In-Reply-To: <[EMAIL PROTECTED]>
>The recorded data is saved in a C:\winnt\system32\netext\ folder but no >exec. There is nothing unusual listed in Task Manager that would lead me to >the application running in the background. Would anyone happen to know how >exactly this application works. I don't have a copy of the software to tell you exactly what's going on. However, a quick search on Google led to this: http://www.interhack.net/pubs/spector/ According to the above review, an obfuscation technique is used. Therefore, it may not be an obvious process...if you go to the SysInternals site, for example, and grab a copy of listdlls.exe and run it on your system, you'll get not only the DLLs associated w/ each process/PID, but the command line used to launch the process, as well. You'll likely find your suspicious process this way. The other possibility is, of course, API hooking, a la Greg Hoglund's rootkit techniques. As the review isn't specific, this could be a possibility, as well. I'd suggest that you find a copy of InControl5, and install it on a system, and then run the first phase. Then install this spy software, and then run the second phase of InControl. You'll see exactly what's installed or modified. Also, all of the reviews I found online indicate that this software opens a "backchannel" (gawd, how I hate it when techies make up terms) to a remote site. Most of the reviewer seem to have found the connection only after installing and running Spector Pro, yet none seems to have done any sort of analysis at all. This is just something to be aware of... > I believe a user would have the right to >know what is running on their system, and I'm kinda ticked off that Spector >Soft denys such information. It doesn't sound at all as if the tech guys at SpectorSoft are denying anything...they simply aren't telling you. Also, I also believe that a user has the right to know what's running on their system - however, in your case, these aren't the user's systems at all, are they? The systems belong to the company. By extension, then, the company (ie, your boss) has the right to know what's going on on their systems. Harlan ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. -------------------------------------------------------------------
