43

Today I was trying to uninstall some application and I was very surprised to see this entry in my applications list

enter image description here

Then I try to find what is this and I finally found it in "Program Files". After I opened the application and explored it a little bit I found this window

enter image description here

The email address you see is my spouse's email address. What I see from this is that my spouse has installed this application to spy on my computer and then send reports to her email.

What I should do with my computer?

schroeder
  • 125,553
  • 55
  • 289
  • 326
Green Fly
  • 1,957
  • 1
  • 16
  • 21
  • 65
    Talk to her ? Seriously, this is not a question for se.security but for yourself. – Stephane Nov 27 '13 at 15:18
  • 24
    .. there is also a huge potential for a prank. – teresko Nov 27 '13 at 16:02
  • 16
    Specifically, talk to her about marriage counseling. This is not a flip comment. If you've got trust issues, professional help working through them is going to be the best option for your relationship in the long term. – Xander Nov 27 '13 at 19:39
  • 4
    Another thing to consider - is your spouse at all technical? Is it possible your spouse did not realize what s/he was doing? Or maybe s/he was just fooling around... – AviD Nov 28 '13 at 08:38
  • 2
    @AviD true. This could even be like "following a dumb advice from a friend, without realizing the serious privacy intrusion". – Ebenezar John Paul Nov 28 '13 at 09:05
  • 2
    Is your laptop also used by your children? – Jack Aidley Nov 28 '13 at 11:41
  • Situations like this are one of reasons why I always recommend people to use FDE (TrueCrypt, FileVault 2, etc.) (with strong password, of course). When your computer is left open to any data manipulation while you are away from it, that's really not good! Who knows who would try to take some advantage from it. – Display Name Oct 06 '15 at 12:34

9 Answers9

47

Normally, I'd just parrot the "nuke it from orbit and start from the beginning" line. However, information security is also about understanding your adversary, the practical risk, and the assets you're trying to protect.

In this case, I think situation is a bit different; your spouse clearly just Googled for "free key logger" and downloaded the first one or two results. You're not dealing with some skilled attacker trying to hide rootkits or compromise your BIOS.

I've just looked into this Spyrix application and it seems that if it's not password-protected, you can simply click "Stop" (which, according to the screenshot, you've already done) and then uninstall it normally. You don't need to remove your operating system or flash your BIOS or anything of that sort. You don't even need any special "removal tools" in this case.

Having that said, if you still feel you're not satisfied with the integrity of your system (I generally wouldn't), then just remove it and install it again.

Side note: I really don't think your problem is technical. Go talk to your spouse as there are deeper reasons behind this. Almost everything can be fixed with an honest and calm conversation.

Adi
  • 43,953
  • 16
  • 137
  • 168
  • 22
    Maybe it's a sleight of hand, you know: an obvious keylogger and a hidden one. – Stephane Nov 27 '13 at 15:30
  • 7
    @Stephane that would only be plausible if Green Fly's spouse had reason to suspect that Green Fly would be looking for evidence of being spied upon. Nothing in what has been posted so far would support such a conclusion. – Dan Is Fiddling By Firelight Nov 27 '13 at 18:07
  • Why would you trust a keylogger to only send its stuff to the given email address and happily uninstall itself without leaving behind something even worse? The argument would have been valid if she had written the keylogger from scratch (*sort of*) and she obviously didn't. Nuke from orbit then have a talk. – Thomas Nov 28 '13 at 08:14
  • 11
    @Adnan *Almost everything can be fixed with an honest and calm conversation* ... yeah... and sometimes a different spouse. A healthy relationship takes two people to maintain, no matter how reasonable one of them may be. – tylerl Nov 28 '13 at 08:24
  • 4
    @Thomas I sandboxed the installation and looked at it with Tiny Watcher and InstallWatch. Clicking "Stop" seems to deactivate the whole application and there's nothing nasty left behind. – Adi Nov 28 '13 at 08:59
  • @Adnan Good to know, thanks. I would still recommend a reinstall just for peace of mind, though. – Thomas Nov 28 '13 at 09:00
46

Change all your passwords! (no one had mentioned this)

This is assuming that you're going to take an open approach to this problem rather than engage in counter-spying or image manipulation of your own. It's fairly basic advice, but do this on a computer you trust (this one cleaned or at work), and don't re-use any of your old passwords. Personally, I like using LastPass to store my passwords (generally random characters) but your mileage may vary.

If you have things to hide (or just value your privacy) consider also using TrueCrypt to encrypt your system drive - you have a terrible security situation in that the attacker has physical access to the computer so let's make it hard for them to read the data while you're away.

