Jump to content

Bri

Members
  • Content Count

    47
  • Joined

  • Last visited

Everything posted by Bri

  1. I wish I could say something similar, but I get them all the time ..
  2. Bri

    Troubleshooting Bri's PC

    Sigh, where have I painted you with a big brush Wazoo? I was told by the moderator that only a member of the moderators group or a member could be trusted (in a private message). I have never even mentioned your name, Wazoo, on a public forum as an untrusted person. I am assuming a "member" such as I can not be trusted, since it seemed the moderator meant someone with"member" displayed in a dark blue graphic. I am sorry, but where am I missing something here? I would happily explain any misunderstandings. I have also clicked on "moderators" and only see Jeff's name listed which leads me to understand only he is a part of the moderators group. Again, any misconceptions on my part could be easily rectified.
  3. Bri

    Troubleshooting Bri's PC

    Outside of the lists that tend to block everybody, most of "your" listing appear to be due to your IPaddress falling within dynamic IP allocation space .. no big deal You're in an area where the only people I know aren't the techie types, so can't help you there. On the other hand, try this piece of software http://www.spychecker.com/program/hijackthis.html .... there's a small catch in that the way it was originally set-up, you'd run it, copy the output, and post it on a board un by the author and other folks, they'd run through it and tell you exactly what was there that shouldn't be, stuff recommended to get rid of, etc. ... Right now, that community resource now comes up as being "For Sale" , all data having been passed to the FBI, but I'm suspecting that he's just another average Joe that won't be able to substantiate enough of a business loss (software and advice was free) to get the FBI to actually get involved ... ?? ... he's been DDoS'd out of existence for the present .. the software is available in dozens of places, but not sure where to send you for the output read other than e-mailing it, and it appears your trust factor isn't that high now. There's over a half-dozen sites under this current DDoS action, and they've all been scrambling to put up mirrors elswhere in order to keep fighting the good fight, but I haven't been keeping close track of all the jumping around these last couple of weeks.
  4. Bri

    Troubleshooting Bri's PC

    oh, and I have no clue what Jeff said about my IP address being listed in th 12 of 258 lists tested but I suspected a long time ago I had been set up for something which is why I have been studying what the ramifications may be. It was only recently I learned that spammers may use an individuals computer for this purpose, and it is thanks to you all I did learn it. Is there anyone on this forum that could put me in live contact with someone that can fix this. Thanks to Jeff, you all know where I am .
  5. Bri

    Troubleshooting Bri's PC

    can't speak for JeffG, but all I recall was that he was describing a normal login pop-up that was seen at your attempted entrance to members.spamcop.net ... though mentioning that it differed little from the same type of pop-up you'd see anywhere else that required the use of an account name/password combo to gain entrance.
  6. Bri

    Troubleshooting Bri's PC

    <<<You say "buffer attacks" .. What Steve said was "buffer overflow" (exploits) .. you'll find documentation of this type of thing on most of the links I earlier provided. A firewall hs nothing to do with a "buffer overflow" situation. The XP firewall is just barely better than nothing at all.>>> I am definately a little confused on the buffer thing but this is something Norton stopped one night and it is what is confusing me. I can find something similar on the net identified (cant remember where now) but it was not this exact wording. I am just curious how common this type of thing is, I guess "a computer with the IP address 127.0.0.1 sent information of the HTTP_Active_Perl_Overflow attack." <<<After running a search on a search engine and clicking on a link provided by the search engine a browser window attempts to open but the firewall (norton) stops it, what are the possible causes? just a hint would be helpful :-). Marketing folks are the root cause of popup ads. Norton's firewalls (which one and version are you using?) can block popup ads. >>>> Yes, marketing ads are irritating. But it is not marketing sites that I have found the odd things on. I found a good example of my question yesterday by accident. I have 2 spam emails (spam being stretched well beyond the marketing meaning) which are about two months old or so. I decided to parse them here just for curiousity but first I forwarded them as an in-line attachment just so I could look at them. Neither one of them have an attachment. Both of them caused Norton respond and idiot that I am I only wrote down this so I am not sure what the problem was now. "219.129.20.208:808 using port 3154 location China" It shows in my log book where "This one time, user has chosen to block communication". I am just curious also why an individuals personal website can also cause Norton to respond (although it has been a long while since I have been to those sites and do not remember the what the security alert was about. <<<I feel strange, you wanted me to be more specific, but ask Steve for "hints" ... >>> I need at least hints when I am nearly clueless so I can at least get a good starting point on the answer. If I have a little better grounding on the subject I need more specifics so I can rule out the various things that can happen on the net and why they happen. ;-), that is why I call it a personal study, it goes beyond just a couple off-the-cuff questions. And thank so all of you, not only to those who have responded but also to the services of Spamcop. The parser thingy alone it a lot of fun to play with :-).
  7. Bri

