Anyway to detect whats been installed?

[Mark M]

A friend of mine is concerned that one of her employees somehow has access to her emails or computer. There has been too many instances where something has been said in her emails for the employee to then comment on it further. She has changed her password to a very strong one and is changing this weekly as a precaution but I said that there may be some remote software or key logger installed? Is there anyway to check for this? She'd like to avoid a full format if possible but will do it as a last resort.

This particular employees boyfriend works in IT which is making her even more paranoid.

Can anyone suggest anything to check what installed on her PC and if there is anything there shouldnt be on there!

 

[Mark M]

Sorry, I think my comment about the employee's boyfriend working in IT has confused matters! He works in an unconnected IT company but just added that to say that this employee may have the knowledge to do something the average user may not.

Its her own small company without an IT department. They use IMAP for their emails via their webhost.

 

[Mark M]

Ensure decent AV on machine and sigs updated accordingly. No keylogger will run beyond sig updates of any decent AV out there.

Procmon - https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx
For checking local machine and what's going on there but think anything running locally is unlikely unless she is running unpatched with no AV or something ridiculous. Tick the box though.

Who is their host?
Emails on Smartphone?
IT bloke boyfriend, is he any good? Most likely oversight.

If your friend here is owner of this business she can ask the employee how on earth she is knowledgeable to such and such information when she has not been involved to the degree of knowledge shown.

Again, if your friend here is the business owner how is the other users access to data/hardware/hosted mailbox all managed etc?

Will check out the link thanks.

Their host is 1&1. Ive told her to switch to tsohost and use O365 for the company emails.

Emails are on her iphone yes.

The employee keeps saying how good her boyfriend is and really pushes to get him in to manage their IT on a part time cash basis but its really not needed. The employee pushing this has made her think that they were trying to get in and install some software on the computers etc.

The network is only tiny, 4 PCs with documents stored in Google Drive. Shes savvy enough not to store her passwords on her PC or online etc.

Wipe the machine and start over. Check for hardware keylogger.

I think thats probably the safest bet. They dont have much to reinstall either.

Could be VNC or anything really.

Yeah I got her to check for anything obvious but nothing jumped out.

 

[Mark M]

Shes a lot more vigilant now about locking her PC if she leaves it so I think it would be difficult for anyone to gain access to it if it was formatted.

Ive advised her to look at the host too to see if someone gains access tothe control panel whether or not they could get access to web mail for different users. Also, there may be something set up via the control panel to allow this employee access to the mail box? Im no familiar with 1&1 to be fair.