Spying

ashlee said:
Hi tlarkin,

Just to keep you informed.....I have practised that command now (at work :o) and nothing bad happened (:rolleyes:) and I feel confident (:D) that I will try this at home later (:cool:).

:good:

Ash
Click to expand...

That command just reads what launch daemons/agents are loaded it doesn't write any changes to your computer.
 
Here is the list:

PID Status Label
2983 - 0x10f5c0.launchctl
2973 - 0x10f4d0.bash
2972 - 0x10f2e0.login
2951 - [0x0-0x113113].org.mozilla.firefox
950 - 0x10e870.pmTool
592 - 0x10d420.diskimages-helpe
298 - [0x0-0x36036].com.adobe.Reader
297 - [0x0-0x35035].com.microsoft.Powerpoint
285 - [0x0-0x31031].com.microsoft.Excel
95 - 0x10c090.launchd
230 - [0x0-0x21021].com.microsoft.entourage.database_daemon
229 - [0x0-0x20020].com.microsoft.autoupdate.fba
228 - [0x0-0x1f01f].com.microsoft.Word
156 - 0x10a000.DiskManagementTo
- 0 0x108d00.rcd
- 0 0x107620.BezelUIServer
- 0 org.x.startx
- 0 org.openbsd.ssh-agent
- 0 edu.mit.Kerberos.KerberosAgent
102 - com.spsecure.eagent
- 0 com.hp.launchurlagent
- 0 com.adobe.CS4ServiceManager
100 - cn.com.zte.usbswapper.plist
- 0 com.google.keystone.user.agent
71 - 0x103550.WindowServer
35 - 0x1031c0.loginwindow
21 - 0x102e70.securityd
44 - 0x10de20.diskarbitrationd
66 - 0x109070.coreservicesd
35 - 0x100d60.loginwindow
- 0 edu.mit.Kerberos.CCacheServer
Click to expand...
 
com.spsecure.eagent

Is very suspicious but google doesn't give me many options though on some other forums this was also believed to be a keylogger.

I will keep looking but that is the only agent that jumps out as not legit and the fact I can't find the company that makes that agent also makes me weary of it.
 
Thanks for your help, tlarkin.

I hope that we can get to the bottom of this, and at least enable other poor so-and-sos to take a bit of control back into their lives.

At the moment it seems to me that the control of this sort of illegal activity is pretty damn poor. Apparently you can buy this software and install in (even remotely?) as long as you promise not to use it for illegal purposes. No signature required. But hey, it's only a bit of software!

That and the complete and utter violation of your rights as an adult human being :rolleyes:
 
ashlee said:
Thanks for your help, tlarkin.

I hope that we can get to the bottom of this, and at least enable other poor so-and-sos to take a bit of control back into their lives.

At the moment it seems to me that the control of this sort of illegal activity is pretty damn poor. Apparently you can buy this software and install in (even remotely?) as long as you promise not to use it for illegal purposes. No signature required. But hey, it's only a bit of software!

That and the complete and utter violation of your rights as an adult human being :rolleyes:
Click to expand...

Knowledge is power, and with power comes responsibility. I work IT for a living and I manage over 6,000 Macs for a school system. We have software installed that allows us to track the laptops, remote in for work and so forth. If a laptop is reported stolen, we use the tracking software to find out where it is and we get the cops involved. We do not use it to spy on users.

There is probably a list of legit reasons to run that software Ash, but some people abuse it and some people use it for good reason. I am sure it gets abused more so than used for good purposes. When I had roommates I had keyloggers installed so I could tell what they did on my computer when I was away at work.

I bet that agent I listed above is it, as it doesn't yield many results that seem legit. Also agents and system daemons follow a format, of com dot company name dot product name, so com.apple.finder.plist would be the property list for the Finder, which is part of Apple's OS.

Everything else running in your list you posted is legit, so I think it is safe to assume that is the culprit. To test it, we could unload it, kill it, and then reinstall the software and see if it comes back.
 
OK that is the spyware and I found the product

http://www.spectorsoft.com/index.html

that is it, and I was right that is it's launch agent, and it looks like it cost $99. So they paid 100 bucks to spy on you. That is just messed up. It feels good for me to be right with out even researching it, but at the same time it is crappy you got spied on. Oh well, get rid of it, wipe your system, get a new roommate then relax and have a beer.
 
It's tempting to think about experimenting. But I don't have access to the software. I'll see what I can come up with though, because I think it is quite important. I'll report back if I am able to do any home-experimentation. I'm not sure yet.

Re. the comments in your post:
Installing EBlaster yourself, on your own computer - that's one thing.
Installing it on someone else's without their permission - a completely different kettle of fish. In fact, very fishy indeed!

Without the knowledge I gained here yesterday morning I would have continued to think that using my mobile broadband was a secure way of using the internet. All because I'd been told that nothing whatsoever had been installed on my Mac. Call me AshLee-the-gullible! :rolleyes: So a big thank you for your help - you are a star!
 
tlarkin said:
OK that is the spyware and I found the product

http://www.spectorsoft.com/index.html

that is it, and I was right that is it's launch agent, and it looks like it cost $99. So they paid 100 bucks to spy on you. That is just messed up. It feels good for me to be right with out even researching it, but at the same time it is crappy you got spied on. Oh well, get rid of it, wipe your system, get a new roommate then relax and have a beer.
Click to expand...

Oops, cross-posted!

Brilliant work detective tlarkin ;):D:D:D

Thanks again!
 
You must log in or register to reply here.
Back
Top