    Troubleshooting Bri's PC

    <<< ..Not sure about the CTRL-ALT-DELETE thingy. I would presume that a virus program running on your PC could intercept the CTRL-ALT-DELETE transmission and use it for its own purpose (such as deleting files or wiping a hard disc) but I thought Microsoft wrote Windows so that could not happen. Still, I suppose a virus could do something to some internal Windows component that would defeat whatever precautions Microsoft took ... I would guess using a buffer overflow or insecure privileged usercode or something along those lines. >>> ahhh yes, that would accomplish it considering the firewall would stop the buffer attack if installed. How successful is the standard firewall that resides in the XP operating system in stopping a buffer attack? <<<My question would be can something like this be written into a webpage?...Sure! It could be on the web page as a file with any extension that you have associated with Word (.dot, .doc, .rtf, .wri, etc). There might be some scripting around it that would cause it to be executed without your having to take any action other than to open the web page (or e-mail).>>> bingo 3, thank you After running a search on a search engine and clicking on a link provided by the search engine a browser window attempts to open but the firewall (norton) stops it, what are the possible causes? just a hint would be helpful :-). <<<QUOTE (Bri [at] Feb 26 2004, 09:48 PM) Thank you Turet, ...It's Steve (not Turet). See my sig. >>> thank you steve, I am not a common visitor to forums and used the abbreviation common to my on-line "world", no insults intended.
  8. Bri

    Troubleshooting Bri's PC

    Thank you Turet, I have read of this one and others at the same site. But all indications that I have found state that it is received through email. My question would be can something like this be written into a webpage? I am also aware that email transferred crud can delete files on a hard drive, the latest variation of MyDoom being a prime example. I remember reading of one in particular (that I cannot remember) that will delete a hard drive immediately if CTRL_ALT_DELETE is hit. Again the question would be the same, can something be written into a webpage that would accomplish the same thing? Knowing that windows and all its flaws can cause some strange things to happen, how common is it for doing a CTRL_ALT_DELETE because of a system freeze results in a hard-drive wipe?
  9. Bri

    Troubleshooting Bri's PC

    <<<Lots and lots of details, and some a lot more specific than you probably wanted. >>> yes, I am fairly certain I am familiar with some of these sites and certainly with the things that caught my eye first. I certainly will visit a couple couple again in the travels I am sure :-). Thanks for the links, I will add them to the list.
  10. Bri

    Troubleshooting Bri's PC

    yes, ok, for arguments sake that is what is happening. Is there a place on the web that I can access real info regarding any issue that looks like this or can mimic other things like an exploit or a virus that uses a word program.
  11. Bri

    Troubleshooting Bri's PC

    Wazoo, that was all great info but I just have a tiny problem still, I need a place to start that can be a little more specific than you are being at the moment. A bad extension worm/trojan/exploit whatever has ever caused a word program triggered worm/virus/exploit whatever for any reason from mass emailings to individual persons would be quite helpful. I know that covers a whole lot of territory, all I wish is one little clue to anything with a known reason. It does not have to be a widely known reason, just a little known trivia fact would be great :-) .
  12. Bri

    Troubleshooting Bri's PC

    <<<So in your specific example of "clicked on something and Word started", we'd have to know your list of file type/extensions that you've got connected to use Word as their handling application. Like a .TXT file would normally be defaulted to use Notepad, but you may have changed your system to use Word on .TXT files. "We" can't tell from here what connections you've made within your system. >>> At this point I am taking any educated guess that it is not a good connection with my Word program and I am sure glad I am fire-walled to my meager ability. Which I am guessing would save the majority of "idiot" fire-walled (updated) folks considering the things associated with that link. But then, other "fun" things are being planned along the road so who knows what may pop up next. I know how to recognize the obvious applets, is there a way to place one in a not so obvious way? And what are the potential consequences if so? I dont need them all :-), just need a place to start
  13. Bri

    Troubleshooting Bri's PC

    <<<...Essentially, double-clicking any file that has an extension which is associated with an application will generally open that application. >>> yes, thanks, I was aware of this.
  14. Bri

