PDA

View Full Version : Computer help, did something stupid



Popcorn
01-24-2005, 07:08 PM
I did something really really stupid. I have comcast and when you get an email it makes a sound and you can answer right a way if you hear it. I heard an email come in and I was half asleep. It looked like it was from ebay and was someone asking about something they had bought. I could not find the order so I clicked on the link to see the auction and it was not ebay. I did not enter any information but shut down right away and ran a virus scan as well as my spy sweeper and it did not find anything. I have spy sweeper running in the background all the time and it is suppose to give some protection. Since this happened I have not signed on to any sight such a paypal that requires a pass word in case it is a key stroke virus. That is where I am now. What do you think I should do next. Thank you

DavidMorris
01-24-2005, 09:53 PM
I'm sure you're fine Popcorn. Just clicking on a link will not infect you unless you were running a REALLY old version of IE that were vulnerable to Javascript "virii." If it was a site asking for your eBay or PayPal info, then it was just another phishing scam attempt, and as long as you don't enter anything you're fine. Actually I will sometimes mess with the scammers by going to the site and entering a bunch of bogus and profane stuff. Hey, what can I say, sometimes I get bored. /ccboard/images/graemlins/smile.gif

As long as you're running an up-to-date (that point is critical!) anti-virus and scan with anti-spyware tools regularly, you should be safe. Just make sure Windows and Outlook (assuming you use Outlook) is patched up. In fact I would recommend NOT running Outlook or Outlook Express for your mail, as it is routinely exploited to propagate virii should you ever be infected by an e-mail trojan. I would suggest you check out Thunderbird (http://www.mozilla.org/products/thunderbird) -- it's free, more secure, and just much better overall than Outlook IMHO. I've been using it since early beta releases.

Popcorn
01-24-2005, 10:33 PM
I am using OE but my browser is firefox. I am afraid of the key loggers I read about.

highsea
01-24-2005, 11:10 PM
It will still have to run as an active process. You can pull up the task manager and see what's running in background. I doubt you have a problem, but if you want to verify the process list, you can send me a PM and I will have a look at it.
_______________________________________

Sid_Vicious
01-25-2005, 02:05 AM
David,

I'm downloading Thunderbird now, and I am currently using Outlook though...should I remove Outlook entirely from my system if I like Thunderbird, or is it safe enough to just set the default to Thunderbird, migrate the mailbox and address folders and leave all of Outlook resident? I've had no problem that I know of with Outlook, but I think you may be right about hackers focusing on it. Thanks...sid

DavidMorris
01-25-2005, 07:48 AM
<blockquote><font class="small">Quote Popcorn:</font><hr> I am using OE but my browser is firefox. I am afraid of the key loggers I read about. <hr /></blockquote>
Great, another Firefox user! If you like Firefox, I think you'd like Thunderbird as well. The primary reason for moving away from Outlook/OE is because SHOULD you ever be infected by a trojan through whatever means, the #1 method of propagation is to e-mail itself to everyone in your Outlook address book. Thunderbird and other e-mail clients will be likewise targetted at some point as their market share increases, but currently it's just too easy to piggyback on Outlook so that's where most trojan writers concentrate.

As Highsea said, a keylogger or any other trojan would had to have been installed by executing a process (program). Just clicking on a webpage link would not do it, unless it was a download link and you chose to Open rather than Save, which it doesn't sound like you did.

Generally speaking, you cannot get infected by e-mail unless you open certain attachments. You won't be infected by visiting a website unless you either download and execute a program, or click Yes or OK on the spyware popups (which is the same thing as downloading and running a program in reality). But just visiting a webpage will not install a trojan or keylogger.

