Stopping James Bond

Hi all-

I've got a user who appears to have installed a keylogger on a business machine & may have compromised sensitive data. I want to limit this person's access severely. I do not want this person to be able to install/uninstall programs or disrupt any keylogger program that I might install to watch what this person is doing.
Any suggestions?

 

Which Operating System?

 

While you are waiting for a more expert solution, you might like to check out Covert Ops programs at http://www.majorgeeks.com/downloads6.html

I haven't had the need for them, so can't suggest what program/s is/are best. Others will reply here, I hope. Bazza

 

Thank you for replying, and I apologize for not including the operating system....
Windows Vista....and it is a possibility that he may also have placed keyloggers on the other 2 machines which are running XP Pro.


I just want to stop him from doing any additional harm.....

 

Unbelievably, the employer has allowed him unlimited access because they didn't understand what he was doing. They hired him as a laborer but when he claimed that he went to school for computers, they began allowing him to run their IT department. Unfortunately, their knowledge of computers is limited to turning it on and clicking their 'favorite' links that he bookmarked for them. They have completely relied on him for several years to run 2 of their companies that are housed in the same location. He acts as the "IT" guy - and does various other jobs for them. I can actually see their eyes glaze over when I speak to them about keyloggers, remote access, administrative privileges, and so on. I am slowly getting them to understand the security threat he poses and they've given me permission to do what is necessary to stop him. But I do not know if I will be able to get them to agree to cut him off completely and take all of our 25+ computers to an IT person to have them checked.
To put things in perspective, the employer actually believed that if they broke his computer by 'accidentally' dropping it off his desk, that that would end his access to their company & client information. So that's what I'm up against.
The guy clearly knows more than I do about computers, but there's got to be a way I can do some damage control until such time as I'm able to get the employer to fully understand what he's doing to them. I only know that he installed a keylogger because he bragged about it. I think he's also been tape recording conversations in the office when he's away because he knew - verbatim - a conversation that happened between me and one other person (who also wants this guy fired so I know he didn't tell him what we spoke about).
I've got to remove that keylogger without damaging data. It doesn't appear to be a hardware device since there is nothing extra plugged in between the keyboard and tower. If I click on task manager I know that it might be there - but I also know that some keyloggers claim not to be able to be seen by task manager.
I want to know how to limit his access to everything on the computer except for Quick Books & MS word. I don't want to him to be able to download anything from the internet, use email, install any programs, delete any files, folders, or programs.........I want to set a user account for him with extremely limited access to the computer.
(I've only been working for the company about 3 weeks) and he knows I have some working knowledge about computers.....he already sees me as a threat to his job so I'm sure he'll try to cover his tracks.
Can you help me figure out how to deal with this guy?

In closing, I just want to say that you guys are wonderful and I appreciate so very much the advice you offer. Thank you.

 

Thank you! I'm on it - hopefully one of the bosses will be there tomorrow and I can get this started.

 

I was doing a search and came across this post. The problem was fascinating! What happened? Was the person fired? How did you resolve this? Thank you.