows system.

Looking at the disk from another system might work but that would take
daily removal of the hard drive and I'd have to know what to look for
anyway.

I was asking here because I am assuming that the network activity back to
the mother ship would be the weak point in detecting this software.

I'm still convinced there will likely be signature network activity
pinpointing the use of this software - which - by the way - all of you
should also check for. But, what do we check specifically for? And how?

Googling for "Spector network activity" I found this article
http://www.interhack.net/pubs/spector/ which said there is a certain
connection to the domain U2A1376GF-43TY-245B.COM with this software.

May I ask how you would recommend a novice look for connections (perhaps in
the past) to this domain and how to block them moving forward?

aljuhani wrote:

> On May 18, 2:42 pm, "Sebastian G." <se...@seppig.de> wrote:
>> aljuhani wrote:
>>> To elminate keyloggers, download and install "Spybot search and
>>> destroy" to scan your system.
>> A lot of people still believe in scanning. Quite sad. Even further,
>> considering what Spybot S&D claims about a provably clean and secured
>> system, it would be even more useless on a surely infected system.
>>
>> But what qualification of security expertise should we expect from someone
>> who's abusing MSIE as a webbrowser...
>
> We can only suggest available tools.


No, we can also suggest methods and procedures. That is, ensuring that
there's no keylogger in first place.

Donna wrote:


> I was asking here because I am assuming that the network activity back to
> the mother ship would be the weak point in detecting this software.


Unlikely. It's called steganographic tunneling.

The real weak point is that the software, if installed, changes the state of
the system. Comparing against a known good state will show it up.

"Donna" wrote in <news:TiRXj.8983$(E-Mail Removed)>:

> I found a receipt in my husband's credit card bill for something I think
> might be something called Spectre Pro Spyware wireless keylogger.
>
> I presume the software must "phone home" somehow the keylogging activity.
>
> Is there any way, perhaps by looking at network activity, that I can tell
> if my husband bought it for use on my winxp computer?

If this is a shared computer, save all your data files to removable
media. Then reformat the drive. When the husband asks, say you don't
know why the drive got erased except for some strange error message that
popped up saying "Critical system error: Spectre Pro buffer overrun
generated raw disk error." Maybe he'll think twice before he tries to
install it again. In the meantime, get your own computer and lock it
up.

On Sun, 18 May 2008 00:57:41 -0700, Donna <(E-Mail Removed)>
wrote:

>I found a receipt in my husband's credit card bill for something I think
>might be something called Spectre Pro Spyware wireless keylogger.
>
>I presume the software must "phone home" somehow the keylogging activity.
>
>Is there any way, perhaps by looking at network activity, that I can tell
>if my husband bought it for use on my winxp computer?

I would visit there website
http://www.spectorsoft.com/products/...quirements.asp
and call the support department to find out what the key sequence is
to bring up the application. If it works then you know it is there.

Also you could install and run
Windows Defender (from Microsoft website)
Ad-Aware
SpyBot Search and Destroy.

One of the three should find it if it is there.


You could also get your own copy and put on your husbands computer so
you can monitor his e-mail to see if he is monitoring yours.

Steve B.