mshalperin Posted July 18, 2004 Posted July 18, 2004 Whenever I login to the webmail site I get the following message: "Last login: Sun 18 Jul 2004 05:33:20 PM EDT from 1800specialoffers.com" What's with the 1800specialoffers.com??? My ISP is RoadRunner.
StevenUnderwood Posted July 19, 2004 Posted July 19, 2004 This should probably be moved to the lounge, as it is not directly email related. That line is telling you the IP address that webmail saw you making a connection from the last time you logged in. My bet is that you have one of the link tracker programs on your machine which proxy all of your web traffic through them. Sometimes this is done on purpose to get the great deals they will sent you (usually in pop up ads while you browse), but most of the time it is because someone went to a site without adequate protection setting on their browser and an unscroupulous website decided to change your network configuration to track your every move. There are a couple of different programs I use to clean this type of problem, both are free for home use. http://www.lavasoft.de/ will get you to Ad-aware. http://www.safer-networking.org/ will get you to Spybot-Search & Destroy. There are other similiar programs available as well. Good luck and post back with your results.
mshalperin Posted July 19, 2004 Author Posted July 19, 2004 This should probably be moved to the lounge, as it is not directly email related. My bet is that you have one of the link tracker programs on your machine which proxy all of your web traffic through them. Thanks. I'm not sure how to move this topic. I have spyware programs (PestPatrol and ZoneAlarm) which don't show anything. However, on a hunch I checked my popup blocker - PopupDummy - which has switch to "Enable Adware Protection." When I DISABLE this option I login to webmail with an IP address (I assume to be from RoadRunner). ENABLING the "adware protection" brings back the 1800specialoffers.com. I don't know if this "feature" is an unscroupulous attempt to track me or a side effect of it's intended function, but I will investigate further.
StevenUnderwood Posted July 19, 2004 Posted July 19, 2004 Moving the topic was aimed at one of the moderators. ou do not have that capability. You have probably hit on the "problem". That popup blocker might be protecting you by having all messages route through their servers. I had never thought about how those work...always assumed a local lookup table type of system.
Wazoo Posted July 19, 2004 Posted July 19, 2004 Moving the topic was aimed at one of the moderators. And his aim was good! <g> Interesting anomoly, the source site for this software makes no mention of this "additional benefit" ... SpyChecker makes no mention of this on their listing page ... so the only suggestion I could offer is to go to http://www.dummysoftware.com/contact.html and make note that there seems to be something a bit fishy going on ....
mshalperin Posted July 19, 2004 Author Posted July 19, 2004 You have probably hit on the "problem". That popup blocker might be protecting you by having all messages route through their servers Actually, it isn't PopupDummy - further testing after deleting it didn't get rid of the 1800specialoffers.com. There were some random logins without it which I prematurely interpreted as being related to the adware protection feature. I ran Spybot in addition to PestPatrol and deleted some other detected problems but this didn't help either... Interesting anomoly, the source site for this software makes no mention of this "additional benefit" ... SpyChecker makes no mention of this on their listing page ... so the only suggestion I could offer is to go to http://www.dummysoftware.com/contact.html and make note that there seems to be something a bit fishy going on .... I contacted them and got a quick response from the author (Kory Becker) who indicated that PopupDummy does't filter connections and has no relationship with 1800specialoffers.com. If it's spyware, the adware protection feature should help, not cause the probem. Whatever the source, I'm not finding it. Maybe I'll try Ad-Aware also (am I getting too obsessive?). Moderator Edit: Based on data provided in Linear Post #24, this post was edited to correct data posted in error.
Merlyn Posted July 19, 2004 Posted July 19, 2004 It took me hours to remove it from a clients computer. I believe it's almost the same as the onlythebest worm.
Wazoo Posted July 19, 2004 Posted July 19, 2004 Whatever the source, I'm not finding it. Maybe I'll try Ad-Aware also (am I getting too obsessive?). You'll find that there are a number of tools out there, and they all do things a bit differently, find different things, etc. If AdAware (and remember to update the databases on all of these tools before running) doesn't come up with something, then the next suggestion may be something like HiJackThis ...
mshalperin Posted July 20, 2004 Author Posted July 20, 2004 I suggest you check your HOSTS file What is the HOSTS file?
Wazoo Posted July 20, 2004 Posted July 20, 2004 What is the HOSTS file? 13609[/snapback] I'm not sure of the connection made .. but the HOSTS file is a text file that Windows will look at .. it's normally used to block / redirect traffic during a DNS look-up .. If you are on a Windows platform, do a Find / Search for a file HOSTS.SAM which is the "sample" file provided by Microsoft. If you have made your own (or had some nice application along the way set one up for you) you will find a file named HOSTS (no file extension) ... This file is normally used to block traffic to certain locations ... and once again, Google has many answers and examples out there for you.
