From: gts (gts_2000@yahoo.com)
Date: Fri Feb 21 2003 - 19:39:50 MST
Normally I use this extropian forum to debate and pontificate about
those technological subjects about which I feel I have some expertise.
Suddenly however I find myself feeling helpless and ignorant about an
important subject: computer keylogging and surveillance software. I'm
hoping some of the expert hackers here can offer some advice to help me
with a rather upsetting situation.
It appears that my personal home PC has been hacked. Someone unbeknownst
to me has discovered the password and email address that I once used to
logon to a particular website. This person then impersonated me on the
relevant site and used the resulting record of my activity in an effort
to disrupt my personal life in a very destructive way. I have no
evidence so far that this person is not also seeking to disrupt my
financial or professional life. I use pretty much the same email and
password for everything, though I have already rushed to change the most
critical passwords in the wake of this incident.
My PC is generally not physically accessible to anyone other than
myself. My first guess therefore is that my security was compromised by
some kind of remote installation stealth keylogging software capable of
gathering my password information and transmitting back to the sender
over the internet. It's my understanding that it is possible to install
keylogging and screenshot copying software remotely via email
attachments, attachments which would then, if executed, start sending
data secretly to the original sender via unseen email. Normally I am
careful to refrain from opening email attachments from strangers, (I
know enough to protect myself against common email worms and viruses),
but in this case there is every reason to believe that the culprit was
no stranger. The primary suspect in my mind is one of a handful spiteful
and potentially treacherous ex-girlfriends who may now be trying to
sabotage my current relationship, and who might also possibly be
interested in doing financial or professional damage to my life as well.
As the saying goes, "hell hath no fury like a woman scorned." And I have
dated some very intelligent and computer savvy women in recent years,
some of whom might very well be feeling scorned. :/ (In fact the most
likely culprit knows of my membership here and might very well be
reading these very words as I write or publish them. If so then so be
it! She might just as well know right now that I have every intention to
go after her ass with a vengeance. If possible I will press legal
charges.)
I am running Windows XP Home Edition. Until a couple of week ago I was
connected 24/7 via DSL, but in the last few weeks I have been using
dialup only. Normally I keep McAfee Firewall running, but I cannot say
with certainty that I have not manually allowed a suspect program access
to the internet (that imo is a serious problem with these personal
firewall programs... It's difficult for regular folks to know a bad
program from a good one unless the app name is obviously familiar).
Today, in an effort to find stealth keylogging programs, I installed and
ran a trial copy of Anti-Keylogger, published by Raytown Corporation.
Anti-Keylogger identified these files as suspect on my XP system:
- c:\windows\system32\wbem\repository\fs\index.btr
- c:\windows\system32\wbem\repository\fs\objects.map.new
- c:\windows\system32\wbem\repository\fs\index.map.new
- c:\windows\system32\wbem\repository\fs\objects.data
Can anyone tell me if these files are in fact evidence of malicious
keylogging? Their location under windows/system32 leads me think they
are innocent.
Also I installed and ran a trial version of SpyCop version 5.2c. This
trial version of the software found nothing suspicious, but according to
the literature the trial software does not check every file. Is this a
program worth purchasing? If not, what anti-computer surveillance apps
should I consider? Note that these applications are in a different
category from anti-virus software. I already run anti-virus software
from McAffee, along with their firewall and anti-spam software.
In what other ways might someone gain access to my password and logon
information to impersonate me at a particular web site, short of having
physical access to my PC? Thanks in advance to anyone who can help.
-gts
This archive was generated by hypermail 2.1.5 : Fri Feb 21 2003 - 19:42:21 MST