Another vote for reformat and reinstall. That’s probably the only way you’re guaranteed to be rid of it.
http://www.hackguard.net/ has information on the backdoor this program uses, and step-by-step do-it-yourself removal information.
Personally I’m amazed that a company like Spector can get away with this kind of thing legally.
Info found at:
http://faculty.ncwc.edu/toconnor/495/495lect15.htm
Spector is perhaps the most powerful and common spyware. It adds several files to the C:\Windows\System directory, including mswnsrvx.cnt, mswnsrvx.exe, mswnsrvx.hlp, shmswnmp.dll, and shmswnrc.dll (all of these are hidden files). The easiest way to determine whether you are under surveillance by Spector is to check for the C:\Windows\System\WebExt directory, which contains files with names like “4F0BF6D8.TPS.” There may also be a master log file called “_MSFILEA.TXT”, which shows when each capture file starts. The WebExt directory isn’t hidden, but it can be changed to another name to make it harder to detect.
EBlaster is recognizable by its main program file, which is 468KB URLMKPL.DLL, in the Windows/System folder. Also added are msskfzwin.dll, msskfzwin.ocx, and winmsskfzwin.drv. EBlaster must send e-mail outbound to report on you. Severing your network connection will only cause reporting to be delayed.:eek: You are being followed by the Borg…resistance is futile…:eek:
rat this ex out to the feds…they should be able to fix your computer and avenge you…you may even get on 60 minutes or something!
and people wonder why some people won’t “commit” to a long term relationship.
don’t have a clue about the computer, but you have my deepest sympathy/empathy regarding your ex.
Here’s a trick that may work as a stopgap measure.
It sounds like the email is going direct from your computer to the ex. What you can do is edit your hosts file to make sure that mail can never reach it. The program may still be trying to send out reports but won’t be able to – neither will you for that matter. Look in your windows folder for a file called hosts (no extension). In Windows NT and 2000 (and probably XP but I’ don’t know) it’s in /WINNT/SYSTEM32/DRIVERS/ETC. Open it with notepad and you’ll see one or more lines that look like this:
127.0.0.1 localhost
a four-part number followed by a name. All you need to do is add another line to the file that says:
127.0.0.1 exesdomain.com
For the number, use the exact one shown here. It’s a special address called loopback and points your very own PC. For the name, use whater domain name you’d use to send her email. If her addess is psycho@someisp.com, use someisp.com.
As I said at the top, this is really only a stopgap measue. You really need to re-install the OS. On the bright side, though most folks consider the two (format and re-install) intimately intertwined, they’re not. It really isn’t necessary to reformat a drive to re-install the OS. If you have a zillion MP3 and picture and document files lying about, just leave them where they are. After the installation, they’ll still be there waiting for you.
I agree with handsomeharry on this. This is a legal matter (esp with CC fraud), and now that ex is in another state it’s a fedral matter. Invasion of privacy, stalking, CC theft, and probably some more. Also call up the CC company and get the charges taken off.
That is not likely to work. someisp.com will only be one single host and is not necessarily where mail will be delivered. The better way would be to look up the MX record for someisp.com and add separate hosts file entries for every MX entry for the domain.
For example, straightdope.com’s mail exchangers.
>nslookup -type=MX straightdope.com
straightdope.com MX preference = 20, mail exchanger = mail.uu.net
straightdope.com MX preference = 10, mail exchanger = mail.chireader.com
straightdope.com nameserver = auth03.ns.uu.net
straightdope.com nameserver = auth50.ns.uu.net
auth03.ns.uu.net internet address = 198.6.1.83
auth50.ns.uu.net internet address = 198.6.1.161
You would then put two entries in your hosts file for each MX record:
127.0.0.1 mail.uu.net
127.0.0.1 mail.chireader.com
And this would only work if the spyware program has its own SMTP delivery mechanism. If it is really using built in email software, the email will just be delivered to the victim’s ISP SMTP servers to be forwarded, where hosts file entries won’t matter anyway.
Very Bad Idea. There could be spyware/virus files scattered all over the harddrive that a mere OS re-install wouldn’t have any effect on. As a matter of fact, not only woud I reformat, I would also debug the boot sector before reinstalling the OS, see this link for details.
Good luck.
debug that bitch… then your computer too.
Well, my personal preference, which has been listed above would be to reformat.
Although, an alternative would be, to just ignore her replies. She can’t do anything with the information can she? If your mail server allows it, make a filter so whenever she mails you have it auto-reply something like this:
Auto-Reply from Yahoo.com (replace yahoo with your email provider)
This email address is no longer active or does not exist, please check your TO: address and verify that it is not incorrect.
Yahoo! (replace url with your providers address)
She’ll probably send another email to it and see if she really did type in an incorrect address. Soon she’ll come to the conclusion that your account doesn’t really exist or isn’t active. That is if her spyware doesn’t report this page to her, then upon hearing my advise realizes your account does exist… lol :smack:
(If you’re using Outlook Express I’m not sure if you can use filters or what not, but you can atleast manually send the error message to her, but you could make it look like it was from your ISP, or if she uses something like yahoo, just give a general email not received error or something like that.)
Good luck! 
After you’ve removed the program, you might want to have some healthy revenge on your EX by “faking” a couple of the reports. I’m sure your fertile imagination can conjure up a few legal ideas - screen caps of letters to and from the FBI for example, or a protection order or something. Keep up the ruse as long as you amuses you.
Can you afford a new computer? Seriously, it may be the best (and final) way to put this to rest.
I say you report her (via e-mail, if possible) to the FBI, and make sure a real report makes it to her.
Then, hook up with some 1337 hackers and mess with her back!
(Note: KIDDING! Format and reinstall…and if you can, get XP)
Heh. I just thought of something funny (that’s funny in a scary way), She’s probably seeing this whole thread too!
She could have a very unfortunate accident if all else fails.
Some software won’t be eradicated with a reinstall. For example, I have Homing Pigeon on my laptop. It sends me an e-mail with tracking information every time the machine is connected to the Internet. It is a small measure of security, but if it gets stolen and used by a run of the mill thief (or stolen and sold by one) there is a chance I’ll get it back. The hidden e-mail feature sounds like it does things very similarly to Specter.
From one of the FAQ’s on the Homing Pigeon page:
I would imagine as sophisticated as Specter seems, it will have similar methods of reformat protection. I’d hesitate before going through the effort to reformat to make sure doing so will get rid of it. Any more experienced Dopers care to comment?
Rhythmdvl
What do you think her motivation was to send you copies of the reports or even tell you that they existed? I mean, why didn’t she just keep her mouth shut? You’d never even know…
I’d say that she’s probably not really interested in the reports, but just likes to see you squirm and make you think twice about everything you do…so, drop all the ideas about trying to get her in trouble and just reformat the HDD or reinstall the OS or whatever option is the easiest and just drop it. Don’t even talk to her about it (or anything else for that matter, you want distance from this girl…).
You are playing right into her hands if you don’t!
Good luck!
Depending on when it loads, the solution might be as simple as starting up the machine with a win98 boot disk and formatting then. If it loads from the boot sector, that’s a little tougher–the only method I can think of that will work is to power off the machine, take the hard drive out, and run a few magnets over it. Better make sure you’ve got that boot disk handy…