Posted on 07/31/2015 8:02:12 PM PDT by Hostage
A neighbor's estranged Ex has possibly installed spyware and a key logger onto a new notebook given as a 'gift' to both neighbor and teenage daughter.
The neighbor is the custodial parent of the one teenage daughter who recently received the new 'spy loaded' notebook computer from her estranged parent. The notebook runs Win 8.1 and is to be eventually upgraded to Windows 10. The teenager was told directly by the estranged parent that everything the custodial parent does could be seen and recorded and then messaged out clandestinely.
The neighbor would like to know the following:
1. How to detect if spyware and key logging is really taking place on the computer?
2. If spyware/key logging is detected, how to get rid of it for sure and can it be traced back to the Ex?
3. The notebook accesses the internet through a hotspot encrypted modem. Is there any danger that the encryption key to the wifi modem has been captured?
4. Should the OS be reinstalled to be sure the spyware is flushed out? How to know for sure and how to prevent it coming back?
First thing I do on a new machine is create rescue disks. Put them away in a zip lock. My HP needs four disks.
When the inevitable clown gets his malware on board telling me to purchase some malware prevention software every 30 seconds, and prevents the system restore point to an earlier time, and prevents branded malware programs; I just pull out the rescue disks and go for it. Then restore music and photos.
The whole thing takes hours. I would love to destroy the property and the people who put this stuff out there, causing expense of millions of dollars of resources to avert damage.
Get Rid of Windows. It’s spyware central. Has more holes than a sieve. If I wanted to own someone with a windows machine, i could even do it remotely by sending them an email they opened, or 1000 other hacks.
Try a friendly linux distro.
I agree with posters saying re-install the operation system.
DO NOT DESTROY THE DRIVE, should you replace. It is the evidence of any willful tampering.
1 Image the drive (I.e., Ghost)
2 Install/recover original factory install. It will not include software added after the factory. It is safe.
3 Assess your access to folks with some forensic skills, especially virtual machines. They can load the image to evaluate what *might* have been installed.
Most importantly, document every step thoroughly. Actions such as an attempt as spying are prosecutable. All assistance in the evaluation must meet legal requirements. Enlist the aid of your friend’s attorney and their contacts with law enforcement.
Make every step clean and documented. When complete, turn everything over to the lawyer. Do not discuss with anyone not involved swith the process.
Your actions will be picked over to find errors.
Good luck.
First of all, never trust anything on the machine. No way to be sure 100%.
Secondly, he’s nearly certainly breaking eavesdropping laws.
I’d turn him and the machines in to the police. I’d also arm myself to the teeth because crazy, vindictive people are crazy and vindictive.
And while you're at it, drain your car battery and rinse it out several times, then fill it up with distilled water.....don't forget to check the muffler bearings and replace the stale air in the tires with fresh, bouncy air.
My advice was serious. The OP could have a rootkit and does not have the knowledge to remove it. In fact, there are now malware that install to the flash on the HDD itself. Since hard drives are dirt cheap, better to just start fresh and junk the old one.
Your way would definitely be effective though.
What you describe will not render the drive safe if its firmware has been modified. The safest approach is to crush the old drive.
Safer, but not the safest.
The safest is simply to not use Windows and not use that computer.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.