HIJACKED
Moderator: MOD_nyhetsgrupper
-
Ralph Bailey
HIJACKED
This may be off-topic, but I do not know where else to turn.
I have been hijacked by a child pornographer and am receiving bounced
messages from people I do not know who are not in my address book.
Have checked everything I can find on line about hijacking and have reported
same to the FCC. Many articles written explaining what it is, but only one
suggestion I could find as to what to do about it and it did not work.
The suggestion was to put AAA in my address book and VIRUS ALERT as the
address with the hope that a potential spammer would start at the beginning
of the address book and would quit when the first address was invalid.
This did not work because the spammer had already captured my Email.
Some articles indicate the messages could be coming from another computer
where my address is in that computer's Address Book.
The messages do not show up in my Sent Messages folder.
Notified my ISP and they were not interested. Suggested a virus check.
Have run SpyBot and Adware several times as well as Norton Antivirus.
Have changed from Internet Explore to Godzilla Fox, but still using
OutlookExpress on XPHome. Still getting the bounced messages.
The only solution that comes to mind is to change my Email address, but I do
not want to do this if I can avoid it.
Keep expecting the F. B. I. to show up and arrest me as a child pornographer
and anticipate that eventually I may get kicked out of NG's, lists or boards
as a spammer.
Help !!!!!!!!!!!!
Ralph Bailey
I have been hijacked by a child pornographer and am receiving bounced
messages from people I do not know who are not in my address book.
Have checked everything I can find on line about hijacking and have reported
same to the FCC. Many articles written explaining what it is, but only one
suggestion I could find as to what to do about it and it did not work.
The suggestion was to put AAA in my address book and VIRUS ALERT as the
address with the hope that a potential spammer would start at the beginning
of the address book and would quit when the first address was invalid.
This did not work because the spammer had already captured my Email.
Some articles indicate the messages could be coming from another computer
where my address is in that computer's Address Book.
The messages do not show up in my Sent Messages folder.
Notified my ISP and they were not interested. Suggested a virus check.
Have run SpyBot and Adware several times as well as Norton Antivirus.
Have changed from Internet Explore to Godzilla Fox, but still using
OutlookExpress on XPHome. Still getting the bounced messages.
The only solution that comes to mind is to change my Email address, but I do
not want to do this if I can avoid it.
Keep expecting the F. B. I. to show up and arrest me as a child pornographer
and anticipate that eventually I may get kicked out of NG's, lists or boards
as a spammer.
Help !!!!!!!!!!!!
Ralph Bailey
-
Dave Hinz
Re: HIJACKED
On Thu, 23 Dec 2004 21:55:42 +0000 (UTC), "Ralph Bailey" <ralph-dianne@charter.net> wrote:
Every virus these days forges the from: header. The only thing you know for
sure, if messages look like they are from you, is that they are in fact
_not_ from you. Most likely an infected person's address book has you in it.
Here's what I'd suggest. Download AdAware from http://www.lavasoftusa.com
and AVG antivirus from http://www.grisoft.com - install and run them
(AdAware first), clean up anything they suggest to. In years, I have
never been bit by either of these deleting something I needed, so I trust
both of them.
Go to windowsupdate.microsoft.com and make sure you're up to date there
as well. But, I don't think your system is the problem.
That's an urban legend and never did have any effect other than to waste
the time of people and make them think they were doing something useful.
It's at least a benign example of bad advice, where the one that says
"go delete whatever.dll from your win32 directory" actively hosed systems.
I have a hard time understanding the motivation of some people to come
up with these hoaxes.
Chances that a spammer is using your system to send email is very low
indeed. Chances are high, however, that someone with you in their
address book has a virus, and that virus sends out spam with other
addresses in _their_ address book as the From: address.
There ya go.
Not definative, but supporting the theory that you didn't send them. Good
sign.
Yeah, well... it's hard to keep good technical help at an ISPs help desk.
Thankless work, low pay, bad hours, and thankless work.
Sounds like you're clean.
I saw an article today that the folks who brought us mozilla/firefox
have an email client to challenge Outlook, called Lightning. Haven't
tried it yet. If Firefox is any indication, it's worth a serious look.
That won't help - the new one will just be put into some other
virus-infested user's address book, and the cycle will repeat. Not worth
the inconvenience to you.
Naah, the FBI knows how to read headers and will know it's not from you.
And any _decent_ sysadmin or moderator knows about from: headers being
forged, so you should be OK there as well.
No worries there.
Hang in there, Ralph.
Dave Hinz
This may be off-topic, but I do not know where else to turn.
I have been hijacked by a child pornographer and am receiving bounced
messages from people I do not know who are not in my address book.
Every virus these days forges the from: header. The only thing you know for
sure, if messages look like they are from you, is that they are in fact
_not_ from you. Most likely an infected person's address book has you in it.
Have checked everything I can find on line about hijacking and have reported
same to the FCC. Many articles written explaining what it is, but only one
suggestion I could find as to what to do about it and it did not work.
Here's what I'd suggest. Download AdAware from http://www.lavasoftusa.com
and AVG antivirus from http://www.grisoft.com - install and run them
(AdAware first), clean up anything they suggest to. In years, I have
never been bit by either of these deleting something I needed, so I trust
both of them.
Go to windowsupdate.microsoft.com and make sure you're up to date there
as well. But, I don't think your system is the problem.
The suggestion was to put AAA in my address book and VIRUS ALERT as the
address with the hope that a potential spammer would start at the beginning
of the address book and would quit when the first address was invalid.
That's an urban legend and never did have any effect other than to waste
the time of people and make them think they were doing something useful.
It's at least a benign example of bad advice, where the one that says
"go delete whatever.dll from your win32 directory" actively hosed systems.
I have a hard time understanding the motivation of some people to come
up with these hoaxes.
This did not work because the spammer had already captured my Email.
Chances that a spammer is using your system to send email is very low
indeed. Chances are high, however, that someone with you in their
address book has a virus, and that virus sends out spam with other
addresses in _their_ address book as the From: address.
Some articles indicate the messages could be coming from another computer
where my address is in that computer's Address Book.
There ya go.
The messages do not show up in my Sent Messages folder.
Not definative, but supporting the theory that you didn't send them. Good
sign.
Notified my ISP and they were not interested. Suggested a virus check.