    Troubleshooting Bri's PC

    <<<so do the war stories<g>>>> From this neighborhood all thanks goes to current and past serviceman who have and will defend our country honorably every day <<<my word program to open without my starting it but I guess I will go for the .DOC thing for the moment There are other file extensions / reasons for it, that one was just the most obvious. >>> Any clues on other reasons? Or is this a trade secret :-)
  15. Bri

    Troubleshooting Bri's PC

    <<<Unlike most conventional spyware, imrworldwide.com's Red Sheriff is loaded as a Java applet embedded in a Web page you visit. Once loaded, it sends information about your Internet usage (how long the page took to load, how long you stayed, etc.) to the parent company, supposedly bypassing firewalls, cookie blockers and the like.>>> yahoooo :-) Bingo number 2. (sorry, I give up on the quote thing) If it would be possible to PM someone that has at least one credible source to speak for them I would happily do so. Otherwise I must stumble around until no one answers me anymore ;-). <<<not knowing what he did,but...case design>>> He did a system restore from the sounds of it but hard to say, you think I am bad at explaining things, let me send you my friend for questions :-). A quick look under add/remove programs shows no virus program I have ever heard of, if fact it would have to not even show up because I recognize all the programs installed. Not saying he took anything out of the hardware-wise, but added with a few other things do you wonder still wonder that I dont ask his advice? <<Hey, it's Windows...stuff happens>> I do shrug off most stuff also, I use a computer for a living and am aware of the various warning messages seen daily using a variety of Windows operating systems with a variety of programs. I am aware that forensics are important and short-lived on the net...not sure what to add after that. What causes the snow...java scri_pt I think but I have not really looked into it? It is not common in my experiece for my word program to open without my starting it but I guess I will go for the .DOC thing for the moment, I am cringing at the thought of the research to find all the answers in that one lol.
  16. Hello all, I am new to the spam fighting scene (I.E. spamcop) but consider myself a veteran in the war. I found this site a week or so ago looking for a way to continue to fight the battle but I have to confess I am a little lost about things that seem to be common knowledge here. Thanks to many informative posts I have figured out what a "parser" is and it has been helpful, thanks to all. I have many questions, but I think my first question would concern Zazinga.com...I received my first spam from this company on february 4, 2004, a who is search showed the domain registered february 3, 2004. The subject of the email was Accuquote, seems the company was "worried" what would happen to my family if I died. Since I know exactly when the email address in question was compromised I have kept a close eye on it for reasons of my own (I do not use email often and I am more careful than the average bear which means I have a very small "spam" problem). I receive spam on an irregular basis now from the company (which of course I have never subscribed to) and have noticed a relationship between the spam topics and radio ads. I have an ISP that states it has a spamguard service but I laugh a lot............Has anybody else received spam from this company and noticed the dates on the spam versus the domain date? I also receive a type of spam that as the main subject includes drug ads (or whatever, penis enlargements seem to be a fun topic also) but if I highlight the page I see a series of quotes (non-related to each other) but I also receive the same spam without the quotes. Does anyone else get the spams with the quotes? Sorry if I sound totally clueless, but knowledge starts at zero and moves up
  17. Bri

    Troubleshooting Bri's PC

    I am in a place I no longer wish to mention on a public forum :-). I would also liked to amend a statement, there is surely someone (live) around me somewhere that knows what port 25 (among other things) is, but no-one I have found that has the desire to educate me nor the knowledge to help me put pieces into place. Of course, that is assuming I had the correct pieces to begin with , I am sure some may argue not and they may be correct. A side story, a friend lives in a small town that has a new computer shop set up. I have worked on her few computers for years. I quit doing this last year because she and her kids refused to learn how to update the virus protection and insisted on downloading any crud they came across. The last time the computer quit (last month) she took it to the new guy. He forgot to put the sound card back in (no clue why he had it out anyway) and installed a pop blocker and Norton (she never paid for the norton) and Norton does not exist on her computer nor does the blocker. When she started internet banking last week I told her she needed a firewall. She called "her guy" and he says it is not necessary. Aint computer life grand ;-).
  18. Bri

