I am threatened ... and scared. Help, please

[Guest]

I get back to you, because since my last contact (since I opened tha attach
then) I got a trojan horse (deleted by AVG), an empty message of which I copy
here the full headers, and a strange one with an attach that cannot be
scanned by Yahoo (I reported it to them).

Do you still think it is halphazard? Of course I have a firewall (Kerio) and
I have a DSL connection. I did what you suggested, but is there not an IP
address attached to my own computer?

Can you tell me where this email comes from? And if the sender is related to
the previous one? I leave one personal info because maybe you need it.

From [email protected] Tue Dec 13 09:26:21 2005
X-Apparently-To: (e-mail address removed) via 209.191.85.31; Tue, 13 Dec 2005
09:26:19 -0800
X-Originating-IP: [65.163.27.234]
Return-Path: <[email protected]>
Authentication-Results: mta116.mail.dcn.yahoo.com from=.readyhosting.com;
domainkeys=neutral (no sig)
Received: from 65.163.27.234 (HELO qmail.readyhosting.com) (65.163.27.234)
by mta116.mail.dcn.yahoo.com with SMTP; Tue, 13 Dec 2005 09:26:19 -0800
Received: (qmail 21634 invoked by uid 7797); 13 Dec 2005 17:26:21 -0000
Date: 13 Dec 2005 17:26:21 -0000
Message-ID: <[email protected]>
From:
CC:
Delivered-To: ME (previous email)
Received: (qmail 21593 invoked by uid 7801); 13 Dec 2005 17:26:20 -0000
Received: from 218.0.211.246 by qmail24.readyhosting.com (envelope-from
<[email protected]>, uid 7797) with qmail-scanner-1.25 (spamassassin: 3.0.4.
Clear:RC:0(218.0.211.246):SA:0(1.6/5.0):. Processed in 33.360888 secs); 13
Dec 2005 17:26:20 -0000
X-Spam-Status: No, hits=1.6 required=5.0
X-Spam-Level: +
Received: from unknown (HELO ?218.0.211.246?) (218.0.211.246) by
qmail24.readyhosting.com with SMTP; 13 Dec 2005 17:25:46 -0000
Received-SPF: softfail (qmail24.readyhosting.com: transitioning SPF record
at inbox.ru does not designate 218.0.211.246 as permitted sender)
X-Qmail-Scanner-Message-ID: <[email protected]>
Content-Length: 0

Thanks
_________________________________________________-

 

[David H. Lipman]

From: "JL" <[email protected]>

| I get back to you, because since my last contact (since I opened tha attach
| then) I got a trojan horse (deleted by AVG), an empty message of which I copy
| here the full headers, and a strange one with an attach that cannot be
| scanned by Yahoo (I reported it to them).
|
| Do you still think it is halphazard? Of course I have a firewall (Kerio) and
| I have a DSL connection. I did what you suggested, but is there not an IP
| address attached to my own computer?
|
| Can you tell me where this email comes from? And if the sender is related to
| the previous one? I leave one personal info because maybe you need it.

< snip >

The two emails are unrelated. This one looks like it emanated from China !

You only provided the Full Header. What was needed in the OTHER email and this email is the
Full Header and Body. It is the raw body that is needed to determine if their is a
"payload" or harmful attachment.

In the mean time, I suggest you scan with the following Multi AV Scanning Tool. Start with
the McAfee module.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *

 

[q_q_anonymous]

I get back to you, because since my last contact (since I opened tha attach
then) I got a trojan horse (deleted by AVG), an empty message of which I copy
here the full headers, and a strange one with an attach that cannot be
scanned by Yahoo (I reported it to them).

Do you still think it is halphazard? Of course I have a firewall (Kerio) and
I have a DSL connection. I did what you suggested, but is there not an IP
address attached to my own computer?

Can you tell me where this email comes from? And if the sender is related to
the previous one? I leave one personal info because maybe you need it.

