To-Spy-On Keylogger Detected

[Q]

AOL 9 has a security check thing - it just told me that To-Spy-On v
2.6 is on my computer - I ran the same check on my laptop and this is
supposedly on my laptop too. I set 'block' in the AOL screen for this
logger. I am in my 60's and have limited knowledge of this stuff. I
would really appreciate an answer to a couple of questions from those
who know more than me (most of you, I expect). I do on-line banking,
and my daughter who is married to a computer geek is going through a
divorce, so I am very concerned about security.

If it matters at all, I use AOL browser, IE browser, and Firefox kind
of at random when I surf the internet. I do not visit questionable
sites, but I have been routed to a couple over the past six months.

1) Is there any way I can tell when this was installed?
2) Could it have been installed as an e-mail attachment to me? My
aging mother receives e-mail on my computer through a g-mail account
and I receive my mail through AOL and my daughter's mail on my
computer is through Yahoo mail.
3) Is there any way I can tell who the keystroke logger is sending my
personal information to?
4) What are the chances that this is a false reading?
5) If I do a system restore to an earlier point could I possibly
eliminate this keystroke logger?

I really appreciate help - I do not know who to turn to on this tech
stuff. Thanks in advance.

[Q]

On Mar 1, 2:57 pm, Far Canal <m...@privacy.net> wrote:
> Q wrote
>
>
>
>
>
> > AOL 9 has a security check thing - it just told me that To-Spy-On v
> > 2.6 is on my computer - I ran the same check on my laptop and this is
> > supposedly on my laptop too. I set 'block' in the AOL screen for this
> > logger. I am in my 60's and have limited knowledge of this stuff. I
> > would really appreciate an answer to a couple of questions from those
> > who know more than me (most of you, I expect). I do on-line banking,
> > and my daughter who is married to a computer geek is going through a
> > divorce, so I am very concerned about security.
>
> > If it matters at all, I use AOL browser, IE browser, and Firefox kind
> > of at random when I surf the internet. I do not visit questionable
> > sites, but I have been routed to a couple over the past six months.
>
> > 1) Is there any way I can tell when this was installed?
> > 2) Could it have been installed as an e-mail attachment to me? My
> > aging mother receives e-mail on my computer through a g-mail account
> > and I receive my mail through AOL and my daughter's mail on my
> > computer is through Yahoo mail.
> > 3) Is there any way I can tell who the keystroke logger is sending my
> > personal information to?
> > 4) What are the chances that this is a false reading?
> > 5) If I do a system restore to an earlier point could I possibly
> > eliminate this keystroke logger?
>
> > I really appreciate help - I do not know who to turn to on this tech
> > stuff. Thanks in advance.
>
> I know nothing of how AOL works. So I've no idea if you can stop it
> communicating with the outside world by blocking it with the AOL screen.
>
> An up to date Antivirus program may detect and remove the program, as
> will an antitrojan.
>
> Get Spybot and use the tools it supplies to see what programs are
> starting with your computer. Shut down any you don't need.
>
> Install a firewall and use it to control all outgoing connections.
>
> Somewhere amongst all the junk being posted here, there is a FAQ. There
> are some useful links in it.- Hide quoted text -
>
> - Show quoted text -

Thanks for your comments. I have McAfee on there and it did not find
it, nor did Ad-Aware. That is what makes me think it may be a false
positive, but I do not want to take a chance. I wish I knew how to
find the darn file and determine when the program was loaded, if it
was loaded.

Incidentally, I put LapLink on the machine last week in order to move
files between my laptop and my desk computer, as I do a lot of work on
the road and thought that might be a good thing to do. I wonder if
the anti-virus software sees Laplink and thinks it is a keystroke
logger. Is that possible???

I have Spybot on there but I did not realize I could check the start
files with that. I will try to do so. I have a firewall, but surely
these keystroke loggers are smart enough to get around a firewall? I
have a McAfee firewall. I will try and find the FAQ

[Andy Walker]

Q wrote:

>1) Is there any way I can tell when this was installed?

Maybe, if you can determine the file names involved.

>2) Could it have been installed as an e-mail attachment to me? My
>aging mother receives e-mail on my computer through a g-mail account
>and I receive my mail through AOL and my daughter's mail on my
>computer is through Yahoo mail.

Absolutely, it could.

>3) Is there any way I can tell who the keystroke logger is sending my
>personal information to?

Yes, but I fear it might be a bit technical. At any rate, you could
load a program such as Ethereal and capture the packets sent from your
computer and analyze the data. There are some excellent "how-to's" on
the WWW on how to do this using Ethereal - google for it.

>4) What are the chances that this is a false reading?

Possibly, but AOL uses CA's PestPatrol for its spyware scanner and I
don't hear a lot of complaints about PP from people - YMMV

>5) If I do a system restore to an earlier point could I possibly
>eliminate this keystroke logger?

Yes, possibly, but then you may lose other information that you want
to save.

>I really appreciate help - I do not know who to turn to on this tech
>stuff. Thanks in advance.

I don't normally advise people to do this, but in your case I suggest
that you try one (or more) of the free online scanners to check your
system. You might be able to determine the name of the file involved
and determine if you are still infected.

Here are some links to free scans (credit Dave Lipman):

Trend:
http://housecall.antivirus.com
http://housecall65.trendmicro.com/

Symantec:
http://security.symantec.com/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

BitDefender:
http://www.bitdefender.com/scan/license.php

Freedom Online scanner:
http://www.freedom.net/viruscenter/index.html

Panda ActiveScan:
http://http://www.activescan.com/

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

UNA AV:
http://online.una.com.ua/resulteng.php

Virus Total:
http://www.virustotal.com/flash/index_en.html

Microsoft:
http://safety.live.com/site/en-US/default.htm

Ewido:
http://www.ewido.net/en/onlinescan/

Trojan Scan:
http://www.windowsecurity.com/trojanscan/

PC Pitstop:
http://www.pcpitstop.com/antivirus/default.asp

Zone Alarm Online Scan:
http://download.zonelabs.com/bin/pro.../index_za.html

[Q]

On Mar 1, 6:59 pm, Andy Walker <awal...@nspank.invalid> wrote:
> Q wrote:
> >1) Is there any way I can tell when this was installed?
>
> Maybe, if you can determine the file names involved.
>
> >2) Could it have been installed as an e-mail attachment to me? My
> >aging mother receives e-mail on my computer through a g-mail account
> >and I receive my mail through AOL and my daughter's mail on my
> >computer is through Yahoo mail.
>
> Absolutely, it could.
>
> >3) Is there any way I can tell who the keystroke logger is sending my
> >personal information to?
>
> Yes, but I fear it might be a bit technical. At any rate, you could
> load a program such as Ethereal and capture the packets sent from your
> computer and analyze the data. There are some excellent "how-to's" on
> the WWW on how to do this using Ethereal - google for it.
>
> >4) What are the chances that this is a false reading?
>
> Possibly, but AOL uses CA's PestPatrol for its spyware scanner and I
> don't hear a lot of complaints about PP from people - YMMV
>
> >5) If I do a system restore to an earlier point could I possibly
> >eliminate this keystroke logger?
>
> Yes, possibly, but then you may lose other information that you want
> to save.
>
> >I really appreciate help - I do not know who to turn to on this tech
> >stuff. Thanks in advance.
>
> I don't normally advise people to do this, but in your case I suggest
> that you try one (or more) of the free online scanners to check your
> system. You might be able to determine the name of the file involved
> and determine if you are still infected.
>
> Here are some links to free scans (credit Dave Lipman):
>
> Trend:http://housecall.antivirus.comhttp:/...rendmicro.com/
>
> Symantec:http://security.symantec.com/
>
> F-Secure:http://support.f-secure.com/enu/home/ols.shtml
>
> McAfee:http://www.mcafee.com/myapps/mfs/default.asp
>
> Kaspersky:http://www.kaspersky.com/de/scanforvirus
>
> BitDefender:http://www.bitdefender.com/scan/license.php
>
> Freedom Online scanner:http://www.freedom.net/viruscenter/index.html
>
> Panda ActiveScan:http://http://www.activescan.com/
>
> Computer Associates:http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
>
> DialogueScience:http://www.antivir.ru/english/www_av/
>
> UNA AV:http://online.una.com.ua/resulteng.php
>
> Virus Total:http://www.virustotal.com/flash/index_en.html
>
> Microsoft:http://safety.live.com/site/en-US/default.htm
>
> Ewido:http://www.ewido.net/en/onlinescan/
>
> Trojan Scan:http://www.windowsecurity.com/trojanscan/
>
> PC Pitstop:http://www.pcpitstop.com/antivirus/default.asp
>
> Zone Alarm Online Scan:http://download.zonelabs.com/bin/pro...ector/index_za....

Thanks for all of these references. I have gone to most of them -
some are over my head and some have not been much help, but I am
continuing to learn more. I would still like to know what files are
on my computer as a result of this keystroke logger and find out when
they were placed there. Is there any way at all that a mid-level (at
best) user can find out? I am considering downloading the logger from
the company website to see what it does to my machine, but I hate to
have to purchase the darn thing - and then when it is on my machine, I
am not sure I can get it back off again... Advice is once more,
appreciated.