Yeah, well... it's hard to keep good technical help at an ISPs help desk.
Thankless work, low pay, bad hours, and thankless work.
Have run SpyBot and Adware several times as well as Norton Antivirus.
Sounds like you're clean.
Have changed from Internet Explore to Godzilla Fox, but still using
OutlookExpress on XPHome. Still getting the bounced messages.
I saw an article today that the folks who brought us mozilla/firefox
have an email client to challenge Outlook, called Lightning. Haven't
tried it yet. If Firefox is any indication, it's worth a serious look.
The only solution that comes to mind is to change my Email address, but I do
not want to do this if I can avoid it.
That won't help - the new one will just be put into some other
virus-infested user's address book, and the cycle will repeat. Not worth
the inconvenience to you.
Keep expecting the F. B. I. to show up and arrest me as a child pornographer
and anticipate that eventually I may get kicked out of NG's, lists or boards
as a spammer.
Naah, the FBI knows how to read headers and will know it's not from you.
And any _decent_ sysadmin or moderator knows about from: headers being
forged, so you should be OK there as well.
No worries there.
Hang in there, Ralph.
Dave Hinz
-
Ralph Bailey
Re: HIJACKED
----- Original Message -----
From: "Dave Hinz" <DaveHinz@spamcop.net>
To: <ALT-GENEALOGY-L@rootsweb.com>
Sent: Thursday, December 23, 2004 4:05 PM
Subject: Re: HIJACKED
Thanks, Dave, appreciate the response.
Since it appears I already did everything you suggest except use AVG
instead of Norton, do I just grin and bear it ?
Incidentally, since I sent the original message my computer locked up and I
had to unplug it and when I went back on line my newly installed Adware and
GodzillaFox had disappeared. Will reinstall.
Ralph
From: "Dave Hinz" <DaveHinz@spamcop.net>
To: <ALT-GENEALOGY-L@rootsweb.com>
Sent: Thursday, December 23, 2004 4:05 PM
Subject: Re: HIJACKED
On Thu, 23 Dec 2004 21:55:42 +0000 (UTC), "Ralph Bailey"
ralph-dianne@charter.net> wrote:
This may be off-topic, but I do not know where else to turn.
I have been hijacked by a child pornographer and am receiving bounced
messages from people I do not know who are not in my address book.
Every virus these days forges the from: header. The only thing you know
for
sure, if messages look like they are from you, is that they are in fact
_not_ from you. Most likely an infected person's address book has you in
it.
Have checked everything I can find on line about hijacking and have
reported
same to the FCC. Many articles written explaining what it is, but only
one
suggestion I could find as to what to do about it and it did not work.
Here's what I'd suggest. Download AdAware from http://www.lavasoftusa.com
and AVG antivirus from http://www.grisoft.com - install and run them
(AdAware first), clean up anything they suggest to. In years, I have
never been bit by either of these deleting something I needed, so I trust
both of them.
Go to windowsupdate.microsoft.com and make sure you're up to date there
as well. But, I don't think your system is the problem.
The suggestion was to put AAA in my address book and VIRUS ALERT as the
address with the hope that a potential spammer would start at the
beginning
of the address book and would quit when the first address was invalid.
That's an urban legend and never did have any effect other than to waste
the time of people and make them think they were doing something useful.
It's at least a benign example of bad advice, where the one that says
"go delete whatever.dll from your win32 directory" actively hosed systems.
I have a hard time understanding the motivation of some people to come
up with these hoaxes.
This did not work because the spammer had already captured my Email.
Chances that a spammer is using your system to send email is very low
indeed. Chances are high, however, that someone with you in their
address book has a virus, and that virus sends out spam with other
addresses in _their_ address book as the From: address.
Some articles indicate the messages could be coming from another computer
where my address is in that computer's Address Book.
There ya go.
The messages do not show up in my Sent Messages folder.
Not definative, but supporting the theory that you didn't send them. Good
sign.
Notified my ISP and they were not interested. Suggested a virus check.
Yeah, well... it's hard to keep good technical help at an ISPs help desk.
Thankless work, low pay, bad hours, and thankless work.
Have run SpyBot and Adware several times as well as Norton Antivirus.
Sounds like you're clean.
Have changed from Internet Explore to Godzilla Fox, but still using
OutlookExpress on XPHome. Still getting the bounced messages.
I saw an article today that the folks who brought us mozilla/firefox
have an email client to challenge Outlook, called Lightning. Haven't
tried it yet. If Firefox is any indication, it's worth a serious look.
The only solution that comes to mind is to change my Email address, but I
do
not want to do this if I can avoid it.
That won't help - the new one will just be put into some other
virus-infested user's address book, and the cycle will repeat. Not worth
the inconvenience to you.
Keep expecting the F. B. I. to show up and arrest me as a child
pornographer
and anticipate that eventually I may get kicked out of NG's, lists or
boards
as a spammer.
Naah, the FBI knows how to read headers and will know it's not from you.
And any _decent_ sysadmin or moderator knows about from: headers being
forged, so you should be OK there as well.
No worries there.
Hang in there, Ralph.
Dave Hinz
Thanks, Dave, appreciate the response.
Since it appears I already did everything you suggest except use AVG
instead of Norton, do I just grin and bear it ?
Incidentally, since I sent the original message my computer locked up and I
had to unplug it and when I went back on line my newly installed Adware and
GodzillaFox had disappeared. Will reinstall.
Ralph
-
Alan Jones
Re: HIJACKED
I agree with what Dave said. It does not sound like it is on your computer
at all.
But if faking messages to look like it came from you email.
You mentioned child pornography, do you mean it was sending porn pictures
or advertising some porn service? If so, I would think the FCC could track
it down and lock them up.
Tell you friends that bad emails that appear to be coming from you are not.
Alan
""Ralph Bailey"" <ralph-dianne@charter.net> wrote in message
news:000401c4e95c$b67c77d0$2302a8c0@S0029855668...
at all.
But if faking messages to look like it came from you email.
You mentioned child pornography, do you mean it was sending porn pictures
or advertising some porn service? If so, I would think the FCC could track
it down and lock them up.
Tell you friends that bad emails that appear to be coming from you are not.
Alan
""Ralph Bailey"" <ralph-dianne@charter.net> wrote in message
news:000401c4e95c$b67c77d0$2302a8c0@S0029855668...