From [email protected] Tue Dec 13 09:26:21 2005
X-Apparently-To: (e-mail address removed) via 209.191.85.31; Tue, 13 Dec 2005
09:26:19 -0800
X-Originating-IP: [65.163.27.234]
Return-Path: <[email protected]>
Authentication-Results: mta116.mail.dcn.yahoo.com from=.readyhosting.com;
domainkeys=neutral (no sig)
Received: from 65.163.27.234 (HELO qmail.readyhosting.com) (65.163.27.234)
by mta116.mail.dcn.yahoo.com with SMTP; Tue, 13 Dec 2005 09:26:19 -0800
Received: (qmail 21634 invoked by uid 7797); 13 Dec 2005 17:26:21 -0000
Date: 13 Dec 2005 17:26:21 -0000
Message-ID: <[email protected]>
From:
CC:
Delivered-To: ME (previous email)
Received: (qmail 21593 invoked by uid 7801); 13 Dec 2005 17:26:20 -0000
Received: from 218.0.211.246 by qmail24.readyhosting.com (envelope-from
<[email protected]>, uid 7797) with qmail-scanner-1.25 (spamassassin: 3.0.4.
Clear:RC:0(218.0.211.246):SA:0(1.6/5.0):. Processed in 33.360888 secs); 13
Dec 2005 17:26:20 -0000
X-Spam-Status: No, hits=1.6 required=5.0
X-Spam-Level: +
Received: from unknown (HELO ?218.0.211.246?) (218.0.211.246) by
qmail24.readyhosting.com with SMTP; 13 Dec 2005 17:25:46 -0000
Received-SPF: softfail (qmail24.readyhosting.com: transitioning SPF record
at inbox.ru does not designate 218.0.211.246 as permitted sender)
X-Qmail-Scanner-Message-ID: <[email protected]>
Content-Length: 0

Thanks
_________________________________________________-

I've never actually really traced where an email came from, Some of
the information can be forged anyway. It doesn't matter. The
authorities might not do much anyway, and if he gets kicked off his
ISP, he'll join another one and he'll still know your email address. An
email won't harm you unless you are unwise. If you start opening the
email and wondering about the attachment and open the attachment, you
are at risk. Best thing is just to see it's junk email and leave it.

You use Yahoo mail , that's very safe. Don't worry about yahoo's
scans. I never even take it that far. You click 'check mail' in
Yahoo, you get a list of subjects and a paperclip indicating if the
email has an attachment. I don't even open the email to look at the
filename of the attachment. I just delete the email right there.

If your real email address were on usenet, you might get dozens of junk
emails containing trojans in their attachments. It's no threat at all
!! You don't even need to open the email!
Even if you did open the email, it's usually ok, as long as you don't
run the attachment.
If you see junk mail and delete it, you won't get infected by trojans
or viruses from emails, even if you get sent dozens of them!

Suppose for a moment, that you get a trojan on your computer. Most
aren't so bad. But Let's be theoretical and say this is a really
powerful one. So, suppose they have access to data on your computer.
Do you do online banking? Suppose they could control your computer.
Have you seen your CD drives open and close? your mouse move around
the screen?

People get emails containing trojans all the time! Typically junk
email contains trojans, it just comes under the category of junk mail

Look at the subject of the email, it's obvious when it's junk. If it's
got an attachment then it better have a VERY CONVINCING subject for me
to open it!


Most trojans slow down your computer. The problem with that is that it
makes you less productive. Your worries are making you less
productive, and causing you more damage than anything. If you look at
what is actually happening to your computer, you'll see that nothing
has happened to raise your concern. You just received some mail that
you're not interested in reading, and it has attachments..

Suppose you get an email with a convincing subject, frmo somebody that
you know and that sends you these things, and you like them, so, you go
as far as opening the email. And you see the filename of the
attachment, and maybe yahoo has scanned it, You see the filename is
something like Program.EXE So that's obviously dodgy!!
Typically, the only attachments I'd open are from a friend, and they'd
be something .jpg or .mpg i.e. a picture or video. I may send
pictures and videos in return! If I was really concerned, I'd email
the guy back, and say, "hey, did you send this email - attachment
called .... what is it? are you sure it dopesn't have a virus"



Look at the email address in the return path of the header

(e-mail address removed)

Do you know somebody of that name? Looks like an unusual email address
to me! You could send them an email and ask them. It's probably a
fake email address.

But best thing is just to leave it. You don't want to spread your
email to spammers


You did make a mistake here though. In the email header you pasted ,
you included your email address

You see it says
"X-Apparently-To: jen..................yahoo.com"

so, you may get spam, because some spammers scan usenet for peoples'
email addresses. You may get lots of junk email with attachments.

If it gets *really* bad then change email addresses. Then you'll
definitely lose whoever is targetting you

The Kerio firewall may cause you more hassle than it saves you.
Because it'lll ask you lots of questions. You might be best off to
not sorry, and use the windows firewall. And to really on the safe
side, you might avoid online banking just in case.

Most people only worry about their computer if they SEE things are
going bad, like the computer suddenly slows down. Or, they get adverts
popping up when they browse, e.t.c.