And then, on a personal level, perhaps prepare for the worst regarding your relationship. The fact that she (or he) installed this either shows a desire to leave anyway, or a serious lack of trust from them - and if that's not recognised and dealt with, it underlies all your dealings with each other.

Update: On the passwords/account compromised note, you may want to check key accounts to make sure the recovery details haven't been changed or that no forwarding is going on. For example: GMail lets you set recovery options (click on your face - account - security - recovery) or set up a filter that silently forwards everything (gear icon - settings - filters). Consider setting up two-factor authentication on accounts that support it and look for ways to log-off other sessions. Google has a checklist that covers some other things.

Rob Church
  • 576
  • 4
  • 5
  • 3
    Best remove the keylogger before changing those passwords. :-) – Anonymous Dec 20 '13 at 16:41
  • 1
    Hopefully this situation has resolved itself amicably by now but encrypting the drive after discovering an indicator of compromise stemming from a lack of trust would only escalate things under any circumstance. This is a people problem, not a technical issue. – Ivan Sep 28 '16 at 19:50
16

Like many others mentioned, there are trust issues here. thats needs sorting. the best way is a face to face discussion.

an even better way to invite her is by typing out the invitation on your computer so that she sees your invitation and also comes to know of the keylogger in there.

Now that you know your laptop is insecure, you should setup some admin controls on it. This time around, it was just your spouse, tomorrow.... who knows.

all the best !

vibez_well
  • 185
  • 7
14

Disclaimer

The approach I am about to describe might be unethical and perhaps even illegal. I am posting this for two main reasons: one I have no emotional attachment to your relationship; and two, because I like solving problems, the answer below is from a technical point of view: I am not really suggesting you do as I say below - the other answers that have suggested you speak with her is perhaps the best human way of solving this; I don't know: it's your call.


For this you will need to have two things:

  • Strategy
  • Tactics

Your Strategy

One thing is clear: no matter what you ask her, you can never trust her answer. If you depend solely on what she tells you, you will never know whether this keylogger was installed there because she was just suspicious that you might be cheating on her, or that she is trying to build a case to run away with half of what you own. Either way a new situation has been unveiled and you will need to to be tactful; treat it like a case to be solved. The key point in your strategy is to understand her motives, and depending on the findings, take an appropriate action, even if it means divorcing her. That's your strategy: find out her real motives. Enter your tactics...

Your Tactics

I agree that the problem is not 'technical', but 'human' (social). Now, pay attention to this: your best chance of getting to the bottom of this 'human', social problem might be via the 'technical' one. The fact that you have the upper hand, (as it has already been said here, you have the knowledge that she doesn't know that you know that the keylogger is in your machine) gives you extreme advantage in this incident: take the opportunity to use it in the following way:

  1. Pretend that you don't know it is there and don't use other software to scramble what you do. To the contrary, as it has already been suggested, make a model of yourself. Send e-mail to some friend (you may tell him about it or not) in a way that in the e-mail you say good things about her. Every woman I know enjoys compliments: use it to soften her. Make her read your messages that say good things about her. Why this approach? Two reasons: one, you have better room for action if she does not know that you know, and secondly, if she starts reading these words of flattery she will lower her guard a bit, giving you even more room for investigation. (I hope you have not posted this question from the infected machine.)
  2. Install a spyware on her cellular/mobile, such as Mobistealth for example. It is a paid service but this will give you her real time GPS location, a copy of her text messages, e-mails and phone calls. Mobiles are the best way of gathering and correlating information about a person, especially women, that carry them everywhere and used them very often to communicate their strategies with their girlfriends: they are very sociable beings, so take advantage of her social verbiage. The best time for you to do this is when she is having shower, but find out if she is going to wash her hair. Women don't tend to wash their hair every day - the rationale is simple: if she is washing her hair, you have more time to install the spyware. If her phone's OS does not support the spyware, a more drastic action is needed. You will need to get rid of her phone. For example, take her to a night club and whenever she is distracted, take her phone (destroy it and bury it or give it to a friend you trust - do not keep it at home, as she is likely to go through your stuff). Tell her how sorry you are and how this sucks, and to compensate for her loss, offer to buy her another one and give her a few options (you will try and push for the ones that support the spyware. Do some research and have valid arguments as to why she should choose one of your list. Make stuff up about phones if you want. It is unlikely she will read about the advantages of each device over another). Spy on her and find out what she's been up to. Consider spreading your infection onto her computers if you find it necessary. I bet she keeps her girlfriends up-to-date on her findings from snooping on your e-mails: this might help get to the bottom of her motives. If she is not communicating this to any of her friends, at least you get to see if she is the cheater.