DavidMorris
01-25-2005, 07:57 AM
<blockquote><font class="small">Quote Sid_Vicious:</font><hr>I'm downloading Thunderbird now, and I am currently using Outlook though...should I remove Outlook entirely from my system if I like Thunderbird, or is it safe enough to just set the default to Thunderbird, migrate the mailbox and address folders and leave all of Outlook resident? I've had no problem that I know of with Outlook, but I think you may be right about hackers focusing on it. Thanks...sid <hr /></blockquote>
Hackers definitely focus on Outlook/OE for exploitation and trojan propagation simply because everyone running Windows has it and most of those use it. As Thunderbird or any other e-mail client become more prevalent, then I'm sure we'll see them targeted as well, but I don't think they'll ever get as much attention as MS's stuff.

You can uninstall and remove Outlook (the full, office version) but OE isn't easily removed. There are some instructions on how to manually do it but they're tricky and liable to break your system if you're not very careful. If you're running WinXP SP1 or SP2, you can "uninstall" Outlook Express and set Thunderbird as your default mail handler. This is what I do. Keep in mind however that this isn't truly an "uninstall" as the files are still there -- XP just removes all references from your profile so that you don't see it anymore. Also note that sometimes Windows Update will update OE and you'll find that it has suddenly "reinstalled" itself.

If you stick with Thunderbird I would at least empty out your OE address book and mail stores once everything is migrated over, because if you leave valid entries there then a potential trojan could still find them and propagate by it.

Sid_Vicious
01-25-2005, 08:17 AM
Thanks, I like the program so far, but I am still using IE as a browser. One problem I am having though, the incoming mail doesn't appear to be popping up for me in Thunderbird. It said I had one message this morning and when I forced the retrieval, nothing ever appeared in the inbox. Would that be the action of the spam filter ya reckon? I did utilize the "junk" feature on many of the pharmaceutical junk I had already,,,will the program alert me that one was blocked? My 3 minute mail server request may not be automatically working either, cuz I sent myself a test mail and finally had to force it to appear well after the three minutes. Maybe I need to switch something,,,ideas? Btw, I have no problems with using Netscape, it that happens to be my trouble-maker(IE.)sid

SpiderMan
01-25-2005, 08:39 AM
We could put those guys out of business if everyone who received such scam emails clicked through and then entered bogus information. It would take them forever to sort through all that chaff. Instead, we play "smart" and don't do anything, so they know that when they get a response it's genuine.

SpiderMan

DavidMorris
01-25-2005, 10:56 AM
<blockquote><font class="small">Quote Sid_Vicious:</font><hr> Thanks, I like the program so far, but I am still using IE as a browser. One problem I am having though, the incoming mail doesn't appear to be popping up for me in Thunderbird. It said I had one message this morning and when I forced the retrieval, nothing ever appeared in the inbox. Would that be the action of the spam filter ya reckon? I did utilize the "junk" feature on many of the pharmaceutical junk I had already,,,will the program alert me that one was blocked? My 3 minute mail server request may not be automatically working either, cuz I sent myself a test mail and finally had to force it to appear well after the three minutes. Maybe I need to switch something,,,ideas? Btw, I have no problems with using Netscape, it that happens to be my trouble-maker(IE.)sid <hr /></blockquote>
I imagine the incoming mail was identified as junk and silently moved to the Junk folder. Junk mails don't result in any indication of new mail arriving, they are silently filed and ignored. What you can do is just look at the Junk folder entry in the folder view. Anytime mail is stored in a folder, the folder name is boldfaced and the number of unread messages is shown in parenthesis next to it. So whenever you retrieve mail, you can look at the folder list and immediately see where mail has landed. When I confirm that any junk mail is indeed junk, I right-click the Junk folder and select "Mark Folder As Read." This clears the bold highlight and message count for the next time.

Speaking of the junk filter: it is a Bayesian filter which means it must be trained. So expect it to take some time before it learns what is junk to you. After a few weeks of use (if you get the amount of spam I get) it should be about 90% or better in its spam identifying ability. Another tip: don't delete messages in your junk folder, just leave them there. Why? Because if you ever backup and restore your mail folder (like to a new PC, or when uninstalling/reinstalling TBird) the junk mail logic is reset, meaning you need to retrain. But if you saved and restored your old junk mail folder, you can highlight all the mail in that folder and mark as Not Junk, then mark it again as Junk, and bingo -- you've immediately trained your junk mail filter instead of having to redo it over the next several weeks again. I'll trim my junk folder down just to keep it to a manageable size, say 1000 messages or so, but otherwise I just ignore it.

