I recently learned about the existence of SpyRecon Complete and similar programs. If it I understand SpyRecon's claims correctly, this is a keylogging and 'total capture' program that can be installed remotely on someone else's computer merely by sending that someone an email (presumably, with an attachment that they then open which downloads the program).
In mid-November, I received an email that had a file attached. The options to view were a) click on the paperclip;
view as a google document; and c) view as a Word doc. I don't recall exactly how I viewed the document, but I believe I clicked on the paperclip to open it, then cut and pasted the text into a new Word doc and saved it (on the half-baked theory this would be safer than downloading the document). I still have concderns about this email (which I have saved) and whether I inadvertently gave someone remote access to my computer.
Can someone describe to me exactly how this works? Without going into details, I have reason to be concerned about this particular email, from this particular person.
Around that time, my computer seemed to slow up a lot. One time I hit 'control, alt, delete' to see what was happening. Unfortunately, I am not very versed in what all the processes mean, but I am learning (and know much more today than just a few months ago -- I also google any processes I have questions about and the results are usually helpful). Anyway, I saw one process that was taking up something like 64,000 memory usage, and I recall specifically that that process started with an "s". Unfortunately, I did not write the item down. But I recall it was something along the lines of 'svr' something or other. I have since read up on what kind of files SpyRecon installs, and srvrecon, etc. was one of them. The other thing I noticed about that particular process was that it would not 'stop running' when I clicked on 'end task' in Task Manager. It just stayed there. I finally gave up and shut down Task Mgr. and restarted my computer. I don't remember what happened after that (this was a few months ago). I haven't since seen any process that uses up that amount of CPU. I have checked my program files and do not see a SpyRecon folder; I have looked at the registry and do not see changes that would indicate that SpyRecon has changed the registry (following advice that Symantec posted online for how to remove SpyRecon).
Question: Is there anyway at this late date (two months after I opened the suspicious email) whether I can tell if anyone at any time
ran SpyRecon for a period of time before instructing it to unstall itself? Would there be any trace of the activity? If so, how would I see that.
Secondly, I have not deleted the email with the attachment, because of my suspicions. I thought at some point I might figure out how to scan it or check it for SpyRecon? The email is in a gMail account. I think my anti-virus (AVG) only scans my Outlook email.
Thanks in advance for any suggestions.