remote access program/spyware

I asked my friend to help me with a router firmware update and he sent me an email while we talked on the phone. He works for my internet provider as a service tech, and wanted to have remote access to my computer to guide me through it. Any way the email he sent was a program called 4D something and it allowed him to have access to my comp. He said it would only stay on my comp for that session then he would know longer have access to it. He told me to click the 4d safe mode exe option, but now I'm worried, and I think he has access to my computer anytime he wants now, and he's just fooling me saying that he doesn't. Should I be worried and is anyone familiar with this 4D program? What should I do to be sure I have no spyware and what kind of info could he have gotten from me?

 

^ Is it similar to the programs on this page? 4D Client perhaps? Is the 4D icon in this PDF familiar?

I wouldn't be too worried about the situation, your friend is bound by company rules. And the law.
Breaking them could get him sacked or even prosecuted.
Why not call your ISP and ask them how to remove the program, that you've been asked to install.
Does it show up in the list of installed programs?
If so, simply uninstall it from there.
Otherwise, search your HDD for "4D" files (if applicable).
Cheers.

PS. Because the program is legitimate (I assume), antispyware programs aren't likely to pick it up.

 

we did this on his own personal time and his office is at his house. the 4d program he sent, he said he modified on his own. I haven't checked your links just yet to to be sure if it matches any but I don't see it as an installed program. I pay for Mcafee but seeing that alot of forum users bash it I tried downloading Malwarebytes free trial version and ran a scan last night, I just got up this morn to find that 1 registry key was detected as hijacked so I removed it. I don't know how much info has already been compromised, and how long I had that malware/virus, since Mcafee didn't pick it up. I'm not sure when it was changed or if it was my friends 4d program. I'm running another full scan with Malwarebytes as I type this. I'm worried now because I just changed my passwords since the conficker virus scare and I'm thinking the hijack malware logged my keystrokes. Any suggestions as to what I should do now? thanks for your response.

 

OK, now I understand your situation.
If MBAM only found one hijacked registry key and nothing else, you seem to be OK.
Having MBAM run a 2nd scan isn't much help.
You'd better try SUPERAntiSpyware and Dr.Web CureIt.
Let SAS run a full scan in safe mode; when you start your computer, hit F8 to get the options where you can select " Safe Mode" (of course after having installed and updated the free version of SAS).
Download links can be found through my signature.

I'm not sure if you actually had a virus/malware.
The hijacked registry key indicates that you may have had malware that tried to redirect your browser to a "bad" site but MBAM could also have reacted this way because you have changed a browser setting yourself or, for example, made a deliberate change setting up a program like Spyware Blaster.

If running the above mentioned programs doesn't give you peace of mind, take the "big" step of a clean install.
No use spending days or even weeks wondering whether you are "safe" if a clean install can be done in a couple of hours.
Cheers.

 

So I can just download Superanitspyware and install it while I have Mcafee, malwarebytes, and windows firewall installled too?

Anyway my 2nd and 3rd full scans with malwarebytes didn't detect anything.

If this'll help my situation a bit here's the log of the hijack detection that malwarebytes found and removed

Malwarebytes' Anti-Malware 1.35
Database version: 1936
Windows 6.0.6001 Service Pack 1

4/3/2009 6:45:27 AM
mbam-log-2009-04-03 (06-45-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 218962
Time elapsed: 41 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I'm off to work soon so I'll check back later for your response.

 

Check this MBAM forum thread for more details and see if they apply to your configuration (Vista version etc.).
The member/nickname Nossirah is MBAM developer Bruce Harisson, so especially read his answers.

You can easily use MBAM and SAS, the free versions that is, these don't offer real-time protection that could conflict with other programs/McAfee.
Cheers.