 

[Guest]

This email is empty.
Date: 13 Dec 2005 17:26:21 -0000
From:
CC:
nothing else

The previous one: I have to capy I don't know how to get all the info
From: PME [[email protected]]
To: ME (the same previous email that is closed now)
Subject: POA
Attachments: the one I copied in my last contact

Body:
This message sent using Spam Arrest Confirmed Delivery!
Visit http://www.spamarrest.com/ and Take Control of Your Inbox®

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.3/174 - Release Date: 11/17/2005

with a logo spamarrest confirmed delivery. I didn't click on it.

You gave me a lot of work, I start now! Remember that Prodigy told me not to
worry about it !

From: "JL" <[email protected]>

| I get back to you, because since my last contact (since I opened tha attach
| then) I got a trojan horse (deleted by AVG), an empty message of which I copy
| here the full headers, and a strange one with an attach that cannot be
| scanned by Yahoo (I reported it to them).
|
| Do you still think it is halphazard? Of course I have a firewall (Kerio) and
| I have a DSL connection. I did what you suggested, but is there not an IP
| address attached to my own computer?
|
| Can you tell me where this email comes from? And if the sender is related to
| the previous one? I leave one personal info because maybe you need it.

< snip >

The two emails are unrelated. This one looks like it emanated from China !

You only provided the Full Header. What was needed in the OTHER email and this email is the
Full Header and Body. It is the raw body that is needed to determine if their is a
"payload" or harmful attachment.

In the mean time, I suggest you scan with the following Multi AV Scanning Tool. Start with
the McAfee module.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *

 

[David H. Lipman]

From: <[email protected]>

< snip >

|
| Most trojans slow down your computer. The problem with that is that it
| makes you less productive. Your worries are making you less
| productive, and causing you more damage than anything. If you look at
| what is actually happening to your computer, you'll see that nothing
| has happened to raise your concern. You just received some mail that
| you're not interested in reading, and it has attachments..

< snip >

Slow downs are not really what Trojans do. It may just be a side effect by the number of
infectors or what they are doing. Trojans have a payload they have an ction to be performed
once installed on a victims computer. What separates a Trojan from a Virus is that a virus
self-replicates while Trojans use external means to replicate or spread.

Trojans have many sub-classes such as ; Downloaders, Keyloggers, Proxy services, DDoS and
DoS, Password Stealers, Porn Dialers, and the list goes on.

Your statement trivializes their activity. Trojans can be *very* bad !

A Keylogging Trojan can capture all the keystrokes you enter and send them to a thrird
party. That means if you went to your Bank or Credit Card company on the web. The
Leylogger now has the account and password and your money could be stolen.

A Password Stealing Trojan will get account passwords and capture them to be sent "home"
where the xreater can then login to those accounts to steal propeietary information or data.

A Downloader Trojan will go out and download peer software could be adware/spyware, virues,
other Trojans, yada, yada...

Trojan Proxy services could turn your PC into a spam zombie or web surfing zombie.

Distributed Denial of Service/Denial of Service will coordinate attack(s) on web sites.

Porn Dialiers can cost you by dialing 900 numbers or "off shore" numbers and you won't know
until you get your phone bill.

 

[Guest]

Starting the job. I have all the files in C:\AV-CLS. I get .kix files, some
..dll and more. apparently Windows doesn't know what .kix is... me neither.
Which ones do i have to choose?
Can you help?

From: "JL" <[email protected]>

| I get back to you, because since my last contact (since I opened tha attach
| then) I got a trojan horse (deleted by AVG), an empty message of which I copy
| here the full headers, and a strange one with an attach that cannot be
| scanned by Yahoo (I reported it to them).
|
| Do you still think it is halphazard? Of course I have a firewall (Kerio) and
| I have a DSL connection. I did what you suggested, but is there not an IP
| address attached to my own computer?
|
| Can you tell me where this email comes from? And if the sender is related to
| the previous one? I leave one personal info because maybe you need it.

< snip >

The two emails are unrelated. This one looks like it emanated from China !

You only provided the Full Header. What was needed in the OTHER email and this email is the
Full Header and Body. It is the raw body that is needed to determine if their is a
"payload" or harmful attachment.

In the mean time, I suggest you scan with the following Multi AV Scanning Tool. Start with
the McAfee module.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *

 

[David H. Lipman]

From: "JL" <[email protected]>

| Starting the job. I have all the files in C:\AV-CLS. I get .kix files, some
| .dll and more. apparently Windows doesn't know what .kix is... me neither.
| Which ones do i have to choose?
| Can you help?
|


< snip >

As the above says...

