To-Spy-On Keylogger Detected

[Q]

AOL 9 has a security check thing - it just told me that To-Spy-On v
2.6 is on my computer - I ran the same check on my laptop and this is
supposedly on my laptop too. I set 'block' in the AOL screen for this
logger. I am in my 60's and have limited knowledge of this stuff. I
would really appreciate an answer to a couple of questions from those
who know more than me (most of you, I expect). I do on-line banking,
and my daughter who is married to a computer geek is going through a
divorce, so I am very concerned about security.

If it matters at all, I use AOL browser, IE browser, and Firefox kind
of at random when I surf the internet. I do not visit questionable
sites, but I have been routed to a couple over the past six months.

1) Is there any way I can tell when this was installed?
2) Could it have been installed as an e-mail attachment to me? My
aging mother receives e-mail on my computer through a g-mail account
and I receive my mail through AOL and my daughter's mail on my
computer is through Yahoo mail.
3) Is there any way I can tell who the keystroke logger is sending my
personal information to?
4) What are the chances that this is a false reading?
5) If I do a system restore to an earlier point could I possibly
eliminate this keystroke logger?

I really appreciate help - I do not know who to turn to on this tech
stuff. Thanks in advance.

[Andy Walker]

Q wrote:

>1) Is there any way I can tell when this was installed?

Maybe, if you can determine the file names involved.

>2) Could it have been installed as an e-mail attachment to me? My
>aging mother receives e-mail on my computer through a g-mail account
>and I receive my mail through AOL and my daughter's mail on my
>computer is through Yahoo mail.

Absolutely, it could.

>3) Is there any way I can tell who the keystroke logger is sending my
>personal information to?

Yes, but I fear it might be a bit technical. At any rate, you could
load a program such as Ethereal and capture the packets sent from your
computer and analyze the data. There are some excellent "how-to's" on
the WWW on how to do this using Ethereal - google for it.

>4) What are the chances that this is a false reading?

Possibly, but AOL uses CA's PestPatrol for its spyware scanner and I
don't hear a lot of complaints about PP from people - YMMV

>5) If I do a system restore to an earlier point could I possibly
>eliminate this keystroke logger?

Yes, possibly, but then you may lose other information that you want
to save.

>I really appreciate help - I do not know who to turn to on this tech
>stuff. Thanks in advance.

I don't normally advise people to do this, but in your case I suggest
that you try one (or more) of the free online scanners to check your
system. You might be able to determine the name of the file involved
and determine if you are still infected.

Here are some links to free scans (credit Dave Lipman):

Trend:
http://housecall.antivirus.com
http://housecall65.trendmicro.com/

Symantec:
http://security.symantec.com/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

BitDefender:
http://www.bitdefender.com/scan/license.php

Freedom Online scanner:
http://www.freedom.net/viruscenter/index.html

Panda ActiveScan:
http://http://www.activescan.com/

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

UNA AV:
http://online.una.com.ua/resulteng.php

Virus Total:
http://www.virustotal.com/flash/index_en.html

Microsoft:
http://safety.live.com/site/en-US/default.htm

Ewido:
http://www.ewido.net/en/onlinescan/

Trojan Scan:
http://www.windowsecurity.com/trojanscan/

PC Pitstop:
http://www.pcpitstop.com/antivirus/default.asp

Zone Alarm Online Scan:
http://download.zonelabs.com/bin/pro.../index_za.html

[Q]

On Mar 1, 6:59 pm, Andy Walker <awal...@nspank.invalid> wrote:
> Q wrote:
> >1) Is there any way I can tell when this was installed?
>
> Maybe, if you can determine the file names involved.
>
> >2) Could it have been installed as an e-mail attachment to me? My
> >aging mother receives e-mail on my computer through a g-mail account
> >and I receive my mail through AOL and my daughter's mail on my
> >computer is through Yahoo mail.
>
> Absolutely, it could.
>
> >3) Is there any way I can tell who the keystroke logger is sending my
> >personal information to?
>
> Yes, but I fear it might be a bit technical. At any rate, you could
> load a program such as Ethereal and capture the packets sent from your
> computer and analyze the data. There are some excellent "how-to's" on
> the WWW on how to do this using Ethereal - google for it.
>
> >4) What are the chances that this is a false reading?
>
> Possibly, but AOL uses CA's PestPatrol for its spyware scanner and I
> don't hear a lot of complaints about PP from people - YMMV
>
> >5) If I do a system restore to an earlier point could I possibly
> >eliminate this keystroke logger?
>
> Yes, possibly, but then you may lose other information that you want
> to save.
>
> >I really appreciate help - I do not know who to turn to on this tech
> >stuff. Thanks in advance.
>
> I don't normally advise people to do this, but in your case I suggest
> that you try one (or more) of the free online scanners to check your
> system. You might be able to determine the name of the file involved
> and determine if you are still infected.
>
> Here are some links to free scans (credit Dave Lipman):
>
> Trend:http://housecall.antivirus.comhttp:/...rendmicro.com/
>
> Symantec:http://security.symantec.com/
>
> F-Secure:http://support.f-secure.com/enu/home/ols.shtml
>
> McAfee:http://www.mcafee.com/myapps/mfs/default.asp
>
> Kaspersky:http://www.kaspersky.com/de/scanforvirus
>
> BitDefender:http://www.bitdefender.com/scan/license.php
>
> Freedom Online scanner:http://www.freedom.net/viruscenter/index.html
>
> Panda ActiveScan:http://http://www.activescan.com/
>
> Computer Associates:http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
>
> DialogueScience:http://www.antivir.ru/english/www_av/
>
> UNA AV:http://online.una.com.ua/resulteng.php
>
> Virus Total:http://www.virustotal.com/flash/index_en.html
>
> Microsoft:http://safety.live.com/site/en-US/default.htm
>
> Ewido:http://www.ewido.net/en/onlinescan/
>
> Trojan Scan:http://www.windowsecurity.com/trojanscan/
>
> PC Pitstop:http://www.pcpitstop.com/antivirus/default.asp
>
> Zone Alarm Online Scan:http://download.zonelabs.com/bin/pro...ector/index_za....

Thanks for all of these references. I have gone to most of them -
some are over my head and some have not been much help, but I am
continuing to learn more. I would still like to know what files are
on my computer as a result of this keystroke logger and find out when
they were placed there. Is there any way at all that a mid-level (at
best) user can find out? I am considering downloading the logger from
the company website to see what it does to my machine, but I hate to
have to purchase the darn thing - and then when it is on my machine, I
am not sure I can get it back off again... Advice is once more,
appreciated.