Another TBird junk mail tip: if you're like me and create a bunch of different filters to sort certain e-mails to certain folders based on subject line, sender, etc., then make sure to scroll down in the filter and set it to not run a junk scan on those e-mails. The default behavior is to check for junk regardless of the fact you've created an explicit filter to file it, so if it thinks it's junk then your filter will be ignored.

highsea
01-25-2005, 02:05 PM
Why can't you just identify the filter file and keep it? Sounds like pretty sloppy design if the filter has to query the junk folder on every message. JAT.

Why are multiple filters required? Can't one filter handle multiple rules?

DavidMorris
01-25-2005, 03:36 PM
<blockquote><font class="small">Quote highsea:</font><hr> Why can't you just identify the filter file and keep it? Sounds like pretty sloppy design if the filter has to query the junk folder on every message. JAT.

Why are multiple filters required? Can't one filter handle multiple rules? <hr /></blockquote>
The "folders" I'm speaking of in Thunderbird are standard mailbox files, so keeping the folder is the same as keeping a file.

The training data is kept elsewhere in the configuration and sometimes needs to be regenerated (like when you copy your mail to a new PC). Also, the TBird designers have in the past changed the way the filter works between releases and when they do they've asked everybody to retrain their filter. You do this by going into the Junk Mail Controls settings and clicking "Reset Training Data." Once you do this, you're back at square one -- so maintaining your old junk mail gives you a very easy way to retrain all at once by highlighting all the junk messages and re-classifying them as junk.

You can have multiple filters and multiple rules within a filter. Once you have more than a few rules it's pretty bad practice to lump them all into a single filter. Therefore I create multiple filters with one to several rules specific to the subject of that filter. It's far more organized and easier to work with than lumping dozens of rules into a single filter. I have about two dozen filters setup currently with anywhere from 1-5 or so rules in each.

Sid_Vicious
01-25-2005, 04:05 PM
So far I like the tool, nice GUI, but I'll have to figure out what I'm doing wrong in setting it to check for new mail automatically. I'll work with it tonight when I get home. Thanks...sid

highsea
01-25-2005, 04:20 PM
<blockquote><font class="small">Quote DavidMorris:</font><hr>The training data is kept elsewhere in the configuration and sometimes needs to be regenerated (like when you copy your mail to a new PC).<hr /></blockquote> This configuration data is what I was referring to. If you can save this, there would be no need to "retrain" the filters when moving your data.
<blockquote><font class="small">Quote DavidMorris:</font><hr>Also, the TBird designers have in the past changed the way the filter works between releases and when they do they've asked everybody to retrain their filter. You do this by going into the Junk Mail Controls settings and clicking "Reset Training Data." Once you do this, you're back at square one -- so maintaining your old junk mail gives you a very easy way to retrain all at once by highlighting all the junk messages and re-classifying them as junk.<hr /></blockquote>Can you create an archive mailbox to retrain the filters? This could be burnt to CD and used in reinstalls and updates. Then a user wouldn't be required to leave tons of spam on his hard disk.
<blockquote><font class="small">Quote DavidMorris:</font><hr>You can have multiple filters and multiple rules within a filter. Once you have more than a few rules it's pretty bad practice to lump them all into a single filter. Therefore I create multiple filters with one to several rules specific to the subject of that filter. It's far more organized and easier to work with than lumping dozens of rules into a single filter. I have about two dozen filters setup currently with anywhere from 1-5 or so rules in each.<hr /></blockquote>Simple filters, like "mail from this user goes to this folder" should usually all be in one filter. Admins and managers that have to manage a lot of mail, and prioritize their responses, may have the need for more complex filters, but most people do not fall into this group. Also, subject-based filters have an annoying succeptibility to misdirection when there are things like spelling errors and conflicting user-based filters in play.

