Enter your vote today!  A new poll has been created for the
DoShelp group:

Should your ISP be responsible for
filtering SPAM/Viruses from e-mail, or
do you believe this to be an invasion
of privacy?

   o Yes
   o No
   o Not sure


To vote, please visit the following web page:

http://groups.yahoo.com/group/DoShelp/surveys?id=530189

Note: Please do not reply to this message. Poll votes are
not collected via email. To vote, you must go to the Yahoo! Groups
web site listed above.

Thanks!

Enter your vote today!  A new poll has been created for the
DoShelp group:

Would you buy products advertised to
you in an unsolicited Commercial E-
mail? Spammers say most people do.

   o No
   o Yes
   o Sometimes


To vote, please visit the following web page:

http://groups.yahoo.com/group/DoShelp/surveys?id=530185

Note: Please do not reply to this message. Poll votes are
not collected via email. To vote, you must go to the Yahoo! Groups
web site listed above.

Thanks!

Enter your vote today!  A new poll has been created for the
DoShelp group:

Do you have a local network of
connected computers which all have
access to the internet. Do you have a
firewall protecting them??

   o Yes
   o No
   o Not sure


To vote, please visit the following web page:

http://groups.yahoo.com/group/DoShelp/surveys?id=530187

Note: Please do not reply to this message. Poll votes are
not collected via email. To vote, you must go to the Yahoo! Groups
web site listed above.

Thanks!

Enter your vote today!  A new poll has been created for the
DoShelp group:

Should e-mail marketers (world-wide) be
forced to disclose their *REAL* e-mail
address in order to send you messages
you didn't ask for?

   o Yes
   o No
   o Not sure


To vote, please visit the following web page:

http://groups.yahoo.com/group/DoShelp/surveys?id=530186

Note: Please do not reply to this message. Poll votes are
not collected via email. To vote, you must go to the Yahoo! Groups
web site listed above.

Thanks!

Enter your vote today!  A new poll has been created for the
DoShelp group:

Do you believe that a program is
required to disable Microsoft's net
messenger Service SPAM Like the ads
tell you?

   o Yes
   o No
   o Not sure


To vote, please visit the following web page:

http://groups.yahoo.com/group/DoShelp/surveys?id=530184

Note: Please do not reply to this message. Poll votes are
not collected via email. To vote, you must go to the Yahoo! Groups
web site listed above.

Thanks!

----- Original Message -----

From: Troy Billington

To: DoShelp@yahoogroups.com

Sent: Friday, April 30, 2004 10:50 PM

Subject: [DoShelp] Re: Does anyone know how to close off certain ports??

--- In DoShelp@yahoogroups.com, "Brian Abildgaard"
<abildgaard_fz@y...> wrote:
> Im not much of a computer person..but I do think that someone is
> trying to hack into my computer.While pressing netstat in Dos...I
> keep on seeing cpe-24-175-186-122.stx.rr.com  And it says that its
> state is connected.....Well anyways..im not running
roadrunner...and
> I highly doubt that that is from any sort of application that I
have
> on..because even after I close my windows...Its still there...If
> anyone knows of a program that lets me specify which ports are open
> or closed..can you please e-mail me...or maybe I am just a paronoid
> person...and this is really nothing.  abildgaard_fz@y... but if
> its really someone tapping into my system..I would like them
removed
> and then I would like to smash their computer..ha...well thanks

Brian,

A "Firewall"  controls what ports are open/closed or may be used. 
Application-Level Firewalls grant 'programs' on your computer access
based on rules, so even if you got a trojan, it is not going to be
recognized and given permission to communicate without you setting it
that way.

I  can suggest some good personal firewall software/hardware which
you can use, just visit http://www.doshelp.com/PC/Firewalls.htm

I've listed ones which are both my personal favorites AND industry
leading products as well.

