1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

More spam than usual

Discussion in 'Earlier Versions of Windows' started by bozz, Apr 24, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. bozz

    bozz Thread Starter

    Joined:
    Sep 18, 2003
    Messages:
    239
    I've been getting an increased number of spam email over the past two weeks. I use Norton AV, Spywareblaster 3.1, Kerio's firewall(strict settings) and Spybot 1.3rc4 which I just installed today and it picked up Dropper. Hadn't seen that one before. Removed it with Spybot. Google searching indicates that Dropper is a trogan. Thanks Spybot. However, recent scans with Norton AV, updated, didn't pick up anything. I also use Bellsouth, which has a Mailguard feature for spam and it does a good job, but more and more spam is getting through. Also using Mailwasher only to few headers and delete, not bounce, Firefox and Thunderbird.

    Wondering if something else might be lurking around?

    Hyjackthis log:

    Logfile of HijackThis v1.97.7
    Scan saved at 3:34:25 PM, on 4/24/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\DOWNLOAD FILES\KERIO\PERSFW.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\RBTRAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
    C:\PROGRAM FILES\MAILWASHER PRO\MAILWASHER.EXE
    C:\PROGRAM FILES\MOZILLAFIREFOX\FIREFOX.EXE
    C:\PROGRAM FILES\THUNDERBIRD\THUNDERBIRD\THUNDERBIRD.EXE
    C:\DOWNLOAD FILES\_DWNLDPROGRAMS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [RBTray] rbtray.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [PersFw] "C:\Download Files\Kerio\persfw.exe" /hide
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37864.244212963
     
  2. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    If you want to handle spam better try the below.

    You won't need MailWasher after doing the following. MailWasher is not effective. Spammers don't pay attention to 'return to sender' messages and besides, you have no hope that even 1/1000% of all spamers wil remove you from a mailing central mailing list they all use, there isn't one and there are 10s of thousands of spammers.

    You simply need to create a 'white list'. Outlook Express gives you all the tools necessary to block Spam this way. You simply set up a Message Rule:

    With Outlook Express open click the Tools menu; Message Rules; Mail; Click the New button; Under the number (1) 'Conditions' window, tick the box next to, 'Where the From line contains people'; In the number (2) Actions window, tick the box next to, 'Move it to the specfied folder'; In box number (3) 'Rules description' click on the blue 'contains people' entry; Enter your first Approved Sender for example, [email protected] and click the Add button (you can click the Address Book button at right to add e-mail addresses from senders in your Windows or (Outlook Express) Address Book to your approved senders White List to save some typing); In the lower right New Mail Rule box now click the Options button; choose the option, 'Message does not contain the following people' and, 'Message matches any of the following people'; Click the OK button; Click the next OK button; Click the blue 'specified folder entry and then use the wizard to choose the folder you want to send unapproved messages to like, 'Deleted Items' (or a folder called Spam you've created prior to starting to set up this rule) (please see adding folders or sub-folders in the Outlook Express Help files); Click the Add button; Enter the next approved sender or, you can go back in this same area later by entering the New Mail Rule #1 (by clicking on the filter name), or whatever you named the rule, and clicking any blue approved sender again and then entering the next approved sender and clicking the OK button when you're done.

    You enter all the approved senders you require to complete the white list, and (after closing then restarting Outlook Express when receiving messages, only those approved senders you designate to the filter will go in your Inbox. All others will go in the folder you designate. Note that if you use Deleted Items to send the non-approved senders to, in the Outlook Express Options area (Tools menu; Options; Maintenance tab) the checkbox should be cleared next to, "Empty messages from the Deleted Items folder on exit."

    All other message rules you've created should be deleted, and the Blocked Senders area may as well be cleared of entries since blocking senders is non-efective because every spam message has a different fake From address/domain. Another reason MailWasher is ineffective.
     
  3. bozz

    bozz Thread Starter

    Joined:
    Sep 18, 2003
    Messages:
    239
    As I stated, I use Mailwasher only to delete, not bounce. I also use Thunderbird and not Outlook Express.

    But thanks for the tip.

    Anyone else.
     
  4. bilnrobn

    bilnrobn

    Joined:
    Jan 16, 2003
    Messages:
    795
    First Name:
    Bill
    Styxx, I agree with much of what you say, but I see one problem. Mail sometimes arrives from an unapproved source that is legitimate mail, not spam, and you want to receive it. Doesn't what you have suggested mean that will go straight into the deleted file? If you then need to check the deleted file, then you may as well check it in the inbox or via Mail Washer. I had a massive problem and finally paid $10 a year to have my ISP's spam filter scan my mail. Since then spam has reduced by around 90% and to my knowledge no legitimate mail has been blocked. I still use mailwasher and delete the remaining 2 or 3 spams a day there. Would be interested in your comments, and this post and your reply may also be helpful to bozz.
    To bozz, I suggest also downloading AdAware. It picks up some spyware that Spybot misses. (I am told the reverse is also true, but I have never had Spybot pick up something AdAware missed.)
     
  5. john1

    john1

    Joined:
    Nov 25, 2000
    Messages:
    8,994
    Or you could look into bayesian filtering,
    which directs mail according to content.
    Not according to address or addressee.
    Bayesian filtering claims success rates above 90 per cent.

    John :)
     
  6. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    I tried the Bayesian filtering with SpamPal a couple months ago, but I could never tune it to do any better job then just turning on all the DNSPLs on my system. It also was filtering non-SPAM too often. FWIW, I get about 150-200 SPAM messages and about 95% of them are correctly routed to the trash by SpamPal. I add blacklists whenever a SPAM slips through. :)
     
  7. bozz

    bozz Thread Starter

    Joined:
    Sep 18, 2003
    Messages:
    239
    Installed Adaware 6 and updated to the latest reference file. It found Alexa which I think Spybot doesn't consider spyware, removed it anyway.

    Anyway, hopefully the spam will phase out or slow a bit after awhile, but I doubt it. I guess that's life on the net.

    Thanks everyone, at least I think my pc is clean since no one indicated any problems in my Hyjackthis log. Thanks again.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223493

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice