Someones Watching
March 17, 2008 9:10 AM   Subscribe

I believe that my soon to be ex-wife has installed software on my laptop (Win XP) that allows her to remotely monitor my web activity. How can I find and disable this?
posted by anonymous to Computers & Internet (25 answers total) 3 users marked this as a favorite
 
While there are several ways to remove any of a number of monitoring packages, will you really be 100% sure without doing a full wipe? Backup your data and reinstall XP.
posted by Cat Pie Hurts at 9:16 AM on March 17, 2008


In the extreme case you could just backup your files, zap the disk completely and re-install from scratch.
posted by gadha at 9:16 AM on March 17, 2008


Perhaps not the most desirable answer, but wiping your hard drive and reinstalling everything would guarantee that only programs that you installed would be on the machine.
posted by bucko at 9:17 AM on March 17, 2008


You might try some of the tools on the HijackThis website.
posted by phearlez at 9:18 AM on March 17, 2008


Don't disable it, just to be on the safe side - lose it!

Backup all your personal data and then use Darik's Boot and Nuke to securely wipe the Hard disk. You'll need your XP disk for re-installation.
posted by Blacksun at 9:32 AM on March 17, 2008


Nuke it from orbit. It's the only way to be sure, or, what they said. Back up your data and re-install the OS. (One way to do this would be to get a new hard drive and a hard drive enclosure, put the existing drive in the enclosure, put the new hard drive in the machine, install the OS, update it, install and configure essentials like anti-virus and firewall, and then connect the enclosure and copy over your old data.)

In the meantime, you could get a Linux LiveCD like Knoppix or the Ubuntu LiveCD, boot your laptop with it, and browse away. Nothing your soon-to-be-ex could have done with the instance of XP on your hard drive could affect web browsing you did in this environment.
posted by Zed_Lopez at 9:36 AM on March 17, 2008 [1 favorite]


Are you completely and absolutely confident that she didn't do anything to the hardware?
posted by box at 9:37 AM on March 17, 2008 [1 favorite]


Download, burn, and put in a live-CD (like mepis, ubuntu, or many others). Reboot. Your HD is intact and shows no signs of tinkering, but no software if being run from it. Ultimately you'll want to get everything valuable off the compromised machine, scan those files for viruses (and macros!) and wipe the offending hard drive. Going with a live CD buys you a little time before that odious task and shows no signs that you're up to the game.

Also, if you decide that you're just being paranoid it saves you a bunch of work.
posted by a robot made out of meat at 9:40 AM on March 17, 2008


Backup + reinstall is your best bet.

Preliminary check you could do that might turn something up if it is obvious: Start->Run-> "msconfig," then check the "Startup" tab and make sure you know what all of that stuff is. I the monitoring software automatically loads at start up it should be there.
posted by mustcatchmooseandsquirrel at 9:47 AM on March 17, 2008


You can't be sure of anything unless you start over from scratch. She could tell the software to lie to you about whether there's anything installed.

IF you want to learn what's there, you need to get outside the stuff that may be modified; you need a bootable CD; Ubuntu and Knoppix are free ones that come to mind.

But, you will want to remove what's there, in any case. Back up your /data/ -- NO PROGRAMS. Reinstall all programs from trusted sources.

For extra credit, figure out what she's using and how she's she's getting the results from far away, and create a red herring, say on a computer at the public library. ("Golly, my ex-husband sure has been researching and writing a lot of essays about turquoise jewelry and the Spanish-American war.")
posted by cmiller at 9:51 AM on March 17, 2008 [1 favorite]


If she's really spying, she'll need to be sending the data from your computer to hers somehow. For this, a firewall like ZoneAlarm will watch for all incoming/outgoing packets. If you see something fishy come up, take a look and see what's going on.
For Msconfig, also check the services tab. Things can get stuck there.
posted by jmd82 at 9:58 AM on March 17, 2008


Don't. Instead, engage in a campaign of misinformation. Boot from the Linux CD when you need to be unobserved, and the rest of the time do things online to mislead her. I suspect she has some motive - thwart it.
posted by procrastination at 10:05 AM on March 17, 2008 [6 favorites]


Actually on re-reading this; she is spying on you with software via YOUR laptop. Is that not a felony?
posted by Blacksun at 10:14 AM on March 17, 2008


Get your lawyer to ask an interrogatory about it in the discovery phase of your divorce.

