Tracking software of an x-wife on her puter ?

[rivrbyte]

Tracking software of an x-wife on her puter ?


A friend of mind is going through a major, nasty divorce and since he left, she feels like he knows exactly what’s going with her life and wants to know if there is a program to run to check to see if there is any such thing on her computer.

She has changed her passwords several times weekly, but somehow he still knows what’s going on with her correspondence through her e-mail. He is a creep, a con-man, and he’s up to something. I just want to be able to help her. Thanks you!

 

[Deleted member 12106]

Format the machine and make sure the security questions are changed on each website she goes to. Make sure all email does NOT have a BCC/CC on anything sent and no forwarding rules on anything coming in. Perhaps also change email addresses all together. Some ISP email's will allow the account holder to get into another users' account if it is under the account owners.

Any modern AV program should be able to find anything installed that is questionable for tracking, but I would start over from scratch and do the above.

 

[NetJunkie]

Yep. What he said. Slash and burn.

 

[Striker109]

The easiest and most sure fire way is to backup her user data and perform a 7+ pass disk wipe. A program like DBAN would work perfectly. Reload the operating system and scan the device holding her backed up data with a good anti-virus program. Also scan it with your favorite anti-malware programs.

She will need to change her e-mail password first before doing anything else after the reload. The next step is to have her change all her passwords and security questions on any web site that she uses frequently (banks, Facebook, etc). I would also confirm that only her e-mail address is listed on those accounts.

The last thing I would do is check her entire vehicle top to bottom for a GPS tracker. Those things are so small now you can stick them under the car and it will still receive a signal. Private detectives, jealous spouses, etc have been known to use them to find out where people go. I very much doubt there is one, but it wouldn't hurt to spend 10-15 minutes checking the vehicle.

 

[NetJunkie]

7-pass disk wipe? WTF?! You think some latent bit is going to spring back to life?

 

[Electrofreak]

Yeah, format the PC, change security questions on websites to something an ex wouldn't know, all the stuff people above said, etc.

And I'll add on additional suggestion. Once she DOES do all this, and she has A/V and anti-malware installed, have her sandbox the browser.

www.sandboxie.com

Once the browser is sandboxed, he shouldn't be able to install any other tracking / keylogging software onto her PC via a browser (such as tricking her into running an executable emailed to her), as the Sandbox should prevent it.

 

[Met-AL]

If she has a gmail account, make sure it is not linked with another gmail account.

http://www.makeuseof.com/tag/how-to-link-multiple-gmail-accounts-together-in-4-easy-steps/

 

[xXxDieselxXx]

Are they still living in the same place?

If not I would start by calling the ISP and having change the IP Address. He could be remote connecting to the PC as well and watch live.

- Disable Remote Desktop service.
- Check firewall settings.
- Change all the passwords.
- If she has wireless router, change the router login/password and also make sure wireless is secured. Change WEP as well.
- If she has a router she can also monitor all the logs and see who is connecting and when.
- She can also have someone capable to sniff her connections using WireShark software.
- I would also check in EventViewer from Windows. You can track pretty much whats going on. That's how I catch who is connecting to my servers when things get messed up. I have many co-workers that are very messy and change server settings and never put them back. I go to Event Viewer and catch them.

 

[jiminator]

ya, to me it sounds like he has set up her email accounts to do forwarding to him.
she should contact her isp to find out how this is done and to turn it off.
it probably has nothing to do with outlook or her personal computer.
all the wipe/reformat stuff seems to be pretty extreme and unnecessary

 

[Electrofreak]

ya, to me it sounds like he has set up her email accounts to do forwarding to him.
she should contact her isp to find out how this is done and to turn it off.
it probably has nothing to do with outlook or her personal computer.
all the wipe/reformat stuff seems to be pretty extreme and unnecessary

Good call on the email forwarding... but if he does have a keylogger on her PC, wipe / reformat is virtually the only way to be absolutely sure keystrokes aren't being monitored.

A guy can spend forever trying to hunt down a good keylogger.

 

[XOR != OR]

There's also software out there like spector soft, which isn't a trojan/virus, and is ignored by the major AV out there.

Wipe/reload. You don't have to do the 7pass thing, just the basic format like you get when you reload windows will work.

 

[KatalDT]

Have her change all the passwords/questions from a secure location before wiping the PC. If he's got good monitoring software, he might realize something is going on and try to screw her by changing them all himself.