    Troubleshooting Bri's PC

    thank you, I would like to correct one thing though. I am not troubleshooting a pc. ...I had speculated for a few months now....... Because of all of your help I have at least confirmed to myself that some things just happen. I began receiving porn spam during a critical time in this process and just deleted it for months. I found Spamcop a couple weeks ago and after watching you all and others such as spamhaus for a week or so, this looked like my best shot to stop the slugs in my mailbox and continue studying the puzzle. I have not gone to the many tech sites that seemed likely places to ask questions because I knew I was too silly to be helped. I do not think I could do anything about this anyway even if it is true but it really is not in me to not at least try. Since I really did not want to state all this (and more) on a public forum and especially since you all deal with spam topics I tried to keep as close to spam spread stuff as possible knowing the answers would still lie in the technical direction I needed to follow. But you all give so much good information and it led to more questions. I have been unable to find a live body near me that can begin to discuss even port 25 and beyond with me. No one has been missing the mark Wazoo, all things have been helpful in one way or another, problem is, again, that I do not have a specific question perse (sp?). I reread my last message and I sound a little short with you wazoo and I am sorry, you have spent the most time sorting through my questions and it is much appreciated.
  19. Bri

    Troubleshooting Bri's PC

    I apologize again, I have already admitted before I believed I was in the wrong help section but no-one told me I should stop or move so I remained in the thread I started as it pertains to the original reason I asked for help. I also apologize for not having a question that is simply answered, I would again thank all that raised many points that have been extremely helpful. I do not need to be told twice to hush, in fact, I would have dropped the thread if no one had answered for future any future references ;-)
  20. Bri

    Troubleshooting Bri's PC

    ohhh, I think I know where I messed up in the quote thing, sorry again I messed it up and Bingo WB8, you just confirmed a long held suspicion on several fronts, thanks
  21. Bri

    Troubleshooting Bri's PC

    The only reason I discounted this is because because the Steno software only worked bmp to gif, no jpeg support. Of course, it is always possible someone found a way around this. This is definately a path I will attempt to follow. The source of that error message could just have been some glitch that caused the RPC service to terminate unexpectedly. Goodness knows, Microsoft's software isn't perfect. Re the porn and other links popping up, I suggest you use a firewall, Spybot Search&Destroy, and Ad-aware to research possible spyware or adware on your PC. If we focus on msblaster, you don't/didn't/can't get it from a web page .. the only link there would be that your IP showes up that web server's logs as a visitor .. which may have then been used, but ... With updates, you "could" have been protected ... but you could also have been "infected" with something else that changed your system settings, and was not in the anti-virus database as a known "virus" ... again, not all bad things are considered virii ... Your last question "what else could cause the message" I tried to answer with the Google search on your error messge ... If no one else has posted that it came from anything other than the RPC exploit via the ms-blaster, then I'm kind of left that you're looking down a long, lonely country road at this point
  22. Bri

    Troubleshooting Bri's PC

    No, I have been trying to think of a way to phrase my question and I will try again to be more accurate. Please bear in mind I am still talking about the IE message concerning the shutdown of my computer. I bought a computer in late september and as soon as I was able to log into the net I updated the Microsoft software. I then immediately went to Norton and updated the virus definitions. Since I have never had a "world-wide" (not to mention the run-o-mill type) virus/worm/trojan/backdoor ever found on any computer I have ever owned (I am going to allow for one I have forgotten to be accurate, I have owned computers for 10 years now) I was relatively unaware of the names of the newest occurances of said crud. I know when I created my throwaway box; I "know" the few I gave the address to; I know the first site that caused me to create the address and I know when the porn spam started. Coincidences.......among others.....and because of the timespan of all these events which includes the release of the blaster worm compared to the message I have received in relation to all....... I am still totally lost on what happened. I can pinpoint 4 times exactly that I opened that computer up to things I can not even comprehend (yet). 3 times involve jpegs (not porn) and one time involved an http link to a site that had 3 button links to advertising for realty. The links did not exist after a very brief time. I have read a lot of the blaster links you kindly provided and have found nothing I was unaware of to this point. My questions remain within my last two posts and do not deal in any way with copywrited etc. material of my own (although that has been another path I have watched for a time, seems to be quite the catagories of odd people running around). My first question now is "what causes a message like that other than the blaster worm" keeping in mind all your links correspond with my reading. If I am to understand all the posts and warnings I would assume that with updated virus/microsoft in the month of sept/oct 2003 I would be protected from the blaster. I also assume from the posts that even if I had downloaded it somehow that a Norton scan in late sept/early oct would have pinpointed it on my system. My second question is "where do I find information regarding the the early dissection of the MY doom virus that seems to point to a porn pic and was the pic thought to be a Jpg or an html or bitmap or etc? Thank you Wazoo, I know I am a pain but dang, it is really hard to get someone to actually have a conversation with and has decent links to information :-)
×