Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

PC monitoring - detecting the detectives

PC monitoring - detecting the detectives

PC monitoring - detecting the detectives

I was given the job of finding a solution to monitor some employee computer activity (never mind that) and came across this description of a product:

"Don't forget that our keyloggers are 100% invisible. With unparalleled invisibility technology, developed by ex-NSA (National Security Agency) programmers, we promise that you won't find a trace of our monitoring on any computer. Our keylogger software doesn't appear in the Registry, the Process List, the System Tray, the Task Manager, on the Desktop, or in Add/Remove Programs. There aren't even visible files that can be seen - which is why it is being used by Law Enforcement agencies across the country!"

That's great for when the "good guys" (businesses, parents, etc.) are using the software.  But I'm wondering whether this software would be detectable if I was trying to detect it.  Does MalwareByte's or Combofix or GMER detect this type of software or would they be ignorant to their presence as well?

Thinking of a past instance when an ex-wife was thinking her ex-husband was spying on her......  I found NOTHING.


RE: PC monitoring - detecting the detectives

If this product does indeed work then a lot of the advert is probably marketing hype.

Thinking it through logicaly the key logger infor must be going somewhere.
If it is a file on the PC then ist should be findable (althogh I suppos it could be writen as raw data in sectores that are marked as bad if you wanted to hide it from the os badly enough)

otherwise it is being set via the network to a server, monitoring the network traffic should be able to detect this.

I do not Have A.D.D. im just easily, Hey look a Squirrel!

RE: PC monitoring - detecting the detectives

I agree with IPGuru. What they probably meant was undetectable by the user.

James P. Cottingham
I'm number 1,229!
I'm number 1,229!

RE: PC monitoring - detecting the detectives

"What they probably meant was undetectable by the user"  I guess that's what they mean.

I just wonder if any of the standard malware detection tools might find it.  It's got to be a driver loading up when the PC starts (something like TDSS malware), in which case something like GMER would flag it.

RE: PC monitoring - detecting the detectives

They might be using a rootkit to mask it.  Even in that case though, LiveCD with a good rootkit scanner should see it.

It's never too early to begin preparing for International Talk Like a Pirate Day
"The software I buy sucks,  The software I write sucks.  It's time to give up and have a beer..." - Me

RE: PC monitoring - detecting the detectives

I've never gotten a chance to try to detect one of those products.  I'd like to find a machine where someone wants one of those "parental control or business snooper" softwares uninstalled.

Then I would run some scans on it to see what gets detected.  I'm not going to BUY one though to quench my curiosity.

RE: PC monitoring - detecting the detectives

Well, I installed SpectorSoft Pro on the PC to be monitored and nothing was visible when running Process Explorer.

You have to tell your Anti-virus to EXCLUDE certain files (named randomly when you install the product and you are given a list).  Sooooooooo....  that means that if you were to scan the computer with a different anti-virus or as a slave drive, you would probably detect the program via "normal" means.

If I get around to it, I'm going to install the program on a test PC and see if it is detectable by a few of the anti-nasty programs I use on a regular basis.

RE: PC monitoring - detecting the detectives

Take a look using Autoruns too, look for files/drivers logged as 'file not found' in the image path column.

RE: PC monitoring - detecting the detectives

Yeah - I understand.  This is kind of a tutorial after asking my question.  I'm filling in the blanks myself.

RE: PC monitoring - detecting the detectives

Sounds interesting.  Please post back with your findings.

RE: PC monitoring - detecting the detectives

Follow up on this.  The employee being monitored by the software got fired after the boss viewed what she was doing.  I feel bad for the person, but he/she was definitely not doing their work and piddling on the internet/looking for a new job.

Makes me more paranoid in case I ever get another "real" job where I use a work-owned computer.

BTW - Product highly recommended.

RE: PC monitoring - detecting the detectives

Quote (goombawaho):

Makes me more paranoid in case I ever get another "real" job where I use a work-owned computer.

Quite simple really, use work computer for work - use own computer for everything else! That goes for the phones and fax as well. Simples!

RE: PC monitoring - detecting the detectives

I think we all know that NOBODY uses a work PC exclusively for work.  I wouldn't even ask my employees to do so (if owned a company or was in "in charge" at a corp) because they can do things in 5 minutes (communicate with spouse/kids, order something needed, etc.) that improves their quality of life AND make them happier employees and more efficient during the day (not running out during lunch to buy said product or leaving early).

If anyone thinks it's an all or nothing proposition, that company is likely hurting employee morale, making people more likely to leave and DECREASING job performance.

It's a two way street.  Of course, employees shouldn't be on gambling/adult/social media/job hunting sites all day, but a little piddling around never hurt anybody.  And you can quote me on that.

Sometimes, the harder you try to hold something, the easier it slips out of your fingers.

RE: PC monitoring - detecting the detectives

Whilst I take your point - and it is well made - these days I see no need to use office equipment at all for personal use. Office time is another matter - if you need to make an urgent phone call or send an urgent email or respond to a text message use your 'phone'. It's just not worth the risk of even accidentally causing yourself problems using the office PC. It's one thing to get 'caught' by a bad website googleing for say, "Server update failing" and another to be googleing for cheap holidays!

When I married "Miss Right" I didn't realise her first name was 'always'. LOL

RE: PC monitoring - detecting the detectives

Yeah, I guess it just depends upon how nazi-like the general management and/or IT management is where you work.

There's a good balance somewhere, but I have seen where the CEO sent the HR person out (hiding) in the parking lot to see who was arriving late.  I understand the importance of being on time, but that made so many people so mad that people started tripping over themselves to look for new jobs.  Thus:  exodus of good people.

Then, the dude (CEO) hires his brother-in-law's IT company to do the IT work.  He was a real pip.  Thanks Chuck.  If he had turned up dead, there would have been a lot of suspects.

RE: PC monitoring - detecting the detectives

If one employee is looking at job-hunting websites, occasionally, then fine. If lots of employees are doing it, a lot, then maybe there's a message there for anyone who's listening.

Also, if management start firing people on what look like unnecessarily harsh grounds, guess what: everyone who thinks they have a chance of finding a better job is going to start looking for one. To be honest, if I were you, I'd be hunting already. But using my own PC.

RE: PC monitoring - detecting the detectives

This thread has nothing to do with me - it's a company that I service.  It's their employee that got monitored and then fired.  

Other commentary is from my personal experiences at other jobs.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close