 

[jrdonnaruma]

What I would do:
1. Backup only documents/pictures/media, NOT the user folder.
2. Format Hard drive and reinstall
3. Change all email accounts security questions/answers
4. Change all passwords using something like 1Password or KeePass, with a complex master password
5. Make sure she doesn't open emails from people she doesn't know, or click links without double checking the link first.
6. Reset the router on her network, and reconfigure the network. If she uses wireless be sure to run WPA/2 with AES and a long passphrase


That should pretty much remove any ability of his to track her communications, no matter his method.

 

[Topherhead]

Actually there is a really creepy program i had never heard of before a few weeks ago.
http://www.spectorsoft.com i had a client that had it installed. the only way to find it was to do like
ctrl+alt+shift+[letter]
that letter can be set so mid-as well just hit those and mash the keyboard. it avoided all scans and i couldn't find a process for it.
still i second the wipe and reinstall shange all passwords etc

 

[YeOldeStonecat]

I agree he probably put SpectorSoft on her computer....it's a good program, legit, and they keep themselves whitelisted from most antivirus software (except for a slip about 1 month ago, when Microsoft Security Essentials picked it up for a day).

Since you don't know what he did, format, reinstall, reset router, etc.

 

[Deleted member 176933]

...and since he left, she feels like he knows exactly what’s going with her life...he still knows what’s going on with her correspondence through her e-mail.

I think she should devise a plan. We can call it "Operation Setup.exe".

She can spread some false information via email to see if he bites. If he does, she can prove he has "hacked" into her computer system. I think he would face jail time if she can prove it.

We men are creatures of pride. If he blatantly lets her know he has information only available in her email, he's being arrogant, cocky, and foolish. He thinks he's smarter than she is and thinks she's too dumb to figure it out and too weak to confront him. It should be easy to take advantage of him.

Keep the PC as is. Move anything that's extremely important/confidential to a USB drive. Purchase a cheap netbook/laptop and use internet via an aircard or similar for anything private. Create new accounts for everything, but keep the old ones active. If he's already in her network and online life, turn it into a honey pot he cannot resist.

This would make a great movie.

 

[Striker109]

7-pass disk wipe? WTF?! You think some latent bit is going to spring back to life?

I like to err on the side of caution in these types of situations. A 7 pass wipe won't take too long unless you have a older PC and have a large HD. I'd prefer to be safe than sorry.

 

[djBon2112]

I like to err on the side of caution in these types of situations. A 7 pass wipe won't take too long unless you have a older PC and have a large HD. I'd prefer to be safe than sorry.

It's still a day of work for nothing... she's not throwing the HDD out where he could find it. One pass will get rid of any malicious data.

 

[InvisiBill]

I like to err on the side of caution in these types of situations. A 7 pass wipe won't take too long unless you have a older PC and have a large HD. I'd prefer to be safe than sorry.

The point of multi-pass wiping is to remove magnetic traces of the data that was previously stored there. You're talking about electron microscopes and such to find data remnants at that point. A regular PC can't find data after it's been wiped with a single pass, and there's no proof that anyone has ever recovered anything after a single pass of 0-wiping even. By design, Windows can't even see deleted (as opposed to "wiped") data without first running some other undelete program.

If you want to be that safe, you should probably replace the motherboard too, as it has PROMs that could have been rewritten by malware to contain and reload the code once Windows is reinstalled. Actually, this would apply to any piece of hardware with PROMs, like a NIC.

 

[jrdonnaruma]

Unless her ex-husband is an extremely skilled blackhat, i highly doubt he managed to get any sort of bios or PROM malware installed on her system. There are no simple ways to do that, and no released code to allow someone to do it, or do what he seems to be doing. At least not to my knowledge. I wouldn't be too worried about that.

Unless of course he is a skilled blackhat.. then just get a new computer..

 

[txmale4969]

i agree d-ban seems a bit overkill. wipe and reload os and change pws seems like that should be enough. now like others have stated above .......if ex is come kind of c++ programmer or computer geek.......buy a new computer.

 

[Nate7311]

I got to deal with a similar situation for a friend of mine gettnig divorced from an IT manager in the past. In our case the guy was lazy and thought she was too inexperienced to seek help, so he just set up the email account on another machine. A quick call to the ISP and some sweet talking got confirmation that there were 2 IP's checking that account. Change of password for the email account and a note on the account to only allow her to modify anything (small ISP, no automated panel). Just to be safe we did the same as the above suggestions, reformat and use a completely new set of passwords.

IF they're really paranoid, have her lawyer subpoena her ISP for email account access records and his ISP for IP address records. Might not get anything, but they might find a match...