----- Original Message -----
From: "Dave Hinz" <DaveHinz@spamcop.net
To: <ALT-GENEALOGY-L@rootsweb.com
Sent: Thursday, December 23, 2004 4:05 PM
Subject: Re: HIJACKED
On Thu, 23 Dec 2004 21:55:42 +0000 (UTC), "Ralph Bailey"
ralph-dianne@charter.net> wrote:
This may be off-topic, but I do not know where else to turn.
I have been hijacked by a child pornographer and am receiving bounced
messages from people I do not know who are not in my address book.
Every virus these days forges the from: header. The only thing you know
for
sure, if messages look like they are from you, is that they are in fact
_not_ from you. Most likely an infected person's address book has you in
it.
Have checked everything I can find on line about hijacking and have
reported
same to the FCC. Many articles written explaining what it is, but only
one
suggestion I could find as to what to do about it and it did not work.
Here's what I'd suggest. Download AdAware from
http://www.lavasoftusa.com
and AVG antivirus from http://www.grisoft.com - install and run them
(AdAware first), clean up anything they suggest to. In years, I have
never been bit by either of these deleting something I needed, so I trust
both of them.
Go to windowsupdate.microsoft.com and make sure you're up to date there
as well. But, I don't think your system is the problem.
The suggestion was to put AAA in my address book and VIRUS ALERT as the
address with the hope that a potential spammer would start at the
beginning
of the address book and would quit when the first address was invalid.
That's an urban legend and never did have any effect other than to waste
the time of people and make them think they were doing something useful.
It's at least a benign example of bad advice, where the one that says
"go delete whatever.dll from your win32 directory" actively hosed
systems.
I have a hard time understanding the motivation of some people to come
up with these hoaxes.
This did not work because the spammer had already captured my Email.
Chances that a spammer is using your system to send email is very low
indeed. Chances are high, however, that someone with you in their
address book has a virus, and that virus sends out spam with other
addresses in _their_ address book as the From: address.
Some articles indicate the messages could be coming from another
computer
where my address is in that computer's Address Book.
There ya go.
The messages do not show up in my Sent Messages folder.
Not definative, but supporting the theory that you didn't send them.
Good
sign.
Notified my ISP and they were not interested. Suggested a virus check.
Yeah, well... it's hard to keep good technical help at an ISPs help desk.
Thankless work, low pay, bad hours, and thankless work.
Have run SpyBot and Adware several times as well as Norton Antivirus.
Sounds like you're clean.
Have changed from Internet Explore to Godzilla Fox, but still using
OutlookExpress on XPHome. Still getting the bounced messages.
I saw an article today that the folks who brought us mozilla/firefox
have an email client to challenge Outlook, called Lightning. Haven't
tried it yet. If Firefox is any indication, it's worth a serious look.
The only solution that comes to mind is to change my Email address, but
I do
not want to do this if I can avoid it.
That won't help - the new one will just be put into some other
virus-infested user's address book, and the cycle will repeat. Not worth
the inconvenience to you.
Keep expecting the F. B. I. to show up and arrest me as a child
pornographer
and anticipate that eventually I may get kicked out of NG's, lists or
boards
as a spammer.
Naah, the FBI knows how to read headers and will know it's not from you.
And any _decent_ sysadmin or moderator knows about from: headers being
forged, so you should be OK there as well.
No worries there.
Hang in there, Ralph.
Dave Hinz
Thanks, Dave, appreciate the response.
Since it appears I already did everything you suggest except use AVG
instead of Norton, do I just grin and bear it ?
Incidentally, since I sent the original message my computer locked up and
I had to unplug it and when I went back on line my newly installed Adware
and GodzillaFox had disappeared. Will reinstall.
Ralph
-
George
Re: HIJACKED
ralph-dianne@charter.net ("Ralph Bailey") wrote in
news:000401c4e95c$b67c77d0$2302a8c0@S0029855668:
Ralph, it sounds like you have more going on than originally thought. I
would suggest that you also open Internet Explorer and dump the cache and
dump the cookies. Then go to c:\windows\temp and dump everything in there.
Another really good program is Adware Spy (http://www.adwarespy.com). It's
payware, but after running Ad-Aware, AVG, and Spybot, Adware Spy found
***455*** more problems with my comp (mainly reg entries). Whew!
And do please consider using a different mail client. I've used Pegasus
for years (http://www.pmusa.com); the learning curve is low and fast, and most
spyware/viruses can't seem to figure it out.
Geo
news:000401c4e95c$b67c77d0$2302a8c0@S0029855668:
Since it appears I already did everything you suggest except use AVG
instead of Norton, do I just grin and bear it ?
Incidentally, since I sent the original message my computer locked up
and I had to unplug it and when I went back on line my newly installed
Adware and GodzillaFox had disappeared. Will reinstall.
Ralph, it sounds like you have more going on than originally thought. I
would suggest that you also open Internet Explorer and dump the cache and
dump the cookies. Then go to c:\windows\temp and dump everything in there.
Another really good program is Adware Spy (http://www.adwarespy.com). It's
payware, but after running Ad-Aware, AVG, and Spybot, Adware Spy found
***455*** more problems with my comp (mainly reg entries). Whew!
And do please consider using a different mail client. I've used Pegasus
for years (http://www.pmusa.com); the learning curve is low and fast, and most
spyware/viruses can't seem to figure it out.
Geo
-
Agnes L.
Re: HIJACKED
Ralph, why don't you give a couple of the following online antivirus
scanners a try? Might help. And have you checked out any of the
computer newsgroups? alt. computer & 24hoursupport helpdesk
are excellent. They've resolved a lot of my computer problems.