After Math

If you find out that all her problem was that she was suspicious because she thought you might be interested in another woman, either because you don't treat her like you used to in the beginning, or because you have been behaving strangely, you should still keep secret that you knew about the keylogger and start acting like you were in love with her. Re-gain her trust. Remember one thing. The best seducer is not the one that can seduce many women once, but the one that can seduce the same woman over and over again.

If, on another hand, if you find out something worse, like she was wanting to divorce you to get your stuff, or that she was cheating on you, you can use her unethical behavior against herself and nullify the marriage, which depending on the laws of your country, because of her actions, she might not be eligible for half of your stuff. I don't know, I am not a lawyer.


Conclusion

You have asked a social question on a techy site. Pedantically speaking, the question is off-topic, as although the means of the problem is technical, the root is human. Therefore, the only reason I answered is because I am taking a cold and detached analytical solution to the problem. So treat this not as a recommendation but as an exercise of, methodical, aiming-at-being-flawless problem solving, that's all.

Lex
  • 4,257
  • 4
  • 20
  • 27
9

You now have an advantage: you know something, and the other person doesn't know that you know.

The worst thing you can possibly do is reveal that you know.

From now on, if it is not the case already, use the computer in such a way that the gathered surveillance data paints a picture of you as a model human being.

You have the upper hand in the relationship: you're not spying on her. Plus you're secure.

Look at me. I don't know you and don't care who you are or what you do. But do not take my word for it: I show my non-caring attitude by all the little things I do not do, such as installing spying software on your computer. (Unlike, for instance, your spouse).

However, let us not be hasty into coming into conclusions about the source of this interest. One possible reason for gathering surreptitious information in this manner is not insecurity, but rather to build a case for getting away from a person, with half of what they own.

Kaz
  • 2,293
  • 16
  • 17
  • 8
    But what if she knows that he knows that she doesn't know that he knows? – Thomas Nov 28 '13 at 08:15
  • 2
    We have to go deeper. – Simon Richter Nov 28 '13 at 08:19
  • How can a case be built with a keylogger? Isn't it illegal? – BrownEyes Nov 28 '13 at 08:45
  • @Scorpion No idea. It's probably illegal for the authorities to install one without a warrant. Is it illegal to use in a civil matter? Shrug ... IANAL. – Kaz Nov 28 '13 at 08:46
  • 2
    @Thomas then it boils down to who has the superior poker face, basically. – Kaz Nov 28 '13 at 08:47
  • 3
    You use the illegal keylogger to inform your efforts to collect legal data. E.g, typing "let's meet at the hotel", becomes a reason for the spouse to drive past and "accidentally" see your car parked at the hotel, to drop by at work, or to check for unusual charges on the credit card statements etc. – mgjk Nov 28 '13 at 13:25
2

Technically speaking,

  • try uninstalling the application from your system. Bute there are some keyLoggers which insist for password which she gave while installing the application.

  • If you want your system to be clean, just format your system after taking backup of files you stored in Desktop, Documents, etc..

Arun
  • 121
  • 4
2

One thing I would definitely do is install some Keyscrambler software, which is an anti-keylogging application that jumbles up every letter you hit on your keyboard, which results in confusing and unreadable logs to your spouse, without having to deactivate the keylogger which the spouse will definitely notice immediately and start to find excuses to use.

Also for now I would pretend that I have no knowledge of any spyware installed, and remain vigilant to any new spyware your spouse might install, after noticing the scrambled logs made by the keyscrambling software.

You can see how long s/he would log you, then, if you think s/he will not come clean on his/her own, you would give hints that you know what's going on; and eventually have a full conversation about what's going on, and how long you knew of the spyware that was installed.

BrownEyes
  • 436
  • 3
  • 10
0

Get a new MacBook with TouchID, use a very strong password, and don’t plug any external keyboard or mouse into your computer. Since you can’t write down the password, keep some part on your phone, and some part in your head. Set up the computer so it needs the password after closing the lid. And don’t mention anything about the key logger you found, just “look, darling, I bought a new computer”.

And then go and change your passwords everywhere.

An external keyboard can contain a key logger. Plugging it into the computer isn’t dangerous, as long as you don’t type anything on it. Hacking into the built-in keyboard would be very difficult. Installing software without logging is not possible.

gnasher729
  • 2,107
  • 11
  • 16
0

Like others have mentioned she doesn't know that you know about keylogger so you can have some fun. Write messages pretending you are a secret goverment agent or something, your imagination is a limit ;)

But seriously, if you want to just clean the system, do a full scan to your computer using an anti-virus and Malwarebytes is best based on my experience. And change all your passwords after that. To prevent such situations in future, simply set a password lock to your computer, or if your OS supports disk encryption, use that.

Mr. Engineer
  • 684
  • 1
  • 4
  • 10