what is a spector directory?
 

Logging on to my macbook pro, I get a "spector directory error"
I can't even find an reference to a spector directory anywhere...
Anyone know what it is or how I can fix or delete it?

Could this bt the infamous "Spector" spyware.

Go to the Activity Monitor and under "Active Processes" does "DriverSBD" show up every once in a while?

If it does, this means that you have spyware on your computer.

Also try logging in as a different user to see if the problem occurs there.
(Create a new user via Accounts preferences if need be)

I think it is spyware
 

I ran macscan utilties, it didn't show up. I do get the driversbd in the activity moniter. Any suggestions on removing this?

What's the history of your MacBook?
Did you get it used?
Has someone else had access to it?
If this got installed on your Mac without your knowledge, it could be a very serious problem - e.g. if you have used your Mac for any financial dealings like online banking.
And if you don't know how it got there, I'd say that you can't really trust anything on the Mac and that you should make a backup of all the documents (not programs) you care about, and then erase the disk and reinstall from the OS X DVD.

Could that be "DriverSPD" rather than "DriverSBD"? If so, see this thread:

http://forums.macosxhints.com/showthread.php?t=52711

(The thread suggests doing a Shift-Control-Command-S to see if that pulls up a login screen. Won't eliminate the problem, but will tell you what it is.)

I imagine if this is a work computer, you do not have the right access to delete it.

If not, it is in one of the StartupItems folders. I forget what the actual name of the StartupItem is, but you could figure it out. Remove it, restart, and check Activity Monitor again to see if it shows.

Also, (in the /usr/bin or /usr/sbin) remove the executable file if it is there.

figured it out
 

I did a target disk transfer of applications from another macbook. That's how the software got installed, but since I got a "spector directory error", it didn't get installed right. there never was any items in by bin or sbin folders.
I tried a few utilities, the only one that helped me locate the hidden files in my startup items folder was internet cleanup. Then I had to get some help using terminal to remove it. I don't know how common it is to put your computer in this comprimised state, but I'd recommend staying on top of it if you're concerned. Thanks for the help!

Could you post the logs here, so we can take a look at them?

Yep, if you are really that concerned (also, are the admin user), I could create a simple app that checks for this spyware and removes it. Could be a StartupItem or just a double-click and run app.

Refresh my memory, though, what is the name of the folder in the StartupItems folder that runs this spyware. Is it "DriverSPD"?

I probably will make this app even if you don't want, because I once was plagued with this spyware. It actually eats up alot of the proccessor, especially on the "Intel" Macs, because it uses Rosetta. I will post it.

Should we really be referring to this software as "spyware"? It is after all a somewhat "legitimate" commercial product, that performs a specific function - one that I don't happen to agree with, and which I'm sure will rub others the wrong way, but a function for which requests come up now and then on Mac forums.

It requires "admin" privileges to install (ok, I agree that's hardly a barrier for surreptitious installation in OS X given the default account is "admin"), and though not enforceable, if intentions count, their terms of use do state more or less that it is only to be installed on computers owned by the customer, and all users being monitored must be notified.

While there is the potential for abuse, the same could be said for things like VNC, or even 'ssh' and 'screencapture', but the latter generally aren't referred to as spyware, at least not in the sense of a "spyware problem" as it afflicts Windows. Unless the current situation is at the point where unauthorized installation of "Spector" is rampant in the wild or something -- if it is then the I guess the "spyware" label would fit...

I found information on a torrent download site. Not exactly the best place for information, but it seems they found an easy method to stop/start/crack Spector.
Try pressing Crtl+Shift+S and see what happens.

Regardless if you can erase the program or not, you should take Hayne's point really seriously (that's why he's got over 20K posts!) and reinstall all your system. You should also go over your lists of bank accounts, e-mail accounts etc and change each one of those passwords. I know it's painful but think that if you were sitting on a PC you'd have to do this more often :).

By the way, does the spector app. send anything over the internet or just leaves files sitting there?

Spector sends screenshots, basically, to the owners email. At least, this is how I understand it. My boss discussed this software with me when he said he was going to install it on his son's computer for safety. Then, imagine my surprise when I find this in my StartupItems. with about 30 seconds of research on the internet, I found out that this is the same exact software that he described to me.