Should you decide to post a question to either newsgroup, make
sure you munge your e-mail address. Aggie
http://housecall.trendmicro.com/houseca ... t_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/activescan/activescan.asp
http://commandondemand.com/eval/index.cfm
http://www.bitdefender.com/scan/licence.php
http://www.pcpitstop.com/antivirus/default.asp
http://scan.sygatetech.com/prestealthscan.html
""Ralph Bailey"" <ralph-dianne@charter.net> wrote in message
news:010001c4e93a$290169f0$2302a8c0@S0029855668...
| This may be off-topic, but I do not know where else to turn.
|
| I have been hijacked by a child pornographer and am receiving bounced
| messages from people I do not know who are not in my address book.
|
| Have checked everything I can find on line about hijacking and have
reported
| same to the FCC. Many articles written explaining what it is, but
only one
| suggestion I could find as to what to do about it and it did not work.
|
| The suggestion was to put AAA in my address book and VIRUS ALERT as
the
| address with the hope that a potential spammer would start at the
beginning
| of the address book and would quit when the first address was invalid.
|
| This did not work because the spammer had already captured my Email.
|
| Some articles indicate the messages could be coming from another
computer
| where my address is in that computer's Address Book.
|
| The messages do not show up in my Sent Messages folder.
|
| Notified my ISP and they were not interested. Suggested a virus
check.
|
| Have run SpyBot and Adware several times as well as Norton Antivirus.
|
| Have changed from Internet Explore to Godzilla Fox, but still using
| OutlookExpress on XPHome. Still getting the bounced messages.
|
| The only solution that comes to mind is to change my Email address,
but I do
| not want to do this if I can avoid it.
|
| Keep expecting the F. B. I. to show up and arrest me as a child
pornographer
| and anticipate that eventually I may get kicked out of NG's, lists or
boards
| as a spammer.
|
| Help !!!!!!!!!!!!
|
| Ralph Bailey
|
scanners a try? Might help. And have you checked out any of the
computer newsgroups? alt. computer & 24hoursupport helpdesk
are excellent. They've resolved a lot of my computer problems.
Should you decide to post a question to either newsgroup, make
sure you munge your e-mail address. Aggie
http://housecall.trendmicro.com/houseca ... t_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/activescan/activescan.asp
http://commandondemand.com/eval/index.cfm
http://www.bitdefender.com/scan/licence.php
http://www.pcpitstop.com/antivirus/default.asp
http://scan.sygatetech.com/prestealthscan.html
""Ralph Bailey"" <ralph-dianne@charter.net> wrote in message
news:010001c4e93a$290169f0$2302a8c0@S0029855668...
| This may be off-topic, but I do not know where else to turn.
|
| I have been hijacked by a child pornographer and am receiving bounced
| messages from people I do not know who are not in my address book.
|
| Have checked everything I can find on line about hijacking and have
reported
| same to the FCC. Many articles written explaining what it is, but
only one
| suggestion I could find as to what to do about it and it did not work.
|
| The suggestion was to put AAA in my address book and VIRUS ALERT as
the
| address with the hope that a potential spammer would start at the
beginning
| of the address book and would quit when the first address was invalid.
|
| This did not work because the spammer had already captured my Email.
|
| Some articles indicate the messages could be coming from another
computer
| where my address is in that computer's Address Book.
|
| The messages do not show up in my Sent Messages folder.
|
| Notified my ISP and they were not interested. Suggested a virus
check.
|
| Have run SpyBot and Adware several times as well as Norton Antivirus.
|
| Have changed from Internet Explore to Godzilla Fox, but still using
| OutlookExpress on XPHome. Still getting the bounced messages.
|
| The only solution that comes to mind is to change my Email address,
but I do
| not want to do this if I can avoid it.
|
| Keep expecting the F. B. I. to show up and arrest me as a child
pornographer
| and anticipate that eventually I may get kicked out of NG's, lists or
boards
| as a spammer.
|
| Help !!!!!!!!!!!!
|
| Ralph Bailey
|
-
Charani
Re: HIJACKED
On Thu, 23 Dec 2004 21:55:42 +0000 (UTC), "Ralph Bailey" wrote:
First off, you haven't been hijacked unless your home page is now a
child porn page.
Second how do you know it's child porn?? Did you open the bounced
mails?? If you did you may well have an infected machine yourself and
the last thing you want or need is to have child porn on your PC!!
Never, ever open bounced mail notifications unless you are 200%
certain it's from your ISP and relates to a mail you've just sent.
Bounces happen immediately, not several days later.
You will keep getting bounced messages until the person with the
infected machine cleans it up.
You've been given some good advice about online scans, installing
Ad-Aware, etc. I would also add SpywareBlaster to that list
(available free from http://www.majorgeeks.com) and also run a port scan from
https://www.grc.com/x/ne.dll?bh0bkyd2
That will tell you if you need to beef up your firewall and internet
security.
For sound advice about protecting yourself from this sort of thing,
I'd suggest subbing to alt.privacy.spyware.
This may be off-topic, but I do not know where else to turn.
I have been hijacked by a child pornographer and am receiving bounced
messages from people I do not know who are not in my address book.
First off, you haven't been hijacked unless your home page is now a
child porn page.
Second how do you know it's child porn?? Did you open the bounced
mails?? If you did you may well have an infected machine yourself and
the last thing you want or need is to have child porn on your PC!!
Never, ever open bounced mail notifications unless you are 200%
certain it's from your ISP and relates to a mail you've just sent.
Bounces happen immediately, not several days later.
You will keep getting bounced messages until the person with the
infected machine cleans it up.
You've been given some good advice about online scans, installing
Ad-Aware, etc. I would also add SpywareBlaster to that list
(available free from http://www.majorgeeks.com) and also run a port scan from
https://www.grc.com/x/ne.dll?bh0bkyd2
That will tell you if you need to beef up your firewall and internet
security.
For sound advice about protecting yourself from this sort of thing,
I'd suggest subbing to alt.privacy.spyware.
-
Rich Heimlich
Re: HIJACKED
I have quite a list of family members and friends who call me to help
with their various computer problems. Most of these people are not
computer geeks in the least and most would not want to resort to
having to go through much of what has been outlined here as they'd
feel like they'd have to run all of these things every time they boot
their computer. They'd sooner give up the computer than go through all
of that.
Because of that I've adopted a couple strategies to help reduce or
eliminate the problems for them.
First, Internet Explorer is retired. I don't bother to uninstall it as
that can be tricky, but I do remove almost all references to it and
then install an alternate browser (currently Firefox). This cuts out a
ton of the spyware problems as IE is often a direct target. 95% of
websites work just fine with non-IE browsers. The few that don't
either aren't important or they can run IE to access them with the
warning that they should only do this for known-good and essential
sites (say like a bank's site).
