REMOTE MONITORING/SPYWARE DETECTION

[ctroyp]

#1 Is there a way for someone to remotely monitor (keystrokes, etc.) a computer if the IP address is known but, without locally installing software?
#2 If I suspect someone monitoring my system, what is the most surefire method to catch them? These "commercial" products claim to be completely hidden because of using old file dates and such but are there any areas that can be checked? I have recently installed the trial version of TrueActive as the spyware and Spyware Doctor as the anti-spyware. Spyware Doctor found no evidence of this program running. This was my first step in finding a solution to search for spys on this computer and I am feeling a little skeptical at this point.

System: WXP connected via cable modem. Just another thought, if a computer can be monitored by monitoring the IP, would a Linksys router and firewall eliminate this possibility.

All help is greatly appreciated.

 

[zebratech]

#1 If someone knew your IP they could remotely monitor you by sniffing your connection with a network probe like Ethereal, most commonly done on wireless connections to obtain passwords. On a wired system they would have to share the wire .
#2 You need a group of spy detection tools to uncover possible infection. The most effective in my opinion being Spybot Search and Destroy 1.3, and Adaware. Others have their own favorites. One tool alone will likely miss something. Check out the FAQ for this forum.



Unix IS user friendly... It's just selective about who its friends are.

 

[vop]

Investigate any unknown running programs (with odd or blank company names). I suggest a free tool ‘Process Explorer’ over ‘Task Manger’ simply because of the ability to sort on ‘company name’. A potential discrepancy may be easier to see. At least you might get a heads-up on some potential keylogger or other nasty:

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

Freeware tools are not likely going to be able to keep up. You will likely fair much better with commercial tools. However, it may ultimately still remain a game of hit and miss when it comes to new and more obscure tools:

http://pcworld.co.nz/pcworld/tipworld.nsf/0/AD6862D13F470E2BCC256EBE000AC9E1?opendocument

“While testing various antispyware utilities for a PC World feature last September, I discovered that two otherwise top-notch spy catchers, Lavasoft’s Ad-aware and PepiMK Software’s Spybot Search & Destroy, weren’t particularly good at finding the keyloggers that I had running in stealth mode on my test PC. Two other programs — PestPatrol’s PestPatrol and Webroot’s Spy Sweeper — were better, but still hit-or-miss. No product found all the keyloggers I had installed, and even when they did find one, seldom could they completely disable or remove it.”

Both tools have neat (free) audit tools that highlight and flaunt their detection abilities:

Pestpatrol:

http://www.pestscan.com/

Webroot Spy Sweeper:

http://www.webroot.com/services/spyaudit_03.htm

Vince

 

[ctroyp]

Adaware has been installed on this computer and has the same results as Spyware Doctor--no detection. I just installed Spybot while TrueActice was disabled. I opened up Spybot to take a look at the interface and then closed it and restarted my computer. When it rebooted, I immediately started the TrueActive monitoring. After that I tried to open Spybot. It would not starup. It would just flash part of the screen up and do nothing else. Nothing shows up in Task Manager. Then, I decided to turn off the TrueActive monitoring and ran Spybot successfully this time but, it couldn't find anything to do with TrueActive. I'll try Pestscan next...

 

[ctroyp]

Okay, running the remote scan of Pest Patrol, it is finding Gator and BonziBuddy among some other tracking cookies. Still nothing detected for obvious for TrueActive.

 

[ctroyp]

Spy Sweeper has found TrueActive. Same as Spybot, it will not run while TrueActive is running. It automatically shuts back down. So in my conclusion of the TrueActive software, is that if you try running any anti-spyware software and it doesn't open or run then there must be some monitoring going on. Pretty tricky if you ask me. Does anyone have any comments or can anyone add any additional information?