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

 

[Guest]

Do you have more bad news for me? )) Of course I will not respond that
email. I had deleted it... then thought it could be harmful and sent it to
you.

My computer is not slow and the mouse acts normally. BUT I have to use
online banking since I live "abroad" with a very slow and erratic mail
service. I am going to contact my bankers.

How can I know which category is the trojan? Or virus or whatever. My yahoo
email is an alternate. The main one is google and I receive the emails in OL
XP through Spambayes and secured email.

Still trying to work on your tasks. I have already disabled my firewall.
Right, it is headache when it starts asking questions!

 

[q_q_anonymous]

From: <[email protected]>

< snip >

|
| Most trojans slow down your computer. The problem with that is that it
| makes you less productive. Your worries are making you less
| productive, and causing you more damage than anything. If you look at
| what is actually happening to your computer, you'll see that nothing
| has happened to raise your concern. You just received some mail that
| you're not interested in reading, and it has attachments..

< snip >

Slow downs are not really what Trojans do. It may just be a side effect by the number of
infectors or what they are doing. Trojans have a payload they have an ction to be performed
once installed on a victims computer. What separates a Trojan from a Virus is that a virus
self-replicates while Trojans use external means to replicate or spread.

Trojans have many sub-classes such as ; Downloaders, Keyloggers, Proxy services, DDoS and
DoS, Password Stealers, Porn Dialers, and the list goes on.

Your statement trivializes their activity. Trojans can be *very* bad !

A trojan could be used to wipe your computer, do anything. But there's
no popular trojan i've heard of that does that.

Also. In all These cases, regarding emails, you'd have to Run the
attachment. Best thing to do is delete the email! Don't even bother
opening junk, but let's look at these trojans.


Downloaders??? doesn't sound dangerous to me!

Key Loggers? Well, it's safest not to do online banking, just in case.
But do you see hundreds of stories of credit card details stolen from
trojan key loggers? Most credit card details are probably stolen by a
stupid fraudulent email saying this is your bank, your accoutn needs
refreshing, please enter your details here.
Most trojans in the wild wouldn't be key loggers. They are for fun,
mischief , like controlling peoples' computers. Most script kiddies
aren't scanning through 100,000 key strokes in a text file!
The guy that sent her an email just said he had her ip and knew when he
read her email. This doesn't look like Einstein behind a computer.
And the scary email she is worrying about is mostly junk mail, as you
said, one appears to be from china - or something to do with los
angeles and china. Though it could be done by proxy, so who knows.
Just she shouldn't open attachments or even bother opening junk mail.


Proxy services? doesn't sonud dangerous to me - so they'd use the
infected computer to 'attack' another computer, thus hiding their own
identity.

DDOS - oh, they'll use her infected computer and 900 other peoples'
computers to attack Yahoo.com at 9am wednesday morning for 2 hours.
oh no!!
Maybe The DDOS would slow down her internet connection, or use
processing power, now that would be a nuisance!

Password Stealers - yeah, it's theorietically possible. in a worse case
scenario, very rare. Some trojan that is not your typical garden
trojan, is transmitting that. It could be transmitting anything. She
has a firewall that might pick it up. But what you are talking about
is not true to real life. She is receiving lots of junk mail and one
idiot that boasts how he knows her IP address.

A Keylogging Trojan can capture all the keystrokes you enter and send them to a thrird
party. That means if you went to your Bank or Credit Card company on the web. The
Leylogger now has the account and password and your money could be stolen.

unlikely that she has that. Most people don't get trojans passing
their accoutn details aroudn. To be cautious, it's best not to use
online banking. Anyhow, where would it transfer her money? to some
other suckers account, so how's he gonna get the money out of that one?

The person targetting her would have to be a thief with a machine to
make his own bank cards and take money from an ATM machine. So
supposing he has those life skills and hacking skills. He's a master!
So like any fraud case, she looks at her bank statements or balance.
contacts her bank and says she didn't buy 1000 dollars worth of peanuts
in timbuktoo , and the bank says of course she didn't, and they deal
with it.

When you go to buy something at a shop, and use a card, the guy behind
the till could duplicate the card. **Now that is very common.**
trojan keyloggers passing your bank details to a professional 'real
life' thug thief is really almost unheard of! Have you see most of
these money laundering schemes in the email, they're really dumb.
Criminal thugs aren't master hackers. And if a thug has hired a master
hacker to get her, then maybe they'll succeed in a far cleverer way.
And why would the thug go to all that trouble. He could God forbid,
mug her. A lot less stress.

