Computer Spector Solution
Arcticoyote
After finding the website, now I understand everything on why you couldn't
find it.
It's a program designed to run hidden on your system in order to record
where anyone using that computer had been or done. This thing is a pain in
the ass.
Straight from their website:
"Spector 2.2
Install Spector on your PC and it will record EVERYTHING your spouse, kids
and employees do on the Internet.
Spector SECRETLY takes hundreds of screen snapshots every hour, very much
like a surveillance camera. With Spector, you will be able to see EVERY chat
conversation, EVERY instant message, EVERY e-mail, EVERY web site visited
and EVERY keystroke typed.
Unlike other e-mail recording software, Spector also records HotMail, Yahoo
Mail, and other anonymous email accounts.
Spector is 100 percent compatible with all versions of AOL and AOL Instant
Messenger."
It states it uses a stealth technology to prevent it from being found.
Whoever installed it, sounds like they didn't put it a 100% stealth tho. If
it runs as advertised, then there is no listing in the system tray, 3 finger
salute box, does not show up by name, and can only be uninstalled from
within the program itself which is password protected. Everything is stored
in a hidden drectory (might be able to find it then by size alone. The
password is up to 16 characters alphanumeric. All snapshots can be saved to
bmp or jpg formats. A full day of use is suppose to be limited to about 10mb
in size. The prog is about 1-2 megs in size when downloaded, if compressed,
I'd hard it'd be around 5-10 megs in total size once installed.
Without a copy of the thing to tear apart, I can only guess at its details
on where when how.
One thing, try opening windows explorer and going into view/folder options
and put in on view all files.
See if it's listed in any of the file associations and then track it from
there.
Here's what I found from PCworld.com:
3. Watch out for odd file names that have the "hidden" property checked.
Snoopware programs typically use deceptive file names and activate the
"hidden" file property feature. Good backup programs see through this. To
inspect manually, enable the Show All Files option, under the View tab in
the Folder Options dialog box; this is accessible under the View menu in the
Windows desktop or in Windows Explorer. Look around the drive, especially in
the system folder, for files with faded icons. Be careful: Important,
legitimate system files are often hidden to prevent accidental and
disastrous erasure.
Spector
Spector 2.1 adds several files to the C:\Windows\System directory, including
mswnsrvx.cnt, mswnsrvx.exe, mswnsrvx.hlp, shmswnmp.dll, and shmswnrc.dll
(all of these are hidden files).
The easiest way to determine whether you are under surveillance by Spector
is to check for the C:\Windows\System\WebExt directory, which contains files
with names like "4F0BF6D8.TPS." There may also be a master log file called
"_MSFILEA.TXT", which shows when each capture file starts. The WebExt
directory isn't hidden, but it can be changed to another name to make it
harder to detect.
EBlaster, spectorsofts other prg:
EBlaster
The major EBlaster program file is the 468KB URLMKPL.DLL, in the
Windows/System folder. Also added are msskfzwin.dll, msskfzwin.ocx, and
winmsskfzwin.drv.
EBlaster must send e-mail outbound to report on you. Severing your network
connection will cause reporting to be delayed.
Website for the above:
http://www.pcworld.com/news/article/0,aid,32863,pg,8,00.asp