Merlyn Posted July 20, 2004 Posted July 20, 2004 Look in the C:\Windows Directory or/and Look in C:\WINDOWS\SYSTEM32\DRIVERS\etc for a file calld hosts without an extension. Open it up with notepad and let us know whats in there. Not hosts.sam because that is a sample file. Just the one without the extension.
mshalperin Posted July 20, 2004 Author Posted July 20, 2004 for a file calld hosts without an extension This is the complete contents of th HOSTS file. The file date suggests it hasn't been altered since the initial installation of the system. (LMHOST.SAM gave a much more detailed explanation.) ____________________________________________________________________ # Copyright © 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ___________________________________________________________________ I'm not sure what the above "localhost" refers to - I'm not connected to any network other than the internet (through a Netgear router which currently isn't connected to any other computer.)
Wazoo Posted July 20, 2004 Posted July 20, 2004 With the date identified and the contents listed, it would appear that you offered up the contents of the Hosts.sam file .. the 127.0.0.1 is Internet Protocol talk for "this computer" ... anyway, if this is the HOSTS file (again, apparently a direct copy of Hosts.sam), then as suspected above, this has nothing to do with your original issue. Back to running the other spyware / trojan checkers.
zachariah Posted July 23, 2004 Posted July 23, 2004 I feel its appropriate to suggest downloading and installing Firefox and logging in (and back out and back in) to see if you get a different "last logged in from" message. At the same time you may consider using Firefox as your main browser from now on (after you're done using it to test the current issue you're trying to fix). How to switch from IE to Firefox. Why use Firefox. (my apologies if in the end this ends up that your issue was not caused by IE's security problems, but I'm betting that it is, and you can avoid them buy using Firefox as well as other software listed at the link in my signature below)
Landi_specialoffers_com Posted November 17, 2006 Posted November 17, 2006 Actually, it isn't PopupDummy - further testing after deleting it didn't get rid of the 1800specialoffers.com. There were some random logins without it which I prematurely interpreted as being related to the adware protection feature. I ran Spybot in addition to PestPatrol and deleted some other detected problems but this didn't help either... I contacted them and got a quick response from the author (Kory Becker) who indicated that PopupDummy does't filter connections and has no relationship with specialoffers.com. If it's spyware, the adware protection feature should help, not cause the probem. Whatever the source, I'm not finding it. Maybe I'll try Ad-Aware also (am I getting too obsessive?). Hi guys, I just wanted to clear the record a bit: ww w. special offers. com has absolutely NOTHING to do with 1800specialoffers.com or other companies with "special offers" in the domain /return mailing address. I know it's easy to confuse them so no hard feelings; in fact I get many emails from people asking to be taken off the "list," even though I haven't sent an email in years. Please use the contact form [at] ht tp:// ww w.special offers. com/co ntact/ for any question, clarifications or comments. sincerely, Landi Gjoni
Wazoo Posted November 17, 2006 Posted November 17, 2006 Hi guys, I just wanted to clear the record a bit: ww w.special offers. com has absolutely NOTHING to do with 1800specialoffers.com or other companies with "special offers" in the domain /return mailing address. I know it's easy to confuse them so no hard feelings; in fact I get many emails from people asking to be taken off the "list," even though I haven't sent an email in years. Please use the contact form [at] ht tp://ww w.specialo ffers.com/co ntact/ for any question, clarifications or comments. I fail to see where anyone made a mis-connection within this Topic/Discussion. This actually looks like an attempt to spamvertise some other site. Later Edit: OK, these tired eyes finally noted that the connection was made in a reply made by yet another company about thier product .. crap .. even that isn't totally true ... it's an 'offered translation/snippet' from yet another un-seen e-mail between a forum user and another third-party application representative .... Off to do some research to see if anyone can figure who might be lying, acting more confused than I, or has simply got their facts wrong .. geeze .....
Farelf Posted November 17, 2006 Posted November 17, 2006 ...I fail to see where anyone made a mis-connection within this Topic/Discussion.... I think the mshalperin quote given can be construed as (at least) an incautious bundling of the two. IME a "right of reply" exists. [And I did a quick background check]
Wazoo Posted November 17, 2006 Posted November 17, 2006 PM sent: http://forum.spamcop.net/forums/index.php?showtopic=2131 has some current dialog based on your text offered as a bit of communication between yourself and someone else. Time has gone by, but the issue remains .... a typo on your part? a lie by someone else? something else going on? It is noted that the "problem" was never addressed as being "cleared up" ....