A Downloader Trojan will go out and download peer software could be adware/spyware, virues,
other Trojans, yada, yada...

ah, downloader trojans, Viruses. In all te time i've had my computer,
the few times i've had a virus, my computer has acted oddly enough for
me to do a virus check. Very rare for a computer to run smoothly when
it whas a virus. Big deal, what's a virus going to do? You should
have a backup anyway. Viruses don't infect Data. They infect programs,
which you can always reinstall anyway. Soem viruses wipe the hard
drive on a certain day at a certeain time. So she can run a virus
checker if she's really worried.

The average person probably has loads of trojans on their computer ;-)
What happens to them BOO oooooooh "Stick 'em up"
I think people should be more worried about burglars coming in at night
- now that is scary!

Porn Dialiers can cost you by dialing 900 numbers or "off shore" numbers and you won't know
until you get your phone bill.

Do you even get that on DSL?

With dialup, that could only happen if you weren't online (dialled into
your ISP). So when you disconnect from your ISP, you turn off the
modem!

 

[q_q_anonymous]

Do you have more bad news for me? )) Of course I will not respond that
email. I had deleted it... then thought it could be harmful and sent it to
you.

My computer is not slow and the mouse acts normally. BUT I have to use
online banking since I live "abroad" with a very slow and erratic mail
service. I am going to contact my bankers.

keep an eye on your balance every few days - as you should anyway
I use telephone banking to keep an eye on my balance.
It's FAR more likely that your account details will be stolen when you
buy something from a shop.
Banks deal with that often.

I can almost guarantee you that when your account details do get stolen
(it happens to almost anybody) it'll be some guy in a shop behind a
till that quickly duplicated your card with a criminal machine. Not
somebody that hired an exper hacker to target you.and monitor all the
keys you press on your keyboard!!!

How can I know which category is the trojan? Or virus or whatever. My yahoo
email is an alternate. The main one is google and I receive the emails in OL
XP through Spambayes and secured email.

the fact that you haven't see any problems whatsoever besides some
silly emails, indicates that you are being over paranoid.

still, the average concerned person doesn't worry as much as you are
about these things, and the really concerned person wouldn't use
Outlook or Outlook express.
If you're using Outlook Express, you may consider an alternative.
classic alternatives are Pegasus and Eudora,
I never used them 'cos I found them ugly to use. I just discovered
Procomail it's unbelievable, way better to use than outlook express.
It may have some bugs if you have many email accoutns configured in it
though. I haven't tried. But I reocmmend it, it's amazing, nicer than
outlook express. less hassle!!

You could use Web email I have a solution if you find logging in to be
too slow. Email me at the email address I use on usenet, and I can
recmomend you a prog to speed that up(if you were security mad then you
wuoldn't want me to mention the name of the prog on usenet). I do check
that email account sometimes.

Still trying to work on your tasks. I have already disabled my firewall.
Right, it is headache when it starts asking questions!

Good move. But use the Windows firewall. It's not a headache. And will
block many trojans.

I haven't heard of a Single Exploit of the windows firewall! It's
strong.

If you're behind a router, that helps a lot.

 

[David H. Lipman]

From: <[email protected]>

|
|>> Most trojans slow down your computer. The problem with that is that it
|>> makes you less productive. Your worries are making you less
|>> productive, and causing you more damage than anything. If you look at
|>> what is actually happening to your computer, you'll see that nothing
|>> has happened to raise your concern. You just received some mail that
|>> you're not interested in reading, and it has attachments..|
| A trojan could be used to wipe your computer, do anything. But there's
| no popular trojan i've heard of that does that.
|
| Also. In all These cases, regarding emails, you'd have to Run the
| attachment. Best thing to do is delete the email! Don't even bother
| opening junk, but let's look at these trojans.


And if the email uses exploitation code where the vulnerability has not been patched, it can
be auto-executed.


| Downloaders??? doesn't sound dangerous to me!
|
| Key Loggers? Well, it's safest not to do online banking, just in case.
| But do you see hundreds of stories of credit card details stolen from
| trojan key loggers? Most credit card details are probably stolen by a
| stupid fraudulent email saying this is your bank, your accoutn needs
| refreshing, please enter your details here.
| Most trojans in the wild wouldn't be key loggers. They are for fun,
| mischief , like controlling peoples' computers. Most script kiddies
| aren't scanning through 100,000 key strokes in a text file!
| The guy that sent her an email just said he had her ip and knew when he
| read her email. This doesn't look like Einstein behind a computer.
| And the scary email she is worrying about is mostly junk mail, as you
| said, one appears to be from china - or something to do with los
| angeles and china. Though it could be done by proxy, so who knows.
| Just she shouldn't open attachments or even bother opening junk mail.
|