My experience is that users that do not have solid scripting skills can create conflicting rules when multiple filters are used on a single message. Unless you have a good understanding of how, and in what sequence the filters are applied, you can get unpredictable results.

I managed the messaging for a medium sized organization for 5 years. I had 500+ users, and a mixed platform environment that included SAP, Notes and Exchange, along with a unified messaging system. Obviously this can get pretty complicated, and the KISS approach is still the best, imo.

I'm not being critical of the application, these issues apply to all mail apps in general. I am just one of those people who do not like giant mailbox data files. They can be difficult to back up and restore, and they can absolutely annihilate server space in a business environment.
___________________________________________

DavidMorris
01-25-2005, 04:42 PM
<blockquote><font class="small">Quote highsea:</font><hr>This configuration data is what I was referring to. If you can save this, there would be no need to "retrain" the filters when moving your data.<hr /></blockquote>You're probably right, I've just never tried to track down where it is stored at. However even if you had it saved you might still run into the other scenario where you needed to reset it due to corruption, bug fix or update, etc.

<blockquote><font class="small">Quote highsea:</font><hr>Can you create an archive mailbox to retrain the filters? This could be burnt to CD and used in reinstalls and updates. Then a user wouldn't be required to leave tons of spam on his hard disk.<hr /></blockquote>Yes you could -- you can train the filter from any message or mailbox. However you'd have to import the folder first into TBird to do it, and then delete it again later. An extra step but certainly feasible if you didn't want to keep the old spam. However I want my spam filter to stay up to date with new spam, and to do so from an archive you'd have to keep refreshing the spam archive to keep it from growing stale. I prefer to just leave the junk where it is and ignore it.

<blockquote><font class="small">Quote highsea:</font><hr>Simple filters, like "mail from this user goes to this folder" should usually all be in one filter. Admins and managers that have to manage a lot of mail, and prioritize their responses, may have the need for more complex filters, but most people do not fall into this group. Also, subject-based filters have an annoying succeptibility to misdirection when there are things like spelling errors and conflicting user-based filters in play.

My experience is that users that do not have solid scripting skills can create conflicting rules when multiple filters are used on a single message. Unless you have a good understanding of how, and in what sequence the filters are applied, you can get unpredictable results.<hr /></blockquote>Generally speaking I agree on the KISS principle, but in this case multiple filters IMHO are much easier to manage than multiple rules within a filter, especially when the rules grow beyond a handful. Even for simple users, being able to name each filter with a meaningful name and look at them in a list, in order of priority, is far easier than scrolling through a list of obscure rulesets.

I and many of my friends and colleagues are not the typical user and have pretty elaborate setups. I have my own mail server at home, multiple domains with multiple aliases per domain, plus multiple offsite accounts that I manage through one instance of Thunderbird. These are used for a wide variety of work-related and personal things. Having multiple filters for each domain and category is much easier for me to manage. But even before I had all that and my e-mail was simply through my ISP account, I still preferred multiple filters -- to me it's no different than multiple folders on a drive partition, or multiple partitions on a large drive. It makes organization much cleaner and easy to manage and manipulate.

DavidMorris
01-25-2005, 04:47 PM
<blockquote><font class="small">Quote Sid_Vicious:</font><hr> So far I like the tool, nice GUI, but I'll have to figure out what I'm doing wrong in setting it to check for new mail automatically. I'll work with it tonight when I get home. Thanks...sid <hr /></blockquote>
Let me know if you get stuck and need help. Not sure why you're having trouble with automatically checking -- I'm thinking that is the default behavior. Mine is set to check when opened and every 10 minutes after that, and has always worked fine.