Second, I remove Outlook and Outlook Express and install another
e-mail package. That too removes a slew of problems. Now, every few
months these people run the various checkers and find only a few
tracking cookies and little else. It's kept my phone from ringing
quite a bit so I believe in the approach.
Like it or not, Microsoft products are targets for this garbage so you
can either continually fight the battle or simply get out of the way.
For many people I interact with, the much saner solution is to just
get out of the way.
with their various computer problems. Most of these people are not
computer geeks in the least and most would not want to resort to
having to go through much of what has been outlined here as they'd
feel like they'd have to run all of these things every time they boot
their computer. They'd sooner give up the computer than go through all
of that.
Because of that I've adopted a couple strategies to help reduce or
eliminate the problems for them.
First, Internet Explorer is retired. I don't bother to uninstall it as
that can be tricky, but I do remove almost all references to it and
then install an alternate browser (currently Firefox). This cuts out a
ton of the spyware problems as IE is often a direct target. 95% of
websites work just fine with non-IE browsers. The few that don't
either aren't important or they can run IE to access them with the
warning that they should only do this for known-good and essential
sites (say like a bank's site).
Second, I remove Outlook and Outlook Express and install another
e-mail package. That too removes a slew of problems. Now, every few
months these people run the various checkers and find only a few
tracking cookies and little else. It's kept my phone from ringing
quite a bit so I believe in the approach.
Like it or not, Microsoft products are targets for this garbage so you
can either continually fight the battle or simply get out of the way.
For many people I interact with, the much saner solution is to just
get out of the way.
-
Dave Hinz
Re: HIJACKED
On Thu, 23 Dec 2004 22:17:22 -0600, George <boygeorgewGETRID@OFTHISyahoo.com> wrote:
Can you tell me what you think this helps please? One of us understands
more about it than the other, and I'm not sure if it's you, or me. Either
is likely; I'm not trying to be snotty here, I'm serious.
Interesting. Hadn't tried that one. Have you tried it with Spybot Search&
Destroy?
Yes, Outlook is the most popular target for virus writers, because
(a) It's everywhere, and (b) It's horribly insecure.
Dave Hinz
Ralph, it sounds like you have more going on than originally thought. I
would suggest that you also open Internet Explorer and dump the cache and
dump the cookies. Then go to c:\windows\temp and dump everything in there.
Can you tell me what you think this helps please? One of us understands
more about it than the other, and I'm not sure if it's you, or me. Either
is likely; I'm not trying to be snotty here, I'm serious.
Another really good program is Adware Spy (http://www.adwarespy.com). It's
payware, but after running Ad-Aware, AVG, and Spybot, Adware Spy found
***455*** more problems with my comp (mainly reg entries). Whew!
Interesting. Hadn't tried that one. Have you tried it with Spybot Search&
Destroy?
And do please consider using a different mail client. I've used Pegasus
for years (http://www.pmusa.com); the learning curve is low and fast, and most
spyware/viruses can't seem to figure it out.
Yes, Outlook is the most popular target for virus writers, because
(a) It's everywhere, and (b) It's horribly insecure.
Dave Hinz
-
George
Re: HIJACKED
Dave Hinz <DaveHinz@spamcop.net> wrote in
news:33aorpF3sb1itU4@individual.net:
It's more precautionary than anything else. Some cookies are written to
track your web surfing and emailing, then report that info back to their
source. While that's not as common now as it used to be, it still does
happen. Those cookies can be considered a form of spyware, better to dump
them. Your cache can have javascript and active-x that may be triggered
every time you open your browser. C:\windows\temp is a repository for all
kinds of things, including stuff that downloaded in the background. One of
the most common things is start.exe, a sneaky spyware program. Plus, less
stuff in these locations means that programs/OS can run faster.
To be honest, I hardly use Spybot anymore. About the only thing it catches
is the DSO Exploit (which, according to the FAQs is a bug in Spybot). Ad-
Aware, AVG and Adware Spy do a much better job.
One of the nice things I like about Pegasus is that I can look at the mail
headers (To: From: Subject: etc) and delete anything that is suspect before
actually downloading my mail. An extra step, yes, but it really cuts down
on junk and potential hazards landing in my inbox. And once I download I
have better control over attachments.
Hope this helps.
Geo
news:33aorpF3sb1itU4@individual.net:
On Thu, 23 Dec 2004 22:17:22 -0600, George
boygeorgewGETRID@OFTHISyahoo.com> wrote:
Ralph, it sounds like you have more going on than originally thought.
I would suggest that you also open Internet Explorer and dump the
cache and dump the cookies. Then go to c:\windows\temp and dump
everything in there.
Can you tell me what you think this helps please? One of us
understands more about it than the other, and I'm not sure if it's
you, or me. Either is likely; I'm not trying to be snotty here, I'm
serious.
It's more precautionary than anything else. Some cookies are written to
track your web surfing and emailing, then report that info back to their
source. While that's not as common now as it used to be, it still does
happen. Those cookies can be considered a form of spyware, better to dump
them. Your cache can have javascript and active-x that may be triggered
every time you open your browser. C:\windows\temp is a repository for all
kinds of things, including stuff that downloaded in the background. One of
the most common things is start.exe, a sneaky spyware program. Plus, less
stuff in these locations means that programs/OS can run faster.
Another really good program is Adware Spy (http://www.adwarespy.com). It's
payware, but after running Ad-Aware, AVG, and Spybot, Adware Spy
found ***455*** more problems with my comp (mainly reg entries).
Whew!
Interesting. Hadn't tried that one. Have you tried it with Spybot
Search& Destroy?
To be honest, I hardly use Spybot anymore. About the only thing it catches
is the DSO Exploit (which, according to the FAQs is a bug in Spybot). Ad-
Aware, AVG and Adware Spy do a much better job.
And do please consider using a different mail client. I've used
Pegasus for years (http://www.pmusa.com); the learning curve is low and
fast, and most spyware/viruses can't seem to figure it out.
Yes, Outlook is the most popular target for virus writers, because
(a) It's everywhere, and (b) It's horribly insecure.
One of the nice things I like about Pegasus is that I can look at the mail
headers (To: From: Subject: etc) and delete anything that is suspect before
actually downloading my mail. An extra step, yes, but it really cuts down
on junk and potential hazards landing in my inbox. And once I download I
have better control over attachments.