Landi_specialoffers_com Posted November 17, 2006 Posted November 17, 2006 I fail to see where anyone made a mis-connection within this Topic/Discussion. This actually looks like an attempt to spamvertise some other site. Later Edit: OK, these tired eyes finally noted that the connection was made in a reply made by yet another company about thier product .. crap .. even that isn't totally true ... it's an 'offered translation/snippet' from yet another un-seen e-mail between a forum user and another third-party application representative .... Off to do some research to see if anyone can figure who might be lying, acting more confused than I, or has simply got their facts wrong .. geeze ..... I apologize if it seemed like I was advertising; it was not my intention--especially not on a spam fighting forum. The reason I decided to post was that, while the post says that the names are not connected, it's easy for the average person to make a connection. "Special__offers_com" or 1800_special_offers may seem the same to the average guy, and spam has negative connotations. I just wanted to clear that up. Landi
Wazoo Posted November 17, 2006 Posted November 17, 2006 Forums, blogs, and such are the latest targets for both spammers and kiddies-with-scripts ... trying to stay ahead of all that leads to certain conditions .... your selection of a username caught my attention, seeing a new post to an 'old' Topic was another one of those sneaky ways the idiots try to sneak their spam in (not understandng that a new post bumps the Topic to the top of the list) .... read you post, read the Topic several times and didn't see the connection ... made the first call, went back to other things I had open .. came back and used tools ... thus leading to the follow-on actions .... As noted, there was a typo/mis-copy involved, the anti-ware vendor intentionally mis-lead in that reply, or ..??? Worst case, having to admit that myself or the Moderators didn't catch that bit of data when it was posted .. for that I have to apologize .... one of us should have caight that bit of different data at the time ... Intended action .. either edit the original post and/or follow-up with that vendor to see what's really being stated by them .... research first though ....
mshalperin Posted November 17, 2006 Author Posted November 17, 2006 I apologize if it seemed like I was advertising; it was not my intention--especially not on a spam fighting forum. The reason I decided to post was that, while the post says that the names are not connected, it's easy for the average person to make a connection. "Special__offers_com" or 1800_special_offers may seem the same to the average guy, and spam has negative connotations. I just wanted to clear that up. Landi I originally started this thread in July 2004 because I would get a message from the SpamCop Webmail site that I had logged on from "1800Specialoffers.com." I got the same feedback from other sites as well. It turned out to be due to my assigned static IP address having this as its reverse DNS listing (but no forward DNS listing for 1800Specialoffers.com). Presumably, this entity once used this IP address and didn't get cleared out of the reverse DNS. DNSstuff.com had that IP address listed as on one or more spam BL's under that name as well. I got a new IP address and this issue was resolved.
Wazoo Posted November 17, 2006 Posted November 17, 2006 I originally started this thread in July 2004 because I would get a message from the SpamCop Webmail site that I had logged on from "1800Specialoffers.com." I got the same feedback from other sites as well. It turned out to be due to my assigned static IP address having this as its reverse DNS listing (but no forward DNS listing for 1800Specialoffers.com). Presumably, this entity once used this IP address and didn't get cleared out of the reverse DNS. DNSstuff.com had that IP address listed as on one or more spam BL's under that name as well. I got a new IP address and this issue was resolved. Thanks for closing the issue first raised .... but the current question deals with the data you provided in your Linear Post #6 ... specifically; I contacted them and got a quick response from the author (Kory Becker) who indicated that PopupDummy does't filter connections and has no relationship with specialoffers.com. most everywhere else, you used 1800specialoffers .... The question is ... did you mistype, did the vendor lie/misdirect to you, is there yet more to the story ...???
mshalperin Posted November 17, 2006 Author Posted November 17, 2006 Thanks for closing the issue first raised .... but the current question deals with the data you provided in your Linear Post #6 ... specifically; most everywhere else, you used 1800specialoffers .... The question is ... did you mistype, did the vendor lie/misdirect to you, is there yet more to the story ...??? At the time it appeared to me that I didn't get the "logged on from 1800Specialoffers.com" message if I turned off an addware blocking feature of PopupDummy. On your advice I contacted the PopupDummy author who could see no connection. With more investigation, the association with PopupDummy settings was spurious - just random. There is no connection between 1800Specialoffers.com and PopupDummy or any other vendor.
Wazoo Posted November 17, 2006 Posted November 17, 2006 Based on this last post, Linear Post #6 was edited to correct data posted in error. PM sent, once again apologizing for the fact that no one caught the error at the time of the discussion.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.