You are naive !
Keyloggers are often used by organized crime to effect identity theft.


| Proxy services? doesn't sonud dangerous to me - so they'd use the
| infected computer to 'attack' another computer, thus hiding their own
| identity.
|
| DDOS - oh, they'll use her infected computer and 900 other peoples'
| computers to attack Yahoo.com at 9am wednesday morning for 2 hours.
| oh no!!
| Maybe The DDOS would slow down her internet connection, or use
| processing power, now that would be a nuisance!
|
| Password Stealers - yeah, it's theorietically possible. in a worse case
| scenario, very rare. Some trojan that is not your typical garden
| trojan, is transmitting that. It could be transmitting anything. She
| has a firewall that might pick it up. But what you are talking about
| is not true to real life. She is receiving lots of junk mail and one
| idiot that boasts how he knows her IP address.
|


Theoretical ? No Actual, and in the wild !

|
| unlikely that she has that. Most people don't get trojans passing
| their accoutn details aroudn. To be cautious, it's best not to use
| online banking. Anyhow, where would it transfer her money? to some
| other suckers account, so how's he gonna get the money out of that one?
|
| The person targetting her would have to be a thief with a machine to
| make his own bank cards and take money from an ATM machine. So
| supposing he has those life skills and hacking skills. He's a master!
| So like any fraud case, she looks at her bank statements or balance.
| contacts her bank and says she didn't buy 1000 dollars worth of peanuts
| in timbuktoo , and the bank says of course she didn't, and they deal
| with it.
|
| When you go to buy something at a shop, and use a card, the guy behind
| the till could duplicate the card. **Now that is very common.**
| trojan keyloggers passing your bank details to a professional 'real
| life' thug thief is really almost unheard of! Have you see most of
| these money laundering schemes in the email, they're really dumb.
| Criminal thugs aren't master hackers. And if a thug has hired a master
| hacker to get her, then maybe they'll succeed in a far cleverer way.
| And why would the thug go to all that trouble. He could God forbid,
| mug her. A lot less stress.
|
|
| ah, downloader trojans, Viruses. In all te time i've had my computer,
| the few times i've had a virus, my computer has acted oddly enough for
| me to do a virus check. Very rare for a computer to run smoothly when
| it whas a virus. Big deal, what's a virus going to do? You should
| have a backup anyway. Viruses don't infect Data. They infect programs,
| which you can always reinstall anyway. Soem viruses wipe the hard
| drive on a certain day at a certeain time. So she can run a virus
| checker if she's really worried.
|
| The average person probably has loads of trojans on their computer ;-)
| What happens to them BOO oooooooh "Stick 'em up"
| I think people should be more worried about burglars coming in at night
| - now that is scary!
|
|
| Do you even get that on DSL?
|
| With dialup, that could only happen if you weren't online (dialled into
| your ISP). So when you disconnect from your ISP, you turn off the
| modem!

Total trivialization of the possibilities of Trojans and their activity. Not a good thing !

And yes a Trojan Dialer can use a FAX/Modem even if you are on DSL, Cable FIOS or Satelite
Internet. This can be quite costly. 25 calls of $25.00 ~ $40.00 per off shore call adds
up. Even 900 numbers at $2.00 ~ $10.00 adds up.

Many Trojans have very bad payloads. Maybe YOU should experience that Backdoor.Haxdoor.

Oh yeah, that's another sub-class of Trojans. Backdoors.

 

[David H. Lipman]

From: "JL" <[email protected]>

| Do you have more bad news for me? )) Of course I will not respond that
| email. I had deleted it... then thought it could be harmful and sent it to
| you.
|
| My computer is not slow and the mouse acts normally. BUT I have to use
| online banking since I live "abroad" with a very slow and erratic mail
| service. I am going to contact my bankers.
|
| How can I know which category is the trojan? Or virus or whatever. My yahoo
| email is an alternate. The main one is google and I receive the emails in OL
| XP through Spambayes and secured email.
|
| Still trying to work on your tasks. I have already disabled my firewall.
| Right, it is headache when it starts asking questions!
|

All scanners will generate logs.

You are starting with the McAfee Scanner. The log is; C:\AV-CLS\McAfee\ScanReport.HTML

Please copy and Paste the contents of the log in your reply.