Hope this helps.
Geo
-
Dave Hinz
Re: HIJACKED
On Mon, 27 Dec 2004 13:47:35 -0600, George <boygeorgewGETRID@OFTHISyahoo.com> wrote:
Ah, but I've seen Adaware identify and wipe these regularly, are these other
cookies or the same ones that adaware would get?
But again I think these would be cleaned out with a spyware and/or antivirus
scan, no? That way, the cached content which is clean doesn't have to be
re-fetched. Not a biggie with broadband, but can suck badly for dialup folks.
I'll give Adware Spy a shot, thanks. Spybot is hard to teach un-skilled
users to run anyway.
I'm looking forward to trying Mozilla's Lightning mail client, they're making
it as a replacement for Outlook. I don't run 'doze any more, so I'm waiting
for a victim to try it on.
Dave Hinz
Dave Hinz <DaveHinz@spamcop.net> wrote in
news:33aorpF3sb1itU4@individual.net:
Can you tell me what you think this helps please?
It's more precautionary than anything else. Some cookies are written to
track your web surfing and emailing, then report that info back to their
source. While that's not as common now as it used to be, it still does
happen. Those cookies can be considered a form of spyware, better to dump
them.
Ah, but I've seen Adaware identify and wipe these regularly, are these other
cookies or the same ones that adaware would get?
Your cache can have javascript and active-x that may be triggered
every time you open your browser. C:\windows\temp is a repository for all
kinds of things, including stuff that downloaded in the background. One of
the most common things is start.exe, a sneaky spyware program. Plus, less
stuff in these locations means that programs/OS can run faster.
But again I think these would be cleaned out with a spyware and/or antivirus
scan, no? That way, the cached content which is clean doesn't have to be
re-fetched. Not a biggie with broadband, but can suck badly for dialup folks.
Another really good program is Adware Spy (http://www.adwarespy.com).
Interesting. Hadn't tried that one. Have you tried it with Spybot
Search& Destroy?
To be honest, I hardly use Spybot anymore. About the only thing it catches
is the DSO Exploit (which, according to the FAQs is a bug in Spybot). Ad-
Aware, AVG and Adware Spy do a much better job.
I'll give Adware Spy a shot, thanks. Spybot is hard to teach un-skilled
users to run anyway.
Yes, Outlook is the most popular target for virus writers, because
(a) It's everywhere, and (b) It's horribly insecure.
One of the nice things I like about Pegasus is that I can look at the mail
headers (To: From: Subject: etc) and delete anything that is suspect before
actually downloading my mail. An extra step, yes, but it really cuts down
on junk and potential hazards landing in my inbox. And once I download I
have better control over attachments.
I'm looking forward to trying Mozilla's Lightning mail client, they're making
it as a replacement for Outlook. I don't run 'doze any more, so I'm waiting
for a victim to try it on.
Dave Hinz
-
Hoosier Daddy
Re: HIJACKED
On Fri, 24 Dec 2004 02:03:11 +0000 (UTC), "Ralph Bailey" wrote:
Ralph, my advice is:
if you are that badly infected, format the hard drive after backing up
your important files. Restore the hard drive and drivers if you have a
Restore disk. If not, reinstall Windows, drivers, your antivirus and
spyware apps [I use AdAware, Spybot S&D, SpyWare Blaster and the new
Microsoft Adware Beta] and applications. SCAN YOUR SAVED DATA before
restoring it. It'll ultimately save time and insure you have a fresh, clean
start.
Then update update update scan scan scan after you're up and running
----- Original Message -----
From: "Dave Hinz" <DaveHinz@spamcop.net
To: <ALT-GENEALOGY-L@rootsweb.com
Sent: Thursday, December 23, 2004 4:05 PM
Subject: Re: HIJACKED
On Thu, 23 Dec 2004 21:55:42 +0000 (UTC), "Ralph Bailey"
ralph-dianne@charter.net> wrote:
This may be off-topic, but I do not know where else to turn.
I have been hijacked by a child pornographer and am receiving bounced
messages from people I do not know who are not in my address book.
Every virus these days forges the from: header. The only thing you know
for
sure, if messages look like they are from you, is that they are in fact
_not_ from you. Most likely an infected person's address book has you in
it.
Have checked everything I can find on line about hijacking and have
reported
same to the FCC. Many articles written explaining what it is, but only
one
suggestion I could find as to what to do about it and it did not work.
Here's what I'd suggest. Download AdAware from http://www.lavasoftusa.com
and AVG antivirus from http://www.grisoft.com - install and run them
(AdAware first), clean up anything they suggest to. In years, I have
never been bit by either of these deleting something I needed, so I trust
both of them.
Go to windowsupdate.microsoft.com and make sure you're up to date there
as well. But, I don't think your system is the problem.
The suggestion was to put AAA in my address book and VIRUS ALERT as the
address with the hope that a potential spammer would start at the
beginning
of the address book and would quit when the first address was invalid.
That's an urban legend and never did have any effect other than to waste
the time of people and make them think they were doing something useful.
It's at least a benign example of bad advice, where the one that says
"go delete whatever.dll from your win32 directory" actively hosed systems.
I have a hard time understanding the motivation of some people to come
up with these hoaxes.
This did not work because the spammer had already captured my Email.
Chances that a spammer is using your system to send email is very low
indeed. Chances are high, however, that someone with you in their
address book has a virus, and that virus sends out spam with other
addresses in _their_ address book as the From: address.
Some articles indicate the messages could be coming from another computer
where my address is in that computer's Address Book.
There ya go.
The messages do not show up in my Sent Messages folder.
Not definative, but supporting the theory that you didn't send them. Good
sign.
Notified my ISP and they were not interested. Suggested a virus check.
Yeah, well... it's hard to keep good technical help at an ISPs help desk.
Thankless work, low pay, bad hours, and thankless work.
Have run SpyBot and Adware several times as well as Norton Antivirus.
Sounds like you're clean.
Have changed from Internet Explore to Godzilla Fox, but still using
OutlookExpress on XPHome. Still getting the bounced messages.
I saw an article today that the folks who brought us mozilla/firefox
have an email client to challenge Outlook, called Lightning. Haven't
tried it yet. If Firefox is any indication, it's worth a serious look.
