Results 1 to 5 of 5

Thread: MateWatcher

  1. #1
    Junior Member
    Join Date
    Mar 2006
    Posts
    1

    Default MateWatcher

    Yahoo AntiSpy picked up MateWatcher on my computer last night. Spybot missed it on a scan immediately prior. Perhaps it is a new signature? BTW- YAS takes over 10 minutes to remove it. I stopped the scan too early on a couple of occasions.

    My suspicions arose when sending email through Outlook. When sending one message Outlook would notify me of sending 2 or more. I suspect this was MateWatcher sending out info.

    I was also up to date with SpywareBlaster, Lavasoft Adaware Personal SE and Windows Defender. None caught it.
    Last edited by Wilson72; 2006-03-12 at 17:30.

  2. #2
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    There is addition information on MateWatcher in the following thread:
    Matewatcher
    http://forums.spybot.info/showthread.php?t=2280

    MateWatcher is a commercial keylogger and generally Spybot does not target commercial keyloggers. Perhaps they will reconsider since MateWatcher appears to be stealthfully installed via an email attachment.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  3. #3
    Junior Member
    Join Date
    Nov 2005
    Posts
    25

    Default

    Hi folks, let me offer some information which may be helpful, I hope. I suspect that the Yahoo AntiSpy (YAS) detection of Spyware.MateWatcher may be a false positive. YAS is made by Computer Associates and it uses an engine invariably derived from their PestPatrol product which is also "detecting" this key logger according to some posts. PestPatrol is notorious for its many false positives. Here are some facts:

    I have 3 computers and I am the only user on all 3. All computers (XP) have YAS installed. The oldest computer does not have MS WORKS, the other two do. I started to run YAS on one of the computers today (one with WORKS) and I was told that an update to YAS was available. I got the update, ran YAS and it detected MateWatcher in the C:\WORKSSETUP folder. I then went to another computer (one with WORKS also) and ran YAS without updating and it detected nothing (YAS last updated 1/20/06, YAS does not update often and the update I downloaded on 1/20/06 was the previous one). I then updated this computer and sure enough it detected MateWatcher in the C:\WORKSSETUP folder also, so the updates I downloaded today are the reason for the detections. I then went to the oldest computer, the one without WORKS, ran YAS without updating and nothing showed up. I then updated YAS in that computer and nothing shows up also. So the “infection” by MateWatcher appears to occur in the WORKSSETUP folder only.

    I then went to the following Symantec site:

    http://securityresponse.symantec.com...tewatcher.html

    and looked at the symptoms of the key logger. The symptoms reported do not appear in either of my two computers with WORKS now showing up as infected. The files Symantec indicates are installed by the key logger are not there and the registry keys that have to be removed manually:

    HKEY_LOCAL_MACHINE\SOFTWARE\Userfriendlyproducts, Inc.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Control Panel Software

    are not there also.

    Scans with Spybot, Ad-Aware and Computer Associates Antivirus detected nothing. I then went to the Symantec web and performed an online scan, both Virus and Security and nothing showed up. According to Symantec “This risk can be detected only by Symantec products that support security risks” and I am not sure their online scanner does this, does anyone know? (I know Norton AV 2005+ does).

    Therefore I am of the opinion that YAS is false positing this key logger with its latest update (this has happened before). I have so far chosen to not remove the “key logger” using YAS as it may do damage. Perhaps one of the Spybot advisors can further elucidate on this, thanks.

  4. #4
    Junior Member
    Join Date
    Jul 2006
    Posts
    1

    Default

    Newbie here
    I know this is old but I have a simple quick qestion:
    If my system has this matewatcher program on it: is it possible that someone in my household DID NOT install it.
    From what I am reading it could have been installed thru a email attachment.
    Is this correct?

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,766

    Default

    Hello
    From the link md usa spybot fan provided above:
    http://forums.spybot.info/showthread.php?t=2280
    No physical access is required. This product's Control Panel software allows you to create small Remote Install monitoring files that you can email and send to the person you want to monitor. The person receives your email and downloads your Remote Install file and then double clicks it. The install file then invisibly in stealth installs itself on that computer, restart it, and begins monitoring that user's activity. You can then use the Control Panel software to remotely view all their activity. Remember you can only use this product to monitor computers you personally own or have been given explicit permission to monitor.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •