Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spyware / monitoring web activity reported to 3rd party


  • This topic is locked This topic is locked
5 replies to this topic

#1 clabrown

clabrown

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 21 September 2015 - 09:03 PM

Hello:

 

Strange problem, maybe wrong place, but thought you guys might could help.

 

I have a very small business client, Windows 12 Server Essentials R2 and seven Win 7 Pro workstations. One of the owners believes that his live in girlfriend has somehow installed some kind of monitoring software on his Win 7 Pro workstation that sends her screen shots or some kind of report on his web activity. She is apparently very paranoid about him looking at any type of porn. He is also understandably concerned that she may be seeing his business banking / accounting information that should be confidential.

 

He also believes she has done the same to his home laptop.

 

Apparently last week, with all the hubub on the internet about Kim Kardashian posing nude in "Paper" Magazine, he followed some kind of a click-bait link to a nude Kim Kardashian video and when he got home she apparently described what he had been looking at on his screen and proceded to ream him out. He is convinced she actually saw a screen shot or something.

 

Another incident on his home laptop (I know it's consumer windows 7 or better, not 10, but haven't seen it so don't know exact version). Similar story ... he was sitting on couch this weekend and she was away on trip. I don't think she carries a laptop. He was researching a trip to Las Vegas and followed a link to pictures of some famous street there. Apparently one of the pictures was of "mostly" topless showgirls in their costumes out on the public street advertising a nightclub or something, and again she called him on the phone and reamed him out for looking at a picture of the showgirls, my understanding is that it was almost in real time.

 

Normally I just remove stuff with the basic tools if someone gets some malware or a virus, maybe google a bit if it's something difficult to get rid of ... or save data and reformat, which is sometimes more economical and complete. In this case, I'm more specifically interested in what it is and how it got there to prevent it (ie not just an infected website or mistaken click on a fake dialog).

 

At this point he has decided to unplug his workstation from the network and has run malwarebytes scan over top of AVG Cloud Antivirus, which did find quite a few trojan things that were removed, and after a reboot subsequent scans were clean. Maybe that got it, but I'm not sure. He plans to keep it unplugged for a few days to see if she mentions that she can't see it anymore, Then maybe turn it back on and specifically go visit a few porn sites to see if she "catches" him again which would be proof that the problem is still there. 

 

I plan to go on site in a few days, I can at least get a copy of the Malwarebytes and AVG log files to see what was detected and removed. It's a small family company so the security is pretty lax once you are inside the building, so although he doesn't think she had physical access to the machine I think it's possible that she could have and then installed something. Also, just to spice it up, apparently some time ago she had told him he had better be careful because she had an old boyfriend who was a cyber geek at the CIA or NSA who could remotely hack any PC she asked him to .... now I think that's pretty unlikely, big career risk, but if he exists he might have recomended some internet monitoring tools she could have installed. It almost sounds like some parrental monitoring software that sends screen shots when the kids are doing something they shouldn't, but I'm not very familar with those products. Also I think most of those products are fairly hidden, no tray icon or obvious add / remove program entry, and probably don't show up in standard malware scans because they are typically valid products, and if the were easy to find and remove then they wouldn't be effective against your average 12 yr old.

 

So any technical suggestions, or recomendations?

 



BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:07:39 AM

Posted 21 September 2015 - 10:09 PM

Take him for a beer, explain to him gently to dump the girlfriend.



#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:39 PM

Posted 22 September 2015 - 03:29 AM

I don't know about the laws where you live, but spying on other people is wrong IMO. You might want to follow up on TsVk!'s suggestion.

As for checking if any kind of monitoring software is present, you might want to get a deeper look in the Malware Removal Logs area.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Regards,
Alex

#4 Eugenije

Eugenije

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 22 September 2015 - 08:05 AM

Take him for a beer, explain to him gently to dump the girlfriend.



#5 clabrown

clabrown
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 28 September 2015 - 12:44 PM

OK, I posted to the Malware Removal forum. Same Topic / Subject line. This should be a link to the new Thread in the Removal Forum with all the log files:

 

http://www.bleepingcomputer.com/forums/t/591922/spyware-monitoring-web-activity-reported-to-3rd-party/

 

Thanks.



#6 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:02:39 PM

Posted 29 September 2015 - 02:29 PM

Hello,

Now that you have posted a log, linked above, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users