The only solution that comes to mind is to change my Email address, but I
do
not want to do this if I can avoid it.
That won't help - the new one will just be put into some other
virus-infested user's address book, and the cycle will repeat. Not worth
the inconvenience to you.
Keep expecting the F. B. I. to show up and arrest me as a child
pornographer
and anticipate that eventually I may get kicked out of NG's, lists or
boards
as a spammer.
Naah, the FBI knows how to read headers and will know it's not from you.
And any _decent_ sysadmin or moderator knows about from: headers being
forged, so you should be OK there as well.
No worries there.
Hang in there, Ralph.
Dave Hinz
Thanks, Dave, appreciate the response.
Since it appears I already did everything you suggest except use AVG
instead of Norton, do I just grin and bear it ?
Incidentally, since I sent the original message my computer locked up and I
had to unplug it and when I went back on line my newly installed Adware and
GodzillaFox had disappeared. Will reinstall.
Ralph
Ralph, my advice is:
if you are that badly infected, format the hard drive after backing up
your important files. Restore the hard drive and drivers if you have a
Restore disk. If not, reinstall Windows, drivers, your antivirus and
spyware apps [I use AdAware, Spybot S&D, SpyWare Blaster and the new
Microsoft Adware Beta] and applications. SCAN YOUR SAVED DATA before
restoring it. It'll ultimately save time and insure you have a fresh, clean
start.
Then update update update scan scan scan after you're up and running
-
Dave Hinz
Re: HIJACKED
On Tue, 11 Jan 2005 21:59:10 GMT, Hoosier Daddy <hoosier_daddynospam@frontiernet.net> wrote:
That is astonishingly bad advice for someone whose email is showing up
as the "from:" in forged virus-sent emails. When his address is in the
"from:" header, the only thing that can be sure is that it's _not_ from
his system.
No point in trashing his system when it's someone who has him in their
address book who has the virus.
Dave Hinz
Ralph, my advice is:
if you are that badly infected, format the hard drive after backing up
your important files. Restore the hard drive and drivers if you have a
Restore disk.
That is astonishingly bad advice for someone whose email is showing up
as the "from:" in forged virus-sent emails. When his address is in the
"from:" header, the only thing that can be sure is that it's _not_ from
his system.
If not, reinstall Windows, drivers, your antivirus and
spyware apps [I use AdAware, Spybot S&D, SpyWare Blaster and the new
Microsoft Adware Beta] and applications. SCAN YOUR SAVED DATA before
restoring it. It'll ultimately save time and insure you have a fresh, clean
start.
Then update update update scan scan scan after you're up and running
No point in trashing his system when it's someone who has him in their
address book who has the virus.
Dave Hinz
-
Ralph Bailey
Re: HIJACKED
----- Original Message -----
From: "Hoosier Daddy" <hoosier_daddynospam@frontiernet.net>
To: <ALT-GENEALOGY-L@rootsweb.com>
Sent: Tuesday, January 11, 2005 3:59 PM
Subject: Re: HIJACKED
Thanks Daddy,
I am not competent to do what you suggest, but will try to get someone to do
it for me.
I checked my unread messages (240) and had only one bounced message today
and they seem to be getting smaller in number. May adopt the easy way out,
grin and bear it, and hope the problem goes away. Perhaps changing to
MozillaFirefox helped.
I also tried MozillaThunderbird for Email, but did not like it and found 135
messages at OutlookExpress that did not come through to Thunderbird so am
back to OE. Can you recommend a good Email provider I can use without
having to change my address?
Have also received notice that several messages from my address were
returned because they contained a worm or virus which leads me to believe
the messages are not coming from my computer because I regularly run spyware
and anti-virus programs. Will what you suggest eliminate the problem if the
messages are coming from another computuer?
Thanks again,
Ralph
From: "Hoosier Daddy" <hoosier_daddynospam@frontiernet.net>
To: <ALT-GENEALOGY-L@rootsweb.com>
Sent: Tuesday, January 11, 2005 3:59 PM
Subject: Re: HIJACKED
On Fri, 24 Dec 2004 02:03:11 +0000 (UTC), "Ralph Bailey" wrote:
----- Original Message -----
From: "Dave Hinz" <DaveHinz@spamcop.net
To: <ALT-GENEALOGY-L@rootsweb.com
Sent: Thursday, December 23, 2004 4:05 PM
Subject: Re: HIJACKED
On Thu, 23 Dec 2004 21:55:42 +0000 (UTC), "Ralph Bailey"
ralph-dianne@charter.net> wrote:
This may be off-topic, but I do not know where else to turn.
I have been hijacked by a child pornographer and am receiving bounced
messages from people I do not know who are not in my address book.
Every virus these days forges the from: header. The only thing you know
for
sure, if messages look like they are from you, is that they are in fact
_not_ from you. Most likely an infected person's address book has you
in
it.
Have checked everything I can find on line about hijacking and have
reported
same to the FCC. Many articles written explaining what it is, but only
one
suggestion I could find as to what to do about it and it did not work.
Here's what I'd suggest. Download AdAware from
http://www.lavasoftusa.com
and AVG antivirus from http://www.grisoft.com - install and run them
(AdAware first), clean up anything they suggest to. In years, I have
never been bit by either of these deleting something I needed, so I
trust
both of them.
Go to windowsupdate.microsoft.com and make sure you're up to date there
as well. But, I don't think your system is the problem.
The suggestion was to put AAA in my address book and VIRUS ALERT as the
address with the hope that a potential spammer would start at the
beginning
of the address book and would quit when the first address was invalid.
That's an urban legend and never did have any effect other than to waste
the time of people and make them think they were doing something useful.
It's at least a benign example of bad advice, where the one that says
"go delete whatever.dll from your win32 directory" actively hosed
systems.
I have a hard time understanding the motivation of some people to come
up with these hoaxes.
This did not work because the spammer had already captured my Email.
Chances that a spammer is using your system to send email is very low
indeed. Chances are high, however, that someone with you in their
address book has a virus, and that virus sends out spam with other
addresses in _their_ address book as the From: address.
Some articles indicate the messages could be coming from another
computer
where my address is in that computer's Address Book.
There ya go.
The messages do not show up in my Sent Messages folder.
Not definative, but supporting the theory that you didn't send them.
Good
sign.
