Ex-Husband stalking/hacking into client personal information

thecomputerguy

thecomputerguy

Well-Known Member
Reaction score
1,440
I had a job with a client this morning who's ex has been accessing her email and using the find my iPhone / iPad function in iCloud to track her and show up to confront her in public places, so she had to get a restraining order.

New emails keep are getting marked as read without her reading them, and whoever is accessing her email is forgetting to mark them as unread.

I am very familiar with keyloggers/spector pro type software on PC's, but not so much on Mac's. I know on a PC a manual removal or a look at the processes or an MBAM or combo scan a lot of times will kill spy software in a PC but what about a Mac?

I know the only guaranteed way would be to save her data and reformat the Mac but she want's to stop short of reformatting and see if her situation improves.

I've already changed her SSID, WPA2 Password, Disabled wireless broadcasting, changed the admin login for the router, and changed all of her passwords on a different machine that the Mac to a super complex password.

Any Suggestions?

TCG
 
I would change her email passwords and the recovery email address. BTW you can disable the find/track my iphone capability.
 
Blahh now Im going to have to testify in court ... how can I verify that it has actually been installed on this mac aside from the download history?
 
Im pretty sure you cant even install eblaster unless you purchase it so that fact that it is in the download history should be proof enough ... I am going to call spector tomorrow and find out how I can get more information on this.

This is turning out to be quite the interesting job!
 
I thought ctrl+alt+shift+s were the hotkeys the last time I worked with eblaster.

Still, that'll just bring up a login dialogue where you will need to enter a password. Hopefully your client knows her ex well enough to guess what that might be.
 
The hot key combo to bring up the controls for SpectorSoft are customizable when it is setup the first time...so he probably changed that. It's tricky software, can remain rather hidden.

If you go have her change her usernames/passwords...SpectorSoft will capture those keystrokes and send those to him in an e-mail.

Since it appears you've found that he installed it on her computer, two things come to mind...
*You can spend time with Google or on SpectorSoft's forums and look for ways to manually uninstall it. But will you ever be 100% sure?
*Back up her data, Wipe/Reload. Change all passwords from it now that it's clean.
 
YeOldeStonecat said:
The hot key combo to bring up the controls for SpectorSoft are customizable when it is setup the first time...so he probably changed that. It's tricky software, can remain rather hidden.

If you go have her change her usernames/passwords...SpectorSoft will capture those keystrokes and send those to him in an e-mail.

Since it appears you've found that he installed it on her computer, two things come to mind...
*You can spend time with Google or on SpectorSoft's forums and look for ways to manually uninstall it. But will you ever be 100% sure?
*Back up her data, Wipe/Reload. Change all passwords from it now that it's clean.
Click to expand...

I changed the passwords from another computer.

They dont want me to remove it its evidence now.

Im going to court woohoo! First time for this.
 
Also if you call spector and eventually get to one of their support managers they will verify that spector/eblaster is installed in your computer and whether or not it is actively monitoring. Which it is.

Anything beyond that has to be subpoenaed.
 
thecomputerguy said:
Also if you call spector and eventually get to one of their support managers they will verify that spector/eblaster is installed in your computer and whether or not it is actively monitoring..
Click to expand...

Yeah that's the hard part...their support. flat out stinks!

Prepare for long story..but tell me if you can follow this, that it sounds logical and plausible.

First..I had purchased a few of their licenses through a reseller one state away from me. After that..we applied for our own reseller status and sold a few of our own to our clients. But lets back up a bit....

I had one situation with their software....was purchased through a reseller...located in "State A". The purchaser was located in..."State B".
The software worked as it should in State B.
Suddenly, in the e-mails that normally get sent by the dozens each hour, some e-mails came from support at SS that "we've detected your license installed on two computers, you purchased one license..please uninstall the license from the second computer". After a few of these e-mails I stepped into action for the purchaser of the software. What I thought happened was...(and this did happen)...the laptop it was originally installed on was replaced by a new laptop. Old laptop was officially retired..I can testify to thise, I took the old laptop and it was tossed in my old computer junk pile in the storage unit we use for old graveyard parts. I replied back to support saying the same thing..old computer thrown out, installed on new computer..yes you may see a new MAC address if that's how you tie in your software to licenses...some "hash" gets generated. but their e-mails kept coming. Eventually the e-mails stopped. I notified support "hey,your program stopped working!" They told me "we detected your license running on two computers". I told them again "hey, I retired the old computer, installed the sofware on the new computer using that license, you should see no concurrent usage, but I'm sure you saw some hardware change". They replied back with the same canned response as before. I replied back again..my same story. They replied back with the IP addresses of the source...one IP address where it should have been..in my town. And the other IP address...coming from the town in the state of the reseller I purchased the license from. "Hmmm..." I said..I think the reseller let that license go twice!" So I e-mailed the reseller...CC'ing support in this same e-mail, stating what I saw obviously happened! The reseller e-mailed back to both of us with the serial number...stating that they found it got crossed and installed at another client of theirs also...thus ending the puzzle! Spectorsoft support did nothing to get my client back in action and re-activate this key...despite the reseller of the license stating their mistake in e-mail.

I have no idea where their support actually exists...over here, or in Europe, or in Asia...or......probably....in some India overwhelmed generic support center that can't get anything right.

They are supposed to keep their software "whitelisted" with antivirus/antimalware software companies...but I can state on at least two spread apart (chronologically) occasions, to my amusement, I've seen Microsoft Security Essentials catch SpectorSoft.
 
Last edited:
I havent had a problem like that with their support but yeah spector gets picked up from every AV i've used ... you have to manually whitelist it in AVG and MSE AFAIK.

TCG
 
You must log in or register to reply here.

Similar threads

johnrobert
New Outlook
Replies
3
Views
130
johnrobert
johnrobert
Velvis
Moving a Google Chrome Profile from Mac to PC without a Google password
Replies
5
Views
324
timeshifter
timeshifter
thecomputerguy
Client can't login to Google account using their own email.
Replies
8
Views
609
timeshifter
timeshifter
thecomputerguy
Client locked out of MSN account in an interesting way.
Replies
7
Views
890
thecomputerguy
thecomputerguy
Velvis
Want to access Verizon email (now AOL) through Gmail
Replies
4
Views
144
britechguy
britechguy
Back
Top