Remove/Detect Spector on OSX
- Thread starter scatpack
- Start date
DeltaMac
Tech
Do you suspect that someone may have installed Spector on your Mac? Can't be installed remotely, as far as I can find out, so someone would need local access to your computer (not just network access)
From the Spector web site:
If you want to install it, some report Spector as being pure spy-ware that doesn't do what you pay for.
According to the support info at their web site, you can uninstall Spector only if you know the password that was used to setup that software when it was installed.
From the Spector web site:
and:
If this is your own computer, and you have only one account, then the only way someone might install it, is if you provide your admin password. It will record your internet activity, so if you open your activity monitor, you should see a service that becomes more active while you are browsing. It would probably have the name spector in the service name.
If you want to install it, some report Spector as being pure spy-ware that doesn't do what you pay for.
According to the support info at their web site, you can uninstall Spector only if you know the password that was used to setup that software when it was installed.
I do have my one user account set to password protected on startup, so there is that blockage. I was just wondering if it could be done while I wasnt looking (but logged in) or thru using my computer in Firewire mode.
Its shocking that you can't even see if it is running NOR can you uninstall it.
I ran MacScan2 and it wasnt detected but im not sure if it shows up on MacScan at all.
Anyone know the service name for Spector?
Its shocking that you can't even see if it is running NOR can you uninstall it.
I ran MacScan2 and it wasnt detected but im not sure if it shows up on MacScan at all.
Anyone know the service name for Spector?
DeltaMac
Tech
Spector is installed while the person installing it sits in front of your computer - You can't 'pick it up' through your internet connection. Spector is _not_ some form of virus. It is legitimate software.
See for yourself - http://www.spectorsoft.com/products/Spector_Macintosh/index.html
Why do you think that you might have Spector installed?
Why did you choose Spector as a suspect? (compared to other spyware)
Did someone tell you that you might have that installed?
You can install some software yourself that reports 'phoning home' = such as Little Snitch
http://www.versiontracker.com/dyn/moreinfo/macosx/17642
See for yourself - http://www.spectorsoft.com/products/Spector_Macintosh/index.html
Why do you think that you might have Spector installed?
Why did you choose Spector as a suspect? (compared to other spyware)
Did someone tell you that you might have that installed?
You can install some software yourself that reports 'phoning home' = such as Little Snitch
http://www.versiontracker.com/dyn/moreinfo/macosx/17642
DeltaMac
Tech
Little Snitch, then... Do it yourself. That software will report that sort of activity.
Firewire target boot mode still requires you to be at the computer and to restart in that mode.
If you are having this problem with a company-owned computer, and not your own computer, then you really can't decide what the owner (your boss) might want to monitor, can you?
Firewire target boot mode still requires you to be at the computer and to restart in that mode.
If you are having this problem with a company-owned computer, and not your own computer, then you really can't decide what the owner (your boss) might want to monitor, can you?
Restarting a computer in firewire mode is as easy as pie.
And this isnt a business computer nor at a business or company. And I own the computer.
I am currently running LittleSnitch.. but who knows what name Spector uses to connect. It could be anything, and look rather innocent. If Spector decided to call the service it uses "mDNSResponder" would know you that it was the "real one" vs the "fake one"
If I knew what spector called its service I could look for that.. but i dont know. It seems a bit shocking that this software could be totally hidden, and impossible to remove!
And this isnt a business computer nor at a business or company. And I own the computer.
I am currently running LittleSnitch.. but who knows what name Spector uses to connect. It could be anything, and look rather innocent. If Spector decided to call the service it uses "mDNSResponder" would know you that it was the "real one" vs the "fake one"
If I knew what spector called its service I could look for that.. but i dont know. It seems a bit shocking that this software could be totally hidden, and impossible to remove!
DeltaMac
Tech
So, do you make a habit of giving other folks access to your computer?
How many ways can I say this? "Specter is installed by someone who has physical access to your computer"
Yes, Firewire target boot mode is easy, but using that mode requires someone to attach a FireWire cable from your computer to their computer, so the second computer has to be physically there. It is not available through an internet connection, for example.
Are you just being paranoid, or do you have good reason to suspect someone (who does have physical access to your computer)?
Again, why do you suspect Spector, and not one of the other ways that folks can control your computer remotely (which Spector really doesn't do - it records what happens on the computer for access later on.)
How many ways can I say this? "Specter is installed by someone who has physical access to your computer"
Yes, Firewire target boot mode is easy, but using that mode requires someone to attach a FireWire cable from your computer to their computer, so the second computer has to be physically there. It is not available through an internet connection, for example.
Are you just being paranoid, or do you have good reason to suspect someone (who does have physical access to your computer)?
Again, why do you suspect Spector, and not one of the other ways that folks can control your computer remotely (which Spector really doesn't do - it records what happens on the computer for access later on.)
Greetings scatpack,
If you believe you have spector installed or any other spyware installed on your computer you can contact the MacScan support team directly at macsec@securemac.com and we will be able to assist you in dissecting what may be installed.
If you believe you have spector installed or any other spyware installed on your computer you can contact the MacScan support team directly at macsec@securemac.com and we will be able to assist you in dissecting what may be installed.
againstspyware
Registered
The process is spsecure. You can see it using top. Using Little Snitch, I found the location of the app. It's user/local/sps... Or you can block the communications of the process with Little Snitch. Your choice.
Kill everything inside that directory and you're good. Of course, you need admin (maybe root) permissions.
Kill everything inside that directory and you're good. Of course, you need admin (maybe root) permissions.