Funny, though, that this spyware was so "indetectable" that it actually popped up an error message on ledrobster's machine. Essentially blowing it's own cover. Wouldn't you think that any error messages would be supressed and/or forwarded to the owner of the software? If I wrote some spyware (after figuring out this damn StartupItem, I probably could), I might take that into consideration.

Then I wouldn't even bother removing the software. Why would you? anyways you'll have to erase the disk and start from scratch.

R.

Not the owner of the computer, the owner of the software. That person could be anyone anywhere in the world. The only way to prevnt this is to remove the software or stay un-connected to the internet forever.

Why else would it be considered spyware? And why exactly would you you have to erase the disk? I have already successfully removed this software from my own computer without erasing and re-installing.

P.S. I find biovizier's post interesting. I did not know that my boss was required to inform me that he installed this. He did not inform me. Hmmmmmmmmmmmmmmmmmmm.

I don't think you got my point, as you said, the owner of the software could be anywhere and you may just assume that he has access to your box by now (which he certainly could do if he wanted).

Given this, there's no option but to wipe out clean the HD and reinstall everything from the sources, therefore it's just a waiste of time to try uninstalling the spyware before, since anyways you'll do that by erasing the HD.

R.

What do you mean by "try" to uninstall. It is easy. There is no way to screw it up.

Whatever! Erase your computer. Spend countless hours re-storing it back to the way you want it.

Personally, I would alter this spyware. If not in fear for my job at the time, I would have changed the code to send the spy some vulgar pics, maybe describing my feelings about spyware. Or possibly just mask my movement by sending pre-recorded keystrokes and screen shots. Which one would everybody here suggest, I wonder?

Now, first mistake, was to install this software on my machine. I "do" have an admin account. This doesn't make sense. To me, maybe he could have gotten away with it if I were a limited user. Second, I even have the root account enabled and I am the only one with the password. Third, I have the ability to access this computer from home, take control of it, and even wipe it clean if I feel I should. Could someone really think that they could get away with installing this on my computer undetected? And lastly, does he know that I have access to his computer? When these new machines were purchased, I was the one who installed all the software. I even have the root account enabled on his machine and only I know the password. I can "ssh" in, and do whatever I want.

What I should do, after giving it some thought, is remove it from my machine and install it on his, giving him only a mirrored view of what he has been doing all day. Maybe change the interval of emails to every second, as to flood his email with useless junk. Or maybe even take his recorded strokes and screenshots and post them to a blog titled "All competitors must view this if you want to put me out of business". Possibly just pop-up some useless and fake dialog boxes that warn him of system failures and the need to wipe the drive clean? I wouldn't even have to damage the sytem, just flop the apple logo on the dialog box and he will think of it as true and do it.

the easiest way to check if you have spector
 

To find out for sure if you have spector on your mac do a "find file"

Then on the 'visibility' option drag down and select 'invisible items'

Then click on the + option on the right hand side and on the next level
down select "extenion is" and in the blankbox to the right hand side type .app

Now click on search/find.

If spector is on yr mac it will bring up a little icon that looks like a white magnifying glass on a black curved edged box and it will be called 'system'. Double click on this (from within the search results box) and a pop up dialog box will appear saying 'password' - this is def spector soft. You then have to attempt at what the password is/could be - if YOU didnt install it.

NB: make sure you select the extention is option before you search or you will bring up loads of invisible items.

As an aside, if YOU OWN the machine and you did not install the software then this is an illegal operation and is prosecutable. If you are an employee then I believe you have the RIGHT to be told it has been installed - but I'm not sure what the law is here on whether you DEFINITELY have to be informed - spector's site will advise on that.

As for the above instructions on how to find it - it works every time and I only discovered it was on my machine myself by being boredone day and messing about with my search facility - and boy am I glad I did! This way you don't have to mess around trying every combination of hot key to access it - which incidently the 'S' is the set key and can be changed by the installer once installed.


Regards
Ashtray

If your company has an AUP for computer use, there's probably language in there about monitoring, and this fits the bill. They don't have to inform you of it. It may not be the right thing to do, but it gets done.