 

[q_q_anonymous]

From: <[email protected]>

|

|>> Most trojans slow down your computer. The problem with that is that it
|>> makes you less productive. Your worries are making you less
|>> productive, and causing you more damage than anything. If you look at
|>> what is actually happening to your computer, you'll see that nothing
|>> has happened to raise your concern. You just received some mail that
|>> you're not interested in reading, and it has attachments..
|
| A trojan could be used to wipe your computer, do anything. But there's
| no popular trojan i've heard of that does that.
|
| Also. In all These cases, regarding emails, you'd have to Run the
| attachment. Best thing to do is delete the email! Don't even bother
| opening junk, but let's look at these trojans.


And if the email uses exploitation code where the vulnerability has not been patched, it can
be auto-executed.

yeah, I read once that it was possible for OE to receive an email that
formatted the computer before you even open it. But fortunately that
didn't happen to 99.999999% of people! I never heard of a single case
of it. And if that happened, news would travel fast.
Best defence against that is not to use OE. I recommended Pocomail to
her, I use it myself. Wonderful to use and more secure than OE. I don't
like eudora or pegasus that much for usability.
But no real need to defend against that since it hasn't happend to
anybody.
I'd use pocomail anyway 'cos I love it, it's even nicer to use than OE.
I haven't tried any fancy features though.

| Downloaders??? doesn't sound dangerous to me!
|
| Key Loggers? Well, it's safest not to do online banking, just in case.
| But do you see hundreds of stories of credit card details stolen from
| trojan key loggers? Most credit card details are probably stolen by a
| stupid fraudulent email saying this is your bank, your accoutn needs
| refreshing, please enter your details here.
| Most trojans in the wild wouldn't be key loggers. They are for fun,
| mischief , like controlling peoples' computers. Most script kiddies
| aren't scanning through 100,000 key strokes in a text file!
| The guy that sent her an email just said he had her ip and knew when he
| read her email. This doesn't look like Einstein behind a computer.
| And the scary email she is worrying about is mostly junk mail, as you
| said, one appears to be from china - or something to do with los
| angeles and china. Though it could be done by proxy, so who knows.
| Just she shouldn't open attachments or even bother opening junk mail.
|


You are naive !
Keyloggers are often used by organized crime to effect identity theft.

She is worried about 1 guy sending her an email boasting that he knows
her IP and the date and time she read the email. Anybody who knows
about computers would laugh at him making that boast.

So she is no more likely to have a keylogger than any other user. This
guy that she says she knows, that sent the email is not likely to be a
member of an organized crime squad. It doesn't look like it either
given his silly email! So she's in the same bag as everybody else

And how often do you hear of an average user getting a keylogger on
their computer that sends their bank details to an organised crime
squad?

Come on!! the average user nowadays just gets adverts flashing on the
screen.

But yes, she should scan for viruses and trojans. It's not rocket
science to do that either. No need to make a big meal out of it. Run a
program ilke "trojan remover" and if it says "0 trojans fonud" then
she's fine. And if it says "3 trojans found" then click REMOVE TROJANS.
And she's fine. No need to intentionally set off fire alarms!

Now. suppose the average user has trojans on his computer for a whole
year. How likely is that they get money coming out of their bank
account?? It hasn't happened to anybody I know or anybody that
knows somebody that knows somebody that knows somebody. I'm speaking
to people involved in computers all the time. People that go out fixing
peoples' computers.

If she goes to a place of worship where everybody knows everybody else,
and asks if anybody has had that, she'll probably be told "no"
If she goes to a newsagent where the guy knows everybody elses business
and she asks him if he has ever heard of it, she'll probably be told
"no" - but he has heard of people getting their cards duplicated behind
shop counters - dodgy petrol station.

I'm sure if she contacts her bank , she'll hear her balance and it's
fine.

| Proxy services? doesn't sonud dangerous to me - so they'd use the
| infected computer to 'attack' another computer, thus hiding their own
| identity.
|
| DDOS - oh, they'll use her infected computer and 900 other peoples'
| computers to attack Yahoo.com at 9am wednesday morning for 2 hours.
| oh no!!
| Maybe The DDOS would slow down her internet connection, or use
| processing power, now that would be a nuisance!
|
| Password Stealers - yeah, it's theorietically possible. in a worse case
| scenario, very rare. Some trojan that is not your typical garden
| trojan, is transmitting that. It could be transmitting anything. She
| has a firewall that might pick it up. But what you are talking about
| is not true to real life. She is receiving lots of junk mail and one
| idiot that boasts how he knows her IP address.
|


Theoretical ? No Actual, and in the wild !

It's rare enough that it hasn't happened to anybody I know or anybody
that they know...



ok, let her contact her bank and check her balance.
If she has money being stolen - coming out from that then i'll eat my
hat. Most card details get stolen in shops. far greater security risk

Does this really sound like a woman that isn't aware of what her
balance is?

