Need help busting spy on my cp please

My X has hacked into all my e-mail, changed the passwords etc. I'm pretty shure he has something on this computer that will show him everything I do and type. Anyone know of a free download I can get to find it/stop it?

Also, this pc is hooked up to his with LAN for internet purpose.

Thanks

Originally posted by AngelaLadyS
Also, this pc is hooked up to his with LAN for internet purpose.

Doesn't sound like your X has gone too far if you're still on a LAN with him. That's an odd relationship considering that you usually need to be in the same house for this to work.

First of all, look for any items that are plugged into your pc that don't have a wire leading to anything. Some keyloggers are simply plugged into your empty USB ports.

Secondly download Process Monitor from Microsoft. It's a very simple small program that will tell you about ALL activity on your pc. After you start it, modify the filter to detect all file writes and you'll be able to see any logging software instantly. It's pretty straight-forward but if you're not used to looking at all the behind the scene stuff your computer does it might take a bit of watching to see what's normal and what's not. Keyloggers will write to a file when you're typing a bunch.

If you do find any offending software, write down the location of the program, restart your computer in safe mode (Press F8 while starting) and then go delete the offending program.

Hope this helps point you in the right direction.

Thanks - nothing in the USB port except the LAN. (And yes - strange set up. But I do anything for the kids. I still have a young at home).

I'll go directly to the download - already have the window open - thanks!

I don't supose there's anything I can do without paying for a program to change my passwords from my old e-mail addys he stole is there? I'm not sure what program he ran - but it figured out my passwords and he changed them on me.

I think it would probably be best to let all those accounts go and start fresh. Once they're compromised, I personally wouldn't trust them again.

PITA I know, but there you have it.

There's a really great program that kills keyloggers, but you have to pay for it. Xoftspy

I use a set of several malware containment and prevention programs and when I purchased and setup Xoftspy, it caught another 80 or so the others had missed.

It's really worth the price of purchase.

Originally posted by dbates
If you do find any offending software, write down the location of the program, restart your computer in safe mode (Press F8 while starting) and then go delete the offending program.

Or you can use AutoRuns, also from Microsoft and originally from Sysinternals, to disable any program that starts when the computer starts.

reply to post by ArMaP


You can do all that with "msconfig" (Start...run.."msconfig") Just make sure you know what you're doing.

Thanks guys - I downloaded the other program too.

I'll install after I'm done here at ATS.

It bugs the 'heck' out of me. I tried to contact hotmail and yahoo to tell them I'd been hacked ... iether it didn't do any good or I got ahold of the wrong addy to send the info to. Here I thought it was against the law. Guess I was wrong.

Being against the law, and getting the law to give a toss are two different things.

Big story of my life. There's so much internet crime around they don't bother with it unless it's at the behest of some big corporation that feels ripped off by someone downloading their copyrighted music.

reply to post by dbates


Thanks for the info. Like the tat, btw. I have an Angel on my shoulder that my son drew when he was 8. I love it.

reply to post by dbates


Not quite.

AutoRuns shows and lets you enable/disable/delete everything that registers itself in:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Classes\Protocols\Filter
HKLM\SOFTWARE\Classes\Protocols\Handler
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKLM\Software\Microsoft\Internet Explorer\Extensions
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

Neither of these sections appear in MSConfig (at least on my computer, running Windows Vista). AutoRuns also has the possibility of searching on Google any one of the files it lists, a handy way of seeing if that file is known as a good "guy" or a bad "guy".

1. Change -every password to everything. ESPECIALLY you email, since all other online places send password recovery there.
   
   
2. Download PCTools Spyware Doctor. License is $30. Best bang per buck for non-AV PC security you could ever spend. Free spyware removers are crap and can be bypassed by a script kiddy in -seconds-.
   
   
3. If you're on the same LAN that means he has physical access to your PC? Set your BIOS to be password protected.
   
   
4. Disable boot to anything but hard drive (ie. no floppy, cd, or network boot)
   
   
5. Set your OS up to require username & PW to login. Give yourself Admin rights, rename the "Administrator" account, and remove the "Guest" login.
   
   
6. Don't make passwords they can guess, and don't leave them written down by your PC.
   
   
7. Your voice mail and atm have passwords too. Change them.
   
   
8. Change out your locks. Always assume they made a spare they kept.
   
   
9. If you live under the same roof, but seperate rooms, install a key lock on your bedroom door.
   

reply to post by ArMaP


That's good to know. I'll have to try this application out some time to see what it can do. Thanks for pointing that out.

just as another piece of advice, i suggest you stop using a one or 2 word password, and use a pass phrase over 14 characters. Brute forcing a password or phrase over 14 characters takes a long time.

The length helps stop people using tools like ophcrack and other tools.

To top it off, it prevents people from guessing a single password.

It seems like a lot to remember, but it really isnt.

As thelibra said, disable any other bootable device other than the harddrive so people cant use LiveCD's to crack your system.

Also, if the previously mentioned programs dont seem to work, Hijackthis is another good program for detecting unwanted software, but generally required a bit of time and knowledge to use.

[edit on 29-10-2007 by InSpiteOf]

As posted earlier msconfig will tell you what programs are currently running in your startup. It is kinda dangerous because you can turn something off that you shouldn't. The good thing about msconfig is that you can recheck the box to make the program run at reboot again.

The other thing is you can use HijackThis to find out what's is you're start up. It will even give you a basic idea of what the opperation does.

When ever I have problems with my pc this is what I do. And it is well worth the price because these programs autoupdate.

SpyCleanerGold 9.5
TrojanRemoverV6. whatever.
Norton Registry Sweep
HijackThis
Msconfig

[edit on 29-10-2007 by MrMysticism]