I'd just backup your data and buy a new computer.
posted by Ironmouth at 10:17 AM on March 17, 2008


yeah, I vote for reinstall, too
posted by matteo at 10:28 AM on March 17, 2008


allows her to remotely monitor my web activity.

Remember, if she's key-logging you, she may already know all of your passwords, which means she has access to everything from your mefi account (including this anonymous question?) and throwaway email accounts to your bank account and work data and legal communications, anything you might do from your PC. This is especially dangerous if you use the same or similar passwords for different types of accounts; you may never check your bank account at home, but if it has the same password as an account that you do use at home, she might try a known password on everything and get in.

From another PC at another location (work, internet cafe, etc.), log into all of your accounts and change the passwords. Do that before she can do anything nasty (to your data or in your name). Close your online accounts and start new ones under different aliases. If you thought you had a secret account anywhere, now assume that it's not a secret and that it has to be dumped. Then stop accessing all accounts from home or from that PC until you have this sorted out.

So do that first, and then burn a copy of your data to CD, and then scan and wipe the PC. Then dump the old PC just to end all fears of the possibility she has messed with the hardware (something like this but inside the box?) in a way you might not notice.
posted by pracowity at 10:40 AM on March 17, 2008 [10 favorites]


pracowity has it, but add Ironmouth. Don't do anything to the PC. Go to a lawyer and ask if someone can independently verify spying activity - and what the legal implications (and settlement implications) are.
posted by ewkpates at 10:52 AM on March 17, 2008


Stop immediately. Do nothing, turn the machine off and don't turn it back on for anything.

Now, get thee to either an a) lawyer or b) geek who knows basic forensics. I can only comment on what b) will likely do which is to image your hard drive and do some tracing on what is or is not there. Assuming you're right and your wife isn't with the NSA or KGB it will be trivial to figure out what was being watched and likely where it was being sent. In concert with a) you may have legal recourse.

The advice in this thread is mostly good if you don't care about the evidence, but that seems a bit shortsighted, especially if you're in the midst of a divorce proceedings where this kind of thing might just be relevant.
posted by Skorgu at 10:53 AM on March 17, 2008 [2 favorites]


"Cleaning" the laptop is the least of your concerns right now. Stop using it immediately, and take it to your attorney. He or she may want to send it out for forensics. The less you touch it, the more 'pristine' any possible evidence.
posted by NucleophilicAttack at 10:53 AM on March 17, 2008 [1 favorite]


Buy a new computer and use your current one to feed her false info.

And of course change all your online passwords using your new computer.
posted by ian1977 at 12:19 PM on March 17, 2008


Go to a lawyer

IANAL, but from my limited knowledge of case law, I can tell you that if you typically gave your wife access to your computer, then you have no expectation of privacy, and it can be interpreted by the court or police that she has the right to install other software on it, or do with it what she pleases. She can give others access to it, etc. The analogy is whether you keep your bedroom door locked or not. If you keep your door open, you are saying to your roommate, it's ok to go in here. If you regularly keep it locked, roommates have to abide by your expectation of privacy.
posted by about_time at 12:31 PM on March 17, 2008


Boot off of Knoppix as has been suggested. If she isntalled any keyloggers, spyware or malware then it will have no effect if Knoppix is running on your machine. Use Knoppix to clear off or remove any personal data and then reinstall Win XP. But if all you are interested in someone spying on your online usage then Knoppix is your friend.
posted by JJ86 at 12:45 PM on March 17, 2008


Wipe and reinstall. I don't know if there's anything necessarily illegal about installing such software on a computer, especially if she's ostensibly allowed access to the laptop normally, but if you're going through a divorce you should definitely talk to your lawyer about this.

Don't try any funny stuff.
posted by Sticherbeast at 1:07 PM on March 17, 2008


You might want to make a copy of the hard drive with something like DriveImageXML if you want to look into it later as well. Then you could wipe the drive and still have an archive of the entire thing.
posted by blue_beetle at 1:42 PM on March 17, 2008


box- what *could* she have done to the hardware in a laptop?
posted by gjc at 4:57 AM on March 18, 2008


« Older T9 kybd wld be gr8.   |   a few days in mexico city Newer »
This thread is closed to new comments.