Banks deal with fraud all the time anyway. So worst case scenario, a
person is in that situation, then the bank deals with it. Stolen card
details cause the same problem and are
typical.

Besides. I'm all for people running a trojan scanner and a virus
scanner. Just not turning it into rocket science. I've never seen a
trojan scanner produce a scan that needed an expert to analyse it. Or
needed expert advice on how to install it. She installed kerio no
problem.

|
|
| Do you even get that on DSL?
|
| With dialup, that could only happen if you weren't online (dialled into
| your ISP). So when you disconnect from your ISP, you turn off the
| modem!

Total trivialization of the possibilities of Trojans and their activity. Not a good thing !

And yes a Trojan Dialer can use a FAX/Modem even if you are on DSL, Cable FIOS or Satelite
Internet. This can be quite costly. 25 calls of $25.00 ~ $40.00 per off shore call adds
up. Even 900 numbers at $2.00 ~ $10.00 adds up.

Many Trojans have very bad payloads. Maybe YOU should experience that Backdoor.Haxdoor.

A trojan can do anything, yes.
In the old days, back when people used dialup, getting a porn dialling
trojan was really an issue. Not with DSL.

You just wrote that it's an issue if they use a FAX/Modem , looks
like you mean a dial up modem. Most people don't have a dialup modem
hooked up to their computers. They just use DSL. Porn diallers aren't
common anymore, less people have dialup modems in theor computers
hooked up to the wall.

I can't comment on if cable can be abused like that. I haven't used it.



There is absolutely no reason to think she has a porn dialler though.

I can tell her that she should be worried about the email that wipes
her computer. But I've never heard of anybody getting it.

She should just run a virus checker and trojan scanner.
The average user may even have a few trojans, they just remove them. No
bank details are stolen.

I do agree that all sorts of things are possibilities. But before
telling a human being that they could have 1000000000 different
illnesses, you should look at the patient and see if there is any
indication that she has 1.

Her whole 'worry' should take less than one hour
Trojan Scan <-- do they take more than an hour? How long
she can go out to the cafe or go to bed adn let it run overnight. Just
like one would for a virus scanner.
My experience is that trojan scanners are *extremely* fast.
And they should be!
Is a server listening? Yes? is it dodgy? No? Good! Yes?
trojans=trojans+1

Remove All Trojans? Yes? No? Continue. Click Continue.




remove any viruses and trojans on her computer - if there are any.

Restart

Do another scan

ensure you have
0 viruses, 0 trojans.

she might have to delete some infected files that won't clean, and at
worst windows won't start up properly, so she'll have to do a windows
xp repair off the cd.

Great, done!

 

[q_q_anonymous]

Do you have more bad news for me? )) Of course I will not respond that
email. I had deleted it... then thought it could be harmful and sent it to
you.

My computer is not slow and the mouse acts normally. BUT I have to use
online banking since I live "abroad" with a very slow and erratic mail
service. I am going to contact my bankers.

How can I know which category is the trojan? Or virus or whatever. My yahoo
email is an alternate. The main one is google and I receive the emails in OL
XP through Spambayes and secured email.

Still trying to work on your tasks. I have already disabled my firewall.
Right, it is headache when it starts asking questions!

nobody worries about what category the trojan is. There are people
whose job it is to write programs to scan for trojans.

There is a program called TrojanRemover, you see where to download it
on this page
http://www.simplysup.com/tremover/download.html

You'll be downloading an evaluation copy, it works for 30 days, that is
fine. You'll need it for less than one day.

You run that, and if it finds 10 trojans, then delete them all and do
another scan and see if it says 0 trojans. You may have to run it in
safe mode. who knows, maybe it'll say 0 trojans straight away - first
scan!

The whole process should not even take more than an hour. (from memory,
I think it takes about 10 minutes!)

It's looks like you're the type to already be doing virus scans
anyway!!

It really isn't a big deal, you are in the same bag as everybody else.
Even trojans are common, and nobody panicks because - as you'll see -
nothing will happen! And if it does, it won't be as bad as you might be
dreading.

And then you can call your bank and check your balance, Call your phone
company or check your phone bill and you'll see 99.99% chance you're
ok.

I *Strongly* Suggest that you use telephone banking. I don't know how
that'd work abroad, if it's too expensive. Maybe you can get cheap
telephone calls to your bank.
It's very safe and very very efficient. Not helpful for viewing a
statement, but ok to check your balance and make bill payments.
Still, I wouldn't worry too much about online banking. I just use
telephone banking because it's less hassle.