Needing some techie help
Dec. 10th, 2009 22:20![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
mapsedgeThere's a story here, I'll try to sum up quickly:
A friend of ours recently committed suicide, leaving a wife and five year old daughter. As a part of his decline to that act, he went through a paranoid stage and installed a keylogger called (we think) Spectre on his wife's computer. Now that she is a single mom, she needs to work from home but the software interferes with the functioning of her scanner, network connection, fax, etc.
I have Googled and Bing'd till I'm blue in the fingers, but the two reputable guides I found for removing it (websites that didn't just try to sell me more software) didn't do me any good. The registry keys and dll files they suggested weren't there, but when I hit the login access keys (ALT+CTRL+SHIFT+S), the login screen came up, so I KNOW it's there.
I've installed a HOSTS file with a suspected domain shit-canned.
I've installed WinPatrol, but it doesn't list any processes or startup entries that look suspicious.
I've installed and run SuperAntiSpyware, but it found nothing.
Question: Is there a freeware tool for Windows that allows me to identify a window - the login screen, for instance - and identify its parent process?
Question: Is there a freeware tool for Windows XP that monitors and logs outgoing TCP/IP traffic? This software phones home periodically with screenshots and captured data, so there is definitely outgoing traffic. I need, at the very least, to kill those packets.
Question: any other helpful advice?
Worse come to worst, I can slam the harddrive and reinstall the OS, assuming she can find her original install disc. I've got a "borrowed" copy of XP, but no idea if it actually works or not, or if it does if she'd be able to get security updates, etc.
A friend of ours recently committed suicide, leaving a wife and five year old daughter. As a part of his decline to that act, he went through a paranoid stage and installed a keylogger called (we think) Spectre on his wife's computer. Now that she is a single mom, she needs to work from home but the software interferes with the functioning of her scanner, network connection, fax, etc.
I have Googled and Bing'd till I'm blue in the fingers, but the two reputable guides I found for removing it (websites that didn't just try to sell me more software) didn't do me any good. The registry keys and dll files they suggested weren't there, but when I hit the login access keys (ALT+CTRL+SHIFT+S), the login screen came up, so I KNOW it's there.
I've installed a HOSTS file with a suspected domain shit-canned.
I've installed WinPatrol, but it doesn't list any processes or startup entries that look suspicious.
I've installed and run SuperAntiSpyware, but it found nothing.
Question: Is there a freeware tool for Windows that allows me to identify a window - the login screen, for instance - and identify its parent process?
Question: Is there a freeware tool for Windows XP that monitors and logs outgoing TCP/IP traffic? This software phones home periodically with screenshots and captured data, so there is definitely outgoing traffic. I need, at the very least, to kill those packets.
Question: any other helpful advice?
Worse come to worst, I can slam the harddrive and reinstall the OS, assuming she can find her original install disc. I've got a "borrowed" copy of XP, but no idea if it actually works or not, or if it does if she'd be able to get security updates, etc.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2009-12-11 04:51 (UTC)The malware removal tool du jour is "Malwarebytes". You may have luck there. It has worked minor miracles.
If the license key is available, then a re-install and a quick call to Microsoft to activate (tell 'em you're re-installing) will clear that issue up, probably with less time and fuss than anything else. Good luck.
no subject
Date: 2009-12-11 05:05 (UTC)How about WinID available at http://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/WinID.shtml
or if you have Visual Studio available to install, Spy++ is good.
Question: Is there a freeware tool for Windows XP that monitors and logs outgoing TCP/IP traffic? This software phones home periodically with screenshots and captured data, so there is definitely outgoing traffic. I need, at the very least, to kill those packets.
I like WireShark (http://www.wireshark.org/download.html) because of its nifty color-coded output AND it's multi-platform!
Question: any other helpful advice?
Also, might want to try RootKit Revealer (http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx) and/or HijackThis (http://free.antivirus.com/hijackthis/) which sniff out keylogger-type things.
no subject
Date: 2009-12-11 05:09 (UTC)no subject
Date: 2009-12-11 05:11 (UTC)http://www.kephyr.com/spywarescanner/library/spector/index.phtml
For process viewers, I tend to like this one:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
It's ProcessViewer, and I've been a loyal fan since I before Windows 5 (2000) came on the scene.
politics and money aside...
Date: 2009-12-11 15:01 (UTC)no subject
Date: 2009-12-11 15:03 (UTC)download CCleaner or aka crapcleaner from internet.
Get into the computer in "Safe Mode" and work from there.
If your friend installed Spectre as the administrator,
getting in thru safe mode will let you get around.
no subject
Date: 2009-12-11 17:35 (UTC)-J