Spyware : E-Survailer

  • Thread starter Thread starter Coleman Smith
  • Start date Start date
C

Coleman Smith

Here is a report from my Spysweeper(tm) software:

__________________

Sunday, 14 March 2004 03:48 PM ···|
08:10 PM Sweeping memory for active software.
08:10 PM Memory sweep has completed.
08:11 PM Registry sweep completed.
08:11 PM Full sweep on all local drives initiated.
08:11 PM Now sweeping drive C:
08:24|··· Tuesday, 16 March 2004 05:24 PM ···|
Your software definitions have been updated.
06:34 PM Sweeping memory for active software.
06:34 PM Memory sweep has completed.
06:36 PM Registry sweep completed.
06:36 PM Full sweep on all local drives initiated.
06:36 PM Now sweeping drive C:
Found System Monitor: e-Surveiller, version 1.0
06:50 PM Full Sweep has completed. Elapsed time 0 hours, 15 minutes, 36
seconds.
Files swept: 35,330
Software Located: 1
Spy Sweeper quarantined: e-Surveiller

_____

After it was quarantined and disabled I changed all my pass words and have
monitored my on-line checking account daily.

I need to know the answer to the following questions:

1. Could this have been a false positive?
2. Is there any way to find out who put this on my PC.

I copied the quarantined files to a CD for evidence and have set Spysweeper
to sweep on boot.

If I am on line for more than 2.0 hours I sweep again.

I know this is not an XP question but I have been unable to find a news
group dealing with this issue and I respect the VP's knowledge in this
group.

BTW: I checked out the e-survailer web page and I sent an email to
Spysweeper(tm) already.

They answered with a bot that made no sense what so ever.
 
I'm not a vice president (VP?), but you don't need to be a vice president to
answer your questions:

"Could this have been a false positive?"
Only Spysweeper technical support has the knowledge to answer that question.

"Is there any way to find out who put this on my PC?"
You did. What software have you installed lately? Spyware can be included as
an 'add on', usually withour prior notification to you. That's why you need
to be very careful about what you install. In particular, you must always
read the EULA.

Rocky
 
Summary: Commercial product.
Vendor Notes: From the doc: 'Ever wanted to monitor your home PC from work? Want to monitor PC's across your corporate or home network? Do you want the ability to watch the screens of remote computers in real time? e-Surveiller is your solution! e-Surveiller provides the power to remotely monitor other computers. e-Surveiller allows you to view keystrokes, programs ran, file changes, live viewing of the remote screen'
Alias: Backdoor.VB.iq
Category: Key Logger: (Keystroke Logger). A program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker

Backdoor: A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker

FTP Server:

Surveillance: Any software designed to use a webcam, microphone, screen capture, or other approaches to monitor and capture information. Some such software will transmit this captured information to a remote source

In short someone is watching yo
 
Rocket J. Squirrel said:
I'm not a vice president (VP?), but you don't need to be a vice president to
answer your questions:

"Could this have been a false positive?"
Only Spysweeper technical support has the knowledge to answer that question.

"Is there any way to find out who put this on my PC?"
You did. What software have you installed lately? Spyware can be included as
an 'add on', usually withour prior notification to you. That's why you need
to be very careful about what you install. In particular, you must always
read the EULA.

Rocky
Click to expand...

No recient down loads.

I am aware that when you down any thing for free you can get more than you
barganed for.

Firewall was up to date and state of the art.
I don't open attachments unless I know for a fact who sent them.
Email is set to delete dangerious attachments.
SpamKiller(tm) set to friends only.
 
A firewall and antispam tools do not protect you from spyware.
Unfortunately, nothing but diligence protects you from spyware.

Rocky
 
frind of yours said:
Summary: Commercial product.
Vendor Notes: From the doc: 'Ever wanted to monitor your home PC from
Click to expand...
work? Want to monitor PC's across your corporate or home network? Do you
want the ability to watch the screens of remote computers in real time?
e-Surveiller is your solution! e-Surveiller provides the power to remotely
monitor other computers. e-Surveiller allows you to view keystrokes,
programs ran, file changes, live viewing of the remote screen'
In short someone is watching you
Click to expand...
I know all this because as I stated in the original post I visited their web
page.

What I am looking for is a why to identify the perpetrator and to confirm
that the product on my computer is in fact what Webroot Spysweeper9tm) says
it is.

As previously stated I sent them an email and they responded with a bot that
made no sense.

Any one here have any constructive suggestions.

I reject the premise previously stated by one of the posters that only the
manufacturer can tell if it's there product or not.
This statement is so broad that it excludes the intelligence services of all
nations.

I considered reporting the intrusion to the FBI but was advised in a
security newsgroup that they are preoccupied with more important things and
unless I become a victim of identity theft they are not likely to become
aggressively involved.

There was an article in the Kansas City Star this week about a insurance
claims manager who was arrested for violation of the federal wire tapping
statues because he put a key logger on a secretary's computer at the request
of a friend who had a claim against his company. The article said that the
penalty was a max of 5 years and $ 5,000.00.

He got caught because he got caught because he got fired and asked a friend
to clean the bug off the secretaries machine. the "friend" turned him in and
the FBI cuffed him up.

I have copied the sequestered software to a CD for evidence and if I am the
victim of an identity theft I will report it to the FBI.

In the meantime I only down load commercial software, do not accept
attachments unless the sender has a digital certificate and I know in
advance the email is coming with an attachment and what it is.

I also do not accept forwarded email except from the office.

I now generate my passwords on an off line computer, keep them on a floppy
off line and copy and paste them when needed.
I understand that it's difficult for a key logger to recorded what is copied
and pasted.

I use Kremlin(tm) for encryption, secure file deletion and slack wiping.

Of course encryption is no defense against key loggers because they record
the plain text before it is encrypted and can lift both private and public
encryption keys.

Any suggestions about how to identify the perp., verify the malignancy of
the product and avoid the problem will be appreciated.

I will write the e-suvailer vendor but I am not sure if they car or will
help or if I can trust their answers.

BTY: key loggers are a general threat to any one using the internet and
should be of interest to all who post here.
 
I am happy to report that SpysweeperT e-SurvailerT and some security news
groups have confirmed that I have a false positive.

The isolated program was restored and after updating the spyware definitions
the program was not tagged again.

For now my machine is clean.

Coleman Smith
 
Back
Top