Notified my ISP and they were not interested. Suggested a virus check.
Yeah, well... it's hard to keep good technical help at an ISPs help
desk.
Thankless work, low pay, bad hours, and thankless work.
Have run SpyBot and Adware several times as well as Norton Antivirus.
Sounds like you're clean.
Have changed from Internet Explore to Godzilla Fox, but still using
OutlookExpress on XPHome. Still getting the bounced messages.
I saw an article today that the folks who brought us mozilla/firefox
have an email client to challenge Outlook, called Lightning. Haven't
tried it yet. If Firefox is any indication, it's worth a serious look.
The only solution that comes to mind is to change my Email address, but
I
do
not want to do this if I can avoid it.
That won't help - the new one will just be put into some other
virus-infested user's address book, and the cycle will repeat. Not
worth
the inconvenience to you.
Keep expecting the F. B. I. to show up and arrest me as a child
pornographer
and anticipate that eventually I may get kicked out of NG's, lists or
boards
as a spammer.
Naah, the FBI knows how to read headers and will know it's not from you.
And any _decent_ sysadmin or moderator knows about from: headers being
forged, so you should be OK there as well.
No worries there.
Hang in there, Ralph.
Dave Hinz
Thanks, Dave, appreciate the response.
Since it appears I already did everything you suggest except use AVG
instead of Norton, do I just grin and bear it ?
Incidentally, since I sent the original message my computer locked up and
I
had to unplug it and when I went back on line my newly installed Adware
and
GodzillaFox had disappeared. Will reinstall.
Ralph
Ralph, my advice is:
if you are that badly infected, format the hard drive after backing up
your important files. Restore the hard drive and drivers if you have a
Restore disk. If not, reinstall Windows, drivers, your antivirus and
spyware apps [I use AdAware, Spybot S&D, SpyWare Blaster and the new
Microsoft Adware Beta] and applications. SCAN YOUR SAVED DATA before
restoring it. It'll ultimately save time and insure you have a fresh,
clean
start.
Then update update update scan scan scan after you're up and running
Thanks Daddy,
I am not competent to do what you suggest, but will try to get someone to do
it for me.
I checked my unread messages (240) and had only one bounced message today
and they seem to be getting smaller in number. May adopt the easy way out,
grin and bear it, and hope the problem goes away. Perhaps changing to
MozillaFirefox helped.
I also tried MozillaThunderbird for Email, but did not like it and found 135
messages at OutlookExpress that did not come through to Thunderbird so am
back to OE. Can you recommend a good Email provider I can use without
having to change my address?
Have also received notice that several messages from my address were
returned because they contained a worm or virus which leads me to believe
the messages are not coming from my computer because I regularly run spyware
and anti-virus programs. Will what you suggest eliminate the problem if the
messages are coming from another computuer?
Thanks again,
Ralph
-
Charani
Re: HIJACKED
On Thu, 13 Jan 2005 17:20:50 +0000 (UTC), "Ralph Bailey" wrote:
There's nothing you can do beyond keeping your own computer as secure
as possible, your AV and firewall up to date and running; because you
don't know who's computer is infected.
If you could identify that *and* convince the owner that they were
infected, you might be able to persuade them to install and run an
Anti Virus program and a firewall but the chances are very slim that
you'd ever find the computer responsible. I've heard more tales of
denial and refusal to do anything about the problem than machines
being cleaned up.
The scenario is something like this: A gets a virus. B's email
address is on A's computer. A's computer sends out the virus to all
the addresses it finds on the computer, that includes newsgroups as
well as address books. B opens the mail s/he thinks is from A, clicks
on the link in the mail and gets infected and so the process starts
again.
You most likely don't even know the person with the infected machine
at all.
You've already indicated that your system is clean so doing a complete
reinstall, which isn't actualy that hard, won't stop you getting the
mails.
Will what you suggest eliminate the problem if the
messages are coming from another computuer?
There's nothing you can do beyond keeping your own computer as secure
as possible, your AV and firewall up to date and running; because you
don't know who's computer is infected.
If you could identify that *and* convince the owner that they were
infected, you might be able to persuade them to install and run an
Anti Virus program and a firewall but the chances are very slim that
you'd ever find the computer responsible. I've heard more tales of
denial and refusal to do anything about the problem than machines
being cleaned up.
The scenario is something like this: A gets a virus. B's email
address is on A's computer. A's computer sends out the virus to all
the addresses it finds on the computer, that includes newsgroups as
well as address books. B opens the mail s/he thinks is from A, clicks
on the link in the mail and gets infected and so the process starts
again.
You most likely don't even know the person with the infected machine
at all.
You've already indicated that your system is clean so doing a complete
reinstall, which isn't actualy that hard, won't stop you getting the
mails.
-
Ralph Bailey
Re: HIJACKED
Thanks, Charanai.
Ralph
----- Original Message -----
From: "Charani" <me@privacy.net>
To: <ALT-GENEALOGY-L@rootsweb.com>
Sent: Thursday, January 13, 2005 12:03 PM
Subject: Re: HIJACKED
Ralph
----- Original Message -----
From: "Charani" <me@privacy.net>
To: <ALT-GENEALOGY-L@rootsweb.com>
Sent: Thursday, January 13, 2005 12:03 PM
Subject: Re: HIJACKED
On Thu, 13 Jan 2005 17:20:50 +0000 (UTC), "Ralph Bailey" wrote:
Will what you suggest eliminate the problem if the
messages are coming from another computuer?
There's nothing you can do beyond keeping your own computer as secure
as possible, your AV and firewall up to date and running; because you
don't know who's computer is infected.
If you could identify that *and* convince the owner that they were
infected, you might be able to persuade them to install and run an
Anti Virus program and a firewall but the chances are very slim that
you'd ever find the computer responsible. I've heard more tales of
denial and refusal to do anything about the problem than machines
being cleaned up.
The scenario is something like this: A gets a virus. B's email
address is on A's computer. A's computer sends out the virus to all
the addresses it finds on the computer, that includes newsgroups as
well as address books. B opens the mail s/he thinks is from A, clicks
on the link in the mail and gets infected and so the process starts
again.
You most likely don't even know the person with the infected machine
at all.
You've already indicated that your system is clean so doing a complete
reinstall, which isn't actualy that hard, won't stop you getting the
mails.