Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think there may be spyware on my laptop.


  • Please log in to reply
3 replies to this topic

#1 cutekittycat

cutekittycat

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 11 October 2014 - 11:51 PM

I had exchanged my old laptop for this one unexpectedly when I gave my old laptop to a local computer fixer dude because it had died on me. I've always been a bit paranoid about spyware and such, but there are a couple things that really put me on the edge.

 

When I first got this computer, about 2-3 months ago, I went in to the "uninstall a program" window just to make sure there wasn't anything there I didn't need. I saw a program named "splashtop" on the list, searched it up, and found that it's a remote desktop program. Yeah... that's definitely not alarming. I went in to the task manager and tabbed over to processes, and sure enough splashtop was RUNNING. WTF. I immediately uninstalled the program and figured that was that.

 

Now about 20 minutes ago I went in to color calibration to see how it was set up and I get a message that says, "Display Color Calibration can't calibrate the selected display because it can't determine if the display is 'mirrored,' which means the desktop is duplicated and show on different displays. Display Color Calibration can't calibrate a display that's mirrored." This freaked me out. I have never used a second monitor/display with this laptop ever. It's not hooked up to anything. Why would it give me this message? I may be jumping to conclusions but I'm thinking it might be spyware.

 

There are some other strange instances like the fact that he straight up lied to me about putting my old hard drive plus a 1tb hard drive in to the tower he gave me. There's only one hard drive in there, and it's not my old one. He also logged in to my debit card account from an IP that is completely foreign to me (I had both my password and my security question saved with autofill like a dumbass) and he logged in to my origin account. Obviously I changed all of the log-in information for both.

 

Am I completely insane or does anyone else see the red flags? Am I right to be so worried about the fact that he has my old hard drive with a lot of personal information on it? What should I do to make sure I don't have anything malicious on my laptop? I apologize that this is long but I'm freaking out right now.

 

I'm running Windows 7 Professional. 


Edited by cutekittycat, 11 October 2014 - 11:56 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 13,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:15 AM

Posted 12 October 2014 - 04:25 AM

For the laptop you now use, if it has a recovery partition with the software that was installed at time of original purchase,

then you should do a clean reinstall. That is the only way you can be sure and have peace of mind that your computer is not being

compromised in some way. As it is obvious any trust you had in who you got the computer from doesn't now exist.

 

If you don't have any recovery partition or a sticker somewhere on the computer giving the Windows ID/ Product Key # then you should

use KeyFinder | Magical Jelly Bean to find your Product Key before reinstalling Windows.

 

Yes, it was a mistake on your part to give up ownership of the hdd without first erasing the info. Every password and who knows what

else was stored on that drive, you have to assume has all been seen/ compromised.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:15 PM

Posted 12 October 2014 - 06:11 AM

Hello -

First i would inform your local police / security people that your Debit Account Card is being accessed by a thief.

Next you should contact your banks (etc.) and have all of your passwords changed or all of your cards / accounts altered or cancelled.

 

Now go to Control Panel and look in Programs and Features then delete all programs that you are not 100% sure of.

If you are not sure, Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:

  • List content of Hosts
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

 Click Go and Copy and Paste the result. (result.txt)

 

 

Use Revo uninstaller to clean out any programs that you think may be spying on you =>>

Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall this program, click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers....(be patient here ! ) click Next.
  • Check / tick the bolded items Only, then click  DELETE
  • When prompted click on Yes and then on next.   
  • Put a check on any folders that are found and select delete
  • When prompted select yes then on next
  • Once done click Finish.

Also please read How to use Revo Uninstaller

 

 

If you can not get your old computer back, use this program to see if the computer matches the numbers on the computer that you have.

Open notepad (not wordpad or any other text editor) and Copy the Code below then save it to Desktop.
Save it as Type  >  All Files
Name is Windows_Product_Key.vbs .    NOTE the .vbs extension is very important

Set WshShell = CreateObject("WScript.Shell")
MsgBox ConvertToKey(WshShell.RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId"))
 
Function ConvertToKey(Key)
    Const KeyOffset = 52
    i = 28
    Chars = "BCDFGHJKMPQRTVWXY2346789"
    Do
        Cur = 0
        x = 14
        Do
            Cur = Cur * 256
            Cur = Key(x + KeyOffset) + Cur
            Key(x + KeyOffset) = (Cur \ 24) And 255
            Cur = Cur Mod 24
            x = x -1
        Loop While x >= 0
        i = i -1
        KeyOutput = Mid(Chars, Cur + 1, 1) & KeyOutput
        If (((29 - i) Mod 6) = 0) And (i <> -1) Then
            i = i -1
            KeyOutput = "-" & KeyOutput
        End If
    Loop While i >= 0
    ConvertToKey = KeyOutput
End Function

It should give you the "sticker" code numbers that will match the ones on the computer that you have been given.

 

Just a double security check with KeyFinder | Magical Jelly Bean

 

Thank You -



#4 cutekittycat

cutekittycat
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 20 October 2014 - 11:46 AM

nevermind.

 

I'm currently in the process of clean installing windows and I'll update when it's finished. I'm crossing my fingers there's no more remote desktop control BS on my laptop :)


Edited by cutekittycat, 20 October 2014 - 12:24 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users