# Remove/Detect Spector on OSX



## scatpack (Jan 13, 2008)

Does anyone know of a way to detect if Spector for OSX is running on a computer and secondly, how to remove it if it is?


----------



## DeltaMac (Jan 13, 2008)

Do you suspect that someone may have installed Spector on your Mac? Can't be installed remotely, as far as I can find out, so someone would need local access to your computer (not just network access)
From the Spector web site:


> When installed in Stealth mode, Spector does not show up as an icon, does not appear in the "About This Computer" window, Application Menu, and it cannot be uninstalled without the Spector password which YOU specify, and Spector does not slow down the operation of the computer it is recording.


and:


> The SpectorSoft software license agreement requires that you inform anyone you may monitor with SpectorSoft products.


If this is your own computer, and you have only one account, then the only way someone might install it, is if you provide your admin password. It will record your internet activity, so if you open your activity monitor, you should see a service that becomes more active while you are browsing. It would probably have the name spector in the service name.

If you want to install it, some report Spector as being pure spy-ware that doesn't do what you pay for.
According to the support info at their web site, you can uninstall Spector only if you know the password that was used to setup that software when it was installed.


----------



## scatpack (Jan 13, 2008)

I do have my one user account set to password protected on startup, so there is that blockage.  I was just wondering if it could be done while I wasnt looking (but logged in) or thru using my computer in Firewire mode.

Its shocking that you can't even see if it is running NOR can you uninstall it. 

I ran MacScan2 and it wasnt detected but im not sure if it shows up on MacScan at all.

Anyone know the service name for Spector?


----------



## DeltaMac (Jan 13, 2008)

Spector is installed while the person installing it sits in front of your computer - You can't 'pick it up' through your internet connection. Spector is _not_ some form of virus. It is legitimate software.
See for yourself - http://www.spectorsoft.com/products/Spector_Macintosh/index.html

Why do you think that you might have Spector installed?
Why did you choose Spector as a suspect? (compared to other spyware)
Did someone tell you that you might have that installed?

You can install some software yourself that reports 'phoning home' = such as Little Snitch
http://www.versiontracker.com/dyn/moreinfo/macosx/17642


----------



## scatpack (Jan 13, 2008)

I know you have to be at the keyboard to install the program, but in theory someone could put my computer into Firewire slave drive mode and self install it.

I know the person i suspect owns the program.. thats my biggest suspicion.


----------



## DeltaMac (Jan 13, 2008)

Little Snitch, then... Do it yourself. That software will report that sort of activity.

Firewire target boot mode still requires you to be at the computer and to restart in that mode. 

If you are having this problem with a company-owned computer, and not your own computer, then you really can't decide what the owner (your boss) might want to monitor, can you?


----------



## scatpack (Jan 13, 2008)

Restarting a computer in firewire mode is as easy as pie. 

And this isnt a business computer nor at a business or company. And I own the computer.

I am currently running LittleSnitch.. but who knows what name Spector uses to connect.  It could be anything, and look rather innocent.  If Spector decided to call the service it uses "mDNSResponder" would know you that it was the "real one" vs the "fake one"

If I knew what spector called its service I could look for that.. but i dont know.  It seems a bit shocking that this software could be totally hidden, and impossible to remove!


----------



## DeltaMac (Jan 13, 2008)

So, do you make a habit of giving other folks access to your computer?
How many ways can I say this? "Specter is installed by someone who has physical access to your computer"
Yes, Firewire target boot mode is easy, but using that mode requires someone to attach a FireWire cable from your computer to their computer, so the second computer has to be physically there. It is not available through an internet connection, for example.
Are you just being paranoid, or do you have good reason to suspect someone (who does have physical access to your computer)?
Again, why do you suspect Spector, and not one of the other ways that folks can control your computer remotely (which Spector really doesn't do - it records what happens on the computer for access later on.)


----------



## SecureMac (Apr 21, 2008)

Greetings scatpack, 
If you believe you have spector installed or any other spyware installed on your computer you can contact the MacScan support team directly at macsec@securemac.com and we will be able to assist you in dissecting what may be installed.


----------



## againstspyware (Mar 18, 2011)

The process is spsecure. You can see it using top. Using Little Snitch, I found the location of the app. It's user/local/sps...  Or you can block the communications of the process with Little Snitch. Your choice.

Kill everything inside that directory and you're good. Of course, you need admin (maybe root) permissions.


----------

