Guys/Gals,

The ex boyfriend of a good friend of mine, by all accounts he has a PHd or two in IT, it seems installed a programme on her PC whereas he can, or could, read whatever she typed.

They are no longer a couple and she is unsure if he could only read her writings when they were together, i.e. he was manually logging in to her PC to read, or if he is reading remotely to this day from half a world away.

I'm presuming that she needs to select "Control Panel" and then "Programs", if this is incorrect then please speak up, what does she need to be looking for, any programme ID suggestions please?

Thanks in advance

You can try that and see if there is a program that you can uninstall that you do not know what it does - google any you don't recognise.

If this had happened to me, I would, for "peace of mind", at least refomatt the hard disk and start from scratch.

Depending on the ability of the chap, he may have hidden his tracks very deeply.

I'd, in reality, replace the hard disk - they are very cheap these days.

One of the first things to do would be to check that remote assistance is disabled.

Access via "system>advanced" in the control panel.

Sounds like he's a weirdo and there will be more problems in store than just the PC issues.

De-identify the PC and give to a pedo and kill 2 creeps with the one stone.

Thanks for that Tarq57, I've just emailed her the "idiots guide" of how to disable it :)

finncapp, if I were sitting beside her I'd scroll thru her programmes and google, difficult to get this across to her remotely.

cattletruck ... Certainly a weirdo, he wasn't taking care of her so she went looking elsewhere and rather than mend his ways, or indeed finish the relationship, he went spying on her and is now the p1ssed off ex boyfriend out to seek revenge.

You seem to be describing a piece of software called in the "trade", a key board logger.

The software intercepts keystrokes and than either stores them secretly to be downloaded at will by a third party or relays in the keystrokes in real time to a remote device for inspection. [Tarq and Cattletruck -Software of this type may try to hide its self; Sorry of the omission]

Obviously these activities can be accomplished without the PC owners consent

A slightly more modern variant of this approach is to use the Computing devices built in cameras to relay both still and moving images captured by the device.

If I were in this situation [or anyone I knew of]. I would as a matter of urgency, cease to use the PC immediately; and get the potentially at risk party, to contact a solicitor, get professional advice as to the status of the potentially compromised PC and depending on the results, contact the police.

The key word in your OP was "seems" so because this is a public forum care is needed in giving any advice here.

Anything that I've suggested is purely in the context of what I would do, if i were suspicious that a personal computing device that I owned, were to be compromised and not in anyway shape of form, explicitly linked to the potential situation that you have outlined.

CAT III

Targ57..."One of the first things to do would be to check that remote assistance is disabled"

Thanks for the 'head up' out of curiosity had a look at mine, the remote assistance was 'ticked' it's not now:ok:

Most probably has hacked her email...

The first thing I would do would be to disconnect it from the Internet. Turning it off and not using it would be my second action.

Then I would seek professional help in cleaning it of any malware.

Or, buy a new computer - they are fairly cheap these days.

Targ57..."One of the first things to do would be to check that remote assistance is disabled"

Thanks for the 'head up' out of curiosity had a look at mine, the remote assistance was 'ticked' it's not now

Ditto :)


ExXB ... and others,

Here, for my friend, a new computer is equivalent to 3 months (gross) salary, but the computer isn't the problem, the problem is HIM, he's more recently been trying to blackmail her, she's become so stressed she's been in and out of hospital.

Before she let me know of this she had already blown her money seeking legal advice, the ex bf is claiming that she has been involved in illegal activities but she's told me, pretty much, the full story and all she is guilty of are some indiscretions, she hasn't done anything illegal.

I'm just asking of her for his home address or home city so I may goggle for his local police's electronic crimes department or similar, to the best of my knowledge blackmail is illegal.

Thanks again

Here, for my friend, a new computer is equivalent to 3 months (gross) salary, but the computer isn't the problem, the problem is HIM


The problem with the computer is you don't know what he's done so it's very hard to say what needs to be looked for and to be sure you've removed it all if you do find something nefarious. An IT PhD doesn't necessarily mean he know enough about Windows to be really sneaky but he might.

Short of shelving the existing system and buying a replacement, the safest thing to do is reformat and reinstall everything from scratch. Don't use backups as they will likely be affected as well. Change all the passwords for all her on-line accounts (e-mail, Google, Facebook, etc and so forth) - do this from another computer in case it is a keylogger and it's still there. It's a pain I know but the options are limited.

one thing that key loggers do not pick up is mouse movement and clicks. So when entering a password like "passowordo" type wordo; move the mouse to the beginning and click; then type passo. The key logger will pick up wordopasso. Obviously not a perfect or long-term solution but could be effective when necessary.

Almost everything using the logging technique these days is event-driven: it's actually a form grabber, and so looks for submit events. It then has the correct string no matter how you assembled it. Your method would only defeat hardware-based keyloggers in the keyboard cable.


Some commercial antivirus providers have free bot scanners, for example Trend's RUBotted. But I'm not sure that would detect, say, Spector.

A few years ago there was a South Australia idiot threatening all sorts, including rape and murder, on a forum, I got in email contact with a detective from South Australia Police's Electronic Crimes and one day, whilst this idiot was being brave from behind his keyboard, the Police came knocking at his door :)

This guy lives in San Francisco, I've already successfully goggled SF's Police email addresses, any more nonsense from him and I'll be emailing his local cops.

By re formatting the thing and re installing the operating System: there is a risk of destroying evidence.

Phileas, Obviously this is only an opinion based on descriptions of what has been said; on the thread and I stand by the advice I've suggested, but only the potential victim can really decide the best course of action.

Obviously in this case - I cannot state that this applies in this alleged instance, but given the very advanced state of the science of malware development, there are already established ways of circumventing the re installation of the operating system. [Edit: and preserving the functionality of the malware].

Think of Stuxnet and its variants. [Further edit: I cannot verify the voracity of this site but its worth a look https://security.stackexchange.com/questions/7204/is-making-a-clean-install-enough-to-remove-potential-malware].

CAT III

CAT III,

Thanks, if I had her laptop in front of me there is so much I could do to advise better ... It does appear that the offender is working on out of date information and/or making it up for himself so, fingers crossed, he only installed something that he could read there on the spot and not read remotely.

That's OK no problem.

I've seen laughable attempts at spying e.g. people installing TeamViewer as a silent background service, or saying that VNC is antivirus. This kind of thing you can deal with without wiping. However, if this guy does know what he's doing, either wipe and start again or hand in to Plod as evidence for prosecution.

There are valid points to get a new machine - the maxim of "if someone you don't trust has had physical access to it, it's compromised" is technically true. With enough resources the accused could install a rootkit or even some additional hardware in an internal expansion slot (even a laptop; mine has 3 mini-pcie slots, expresscard, internal 56k modem card plug, etc). But unless he works for Mossad / NSA / Q branch this is extremely unlikely...

I would also recommend changing the password for any domestic Wi-Fi network that she may be using.