BTW if you use the wonderful and highly recommended free AVG Anti-Virus, you can configure it and TBird to automatically scan your e-mail too. Once setup it works as seamless as the various Outlook AV extensions.

highsea
01-25-2005, 05:52 PM
<blockquote><font class="small">Quote DavidMorris:</font><hr> <blockquote><font class="small">Quote highsea:</font><hr>Can you create an archive mailbox to retrain the filters? This could be burnt to CD and used in reinstalls and updates. Then a user wouldn't be required to leave tons of spam on his hard disk.<hr /></blockquote>Yes you could -- you can train the filter from any message or mailbox. However you'd have to import the folder first into TBird to do it, and then delete it again later. <hr /></blockquote>
Why? can't you just open a different mailbox? For example, I have several archives on CD, and I can just put in the disk and open the .pst in Outlook from the CDROM. There is no need to import the messages into the currrent mailbox. If T-Bird is a multi-profile client, you shouldn't have to import the messages.

You could have a mailbox that only had the junk folder. This could be updated regularly with a CDRW, by exporting the spam to the "junk" mailbox. As long as you could open this mailbox and use it to train the filters, there would be no need to import the messages.

DavidMorris
01-25-2005, 06:20 PM
<blockquote><font class="small">Quote highsea:</font><hr>Why? can't you just open a different mailbox? For example, I have several archives on CD, and I can just put in the disk and open the .pst in Outlook from the CDROM. There is no need to import the messages into the currrent mailbox. If T-Bird is a multi-profile client, you shouldn't have to import the messages.

You could have a mailbox that only had the junk folder. This could be updated regularly with a CDRW, by exporting the spam to the "junk" mailbox. As long as you could open this mailbox and use it to train the filters, there would be no need to import the messages. <hr /></blockquote>
Not really, because TBird doesn't let you "open" a mailbox file -- you either import into the current account, which is associated with a directory containing one or more mailbox files, or you manually copy the mailbox file to the account's directory on the hard drive and refresh your mailbox list. Unless something has changed since I tried ad-hoc mail file viewing awhile ago.

Perhaps you could create a separate "account" with its mail store pointing to the CD copy and train against that. I'm not certain it would work, as I'm not sure if junk AI is maintained at the profile level or at the account level. IF the latter then the archive training would only apply to the archive account and not the live account(s).

It looks like we've thoroughly hijacked Popcorn's thread. /ccboard/images/graemlins/smile.gif Maybe we should take further TBird discussion to a new thread? /ccboard/images/graemlins/laugh.gif

Popcorn
01-25-2005, 06:52 PM
I think everything is fine. I updated my virus and spy ware stuff and ran them, they found a few things and I feel safe. Today I had another problem my modem went bad, It comes from comcast. I give them a call and they tell me they will have to set me up for a service call the earliest would be Friday. I ask if I can't just bring in the bad modem and get a new one and the guy on the phone tells me no. I figure the heck with it, they tell you you can hook it up yourself in the ad's so I take it over to comcast place anyway and sure enough they give me a new one and I am up and running in about 20 minutes. If I listened to their phone helper I would be sitting here all day on Friday waiting for the guy to come and replace it. You can't trust anything anyone tells you, you have to take matters into your own hands, they are all idiots. I had problems today at a bank I won't even go into. Where to they find these people. I just expect people to at least know their own jobs, is that too much to ask?

DavidMorris
01-25-2005, 07:47 PM
<blockquote><font class="small">Quote Popcorn:</font><hr>I just expect people to at least know their own jobs, is that too much to ask? <hr /></blockquote>
Apparently so. I deal with that at least once a day it seems. I work with some people who have 2 or 3 degrees, more education than I do, and sometimes I wonder how they find their way to work every day. I'm constantly having to do not only my job but somebody else's as well.

That's about par for the course of 1st line tech support, unfortunately. They're hired at minimum wage or barely more, sent to a 3 day class, and given a binder with a script and a flowchart to follow when a customer calls. Their job is to keep the heat off the more knowledgeable and higher-paid 2nd and 3rd tier support. Next time ask to be elevated to 2nd or 3rd line support, sometimes it works and you actually get somebody with a clue.