Welcome to the MacNN Forums.

Ghoser777 · Sep 17, 2006, 05:46 PM

So I've got a friend (really, I swear!) who's having a computer problem with one of her ex boyfriends. Long story short, he's worked on her computer before (even set up her home's wireless network), and she's a little paranoid about what he can do remotely with her computer stuff.

Why is she paranoid? Because he's figured out her password (which she claims isn't guess-able) to her email account and has been reading her emails. So I'm trying to think of what things to look for to make sure her setup is okay.

She has a powerbook running 10.4.x, so where should I look for a log of external connections to her computer and programs connected to the outside world? Are there any known key logger programs I should look for in the output of top? I'm pretty sure one of the things I'll suggest she do is:

a) change her email password (duh)
b) nuke her computer and re-install

I don't know if she'll go for a new email account, but a new password should be enough. The thing I'm really worried about is that her house also has some windows machines on the network. I'm not the most windows savvy guy, so although I can bring up the task manager, I'm not sure what to look for. Is there a log file that windows keeps around that I should look for to find connections to external networks?

Thanks in advance for any suggestions. I've tried to express to her how this should be pissing her off more than it is (she's paranoid but not really mad for some reason...), so I'm not sure anything involving the law is something she'd like to pursue. In reality, I don't know if she's just done something dumb that's allowed him this access. Regardless, I'd like to help clean up the mess she's in.

bradoesch · Sep 17, 2006, 05:59 PM

I would suggest changing her email password from a safe computer and then just reinstall.

slpdLoad · Sep 17, 2006, 06:12 PM

Once you've got a clean install, make sure to turn on OS X's firewall, and don't open any ports you don't have to. Turn off any remote access fuctionality of any kind, and turn on any firewall/security options on her router.

SSharon · Sep 18, 2006, 12:52 AM

Don't just reset the password for the email account. Check to see what the secondary account is in case you forget the password and it emails it there. I don't see why a reinstall is necessary. You should be able to find any keyloggers sending data home with littlesnitch even if you don't see them in the user login items or in top.

Chuckit · Sep 18, 2006, 01:20 AM

Make sure there aren't any suspicious ports (e.g. Remote Desktop or VNC) forwarded in her router. And install spyware detectors on her Windows machines. And if she already has spyware detectors, make sure they don't have any exemption lists that have been tampered with.

itai195 · Sep 18, 2006, 01:21 AM

My wife still acts surprised that I can access her e-mail even though I set up the account and configured Mail for her. I bet she just gave the guy her password for something and uses the same pw for her mail.

Chuckit · Sep 18, 2006, 01:26 AM

That's most likely the case. But if he's reading his ex's e-mail, he sounds like enough of a creep that he might have installed something.

Gossamer · Sep 18, 2006, 11:17 AM

Definitely check out Little Snitch. It will warn you of any outgoing connections. Check the activity monitor for any suspicious programs and Google them to confirm that they're okay. Watch for any VNC servers, make sure Remote Desktop is turned off in the Sharing preferences. Have her go to a public computing place and change her email password (if possible).

turtle777 · Sep 18, 2006, 12:06 PM

Ok, I just found that there ARE kernel-based keyloggers for OS X.

http://72.14.205.104/search?q=cache:...=clnk&cd=2

So if she's that paranoid, nuke the system.

-t

mitchell_pgh · Sep 18, 2006, 12:42 PM

I guess it all depends upon the level of knowledge from the guy. He could have placed some program on one of the windows systems to sniff the network...

1) Tell the guy (by calling) that he should stop reading her email immediately. I would also say something like "I really don't want to have to get a restraining order."
2) Check the router for open ports (if you don't know how to do that... throw it away and buy a new router).
3) Check the mac for open ports (in System Preferences, check Sharing, and make sure everything is unchecked).

Beyond that... I would install some virus software or something for the Windows systems. There are a million little programs out there that can hide in the system.

itai195 · 12:50 PM

If you want to be really paranoid you can reinstall OS and then install Norton Internet Security. It seems to shut things down pretty tightly. Wouldn't even let me use Firefox until I authorized it.

turtle777 · Sep 18, 2006, 12:46 PM

Originally Posted by mitchell_pgh

Beyond that... I would install some virus software or something for the Windows systems. There are a million little programs out there that can hide in the system.

Not a good advice.

Do a OS. That's the only way to bne sure and safe. On XP, things can hide from scanners even better than on OS X.

-t

Person Man · Sep 18, 2006, 01:15 PM

Originally Posted by mitchell_pgh

2) Check the router for open ports (if you don't know how to do that... throw it away and buy a new router).

WHAT????

That's a little extreme, don't you think? Can't they just press the factory reset button on it instead (it would still wipe out all the previous settings).