Best Regards,
             Troy

--- In DoShelp@yahoogroups.com, "Brian Abildgaard"
<abildgaard_fz@y...> wrote:
> Im not much of a computer person..but I do think that someone is
> trying to hack into my computer.While pressing netstat in Dos...I
> keep on seeing cpe-24-175-186-122.stx.rr.com  And it says that its
> state is connected.....Well anyways..im not running
roadrunner...and
> I highly doubt that that is from any sort of application that I
have
> on..because even after I close my windows...Its still there...If
> anyone knows of a program that lets me specify which ports are open
> or closed..can you please e-mail me...or maybe I am just a paronoid
> person...and this is really nothing.  abildgaard_fz@y... but if
> its really someone tapping into my system..I would like them
removed
> and then I would like to smash their computer..ha...well thanks

Brian,

A "Firewall"  controls what ports are open/closed or may be used.
Application-Level Firewalls grant 'programs' on your computer access
based on rules, so even if you got a trojan, it is not going to be
recognized and given permission to communicate without you setting it
that way.

I  can suggest some good personal firewall software/hardware which
you can use, just visit http://www.doshelp.com/PC/Firewalls.htm

I've listed ones which are both my personal favorites AND industry
leading products as well.

Best Regards,
              Troy

Im not much of a computer person..but I do think that someone is
trying to hack into my computer.While pressing netstat in Dos...I
keep on seeing cpe-24-175-186-122.stx.rr.com  And it says that its
state is connected.....Well anyways..im not running roadrunner...and
I highly doubt that that is from any sort of application that I have
on..because even after I close my windows...Its still there...If
anyone knows of a program that lets me specify which ports are open
or closed..can you please e-mail me...or maybe I am just a paronoid
person...and this is really nothing.  abildgaard_fz@... but if
its really someone tapping into my system..I would like them removed
and then I would like to smash their computer..ha...well thanks

Greetings Everyone,

You may want to subscribe to our Premium Alert Security Service
(P.A.S.S.)  which will alert you to new frauds/scams. It also
provides advanced notice of software/hardware security risks (with
patch & information links) so you can stay ahead of the hackers &
crackers out there. See: http://www.doshelp.com/premium_services.html

Best Regards,

			 Troy Billington

Greetings everyone,

When you have time, please visit the 'Polls' Section of this
discussion group at: http://groups.yahoo.com/group/DoShelp/polls and
share your opinion.


Thank You,

            Troy A. Billington

Anyone Running Microsoft Windows, please read the following Microsoft
Security Bulletin, but *FIRST* Run windowsupdate or visit
http://www.windowsupdate.com and get ALL the new updates to patch
these crittical security issues before they affect you!


www.microsoft.com/security/security_bulletins/200404_windows.asp

Greetings Everyone,

First I'd like to wish all of you celebrating Easter Sunday a HAPPY
Easter! For those of you who don't ...well HAPPY Sunday!

I created a survey about my site which I would appreciate your
participation.  Also if you would pass it to others so I can see just
how useful it is....or if I need to do something more.

The URL IS: http://www.doshelp.com/Survey.htm  it's less than 10
questions and you can even do some free form input.  be sure to stop
at the confirmation page and visit the Donations link (Help US).
Things have been tight the past few months, but I don't want to turn
this into a PAY only site...I believe HELP should be free.

Greetings everyone,

It seems the HOAXES are beginning once again among users with Instant
messaging.  I'd like to point out a link from my FAQ page on
DoShelp.com for you to examine a message to see if it's a HOAX:

http://www.doshelp.com/Scams-fraud/Instant-messenger-hoaxes.htm

If you have doubts about a message which may be a hoax, mail it to
me: Report@... Subject: suspected HOAX.  I will investigate it
and let you know the deal.  If it's a hoax  I dont have I'll post it
for others to see.

Greetings everyone,

Over the past couple weeks I've been getting IM's from people who for
some 'odd' reason think I'm the one to ask for "Booters".  For those
of you who do not know, these booter programs consist of prograns to
knock you off Yahoo chat/IM service.  One such place who had them
was: http://www.yahoo-fu**ers.com.  I guess it's safe to say my e-
mail to the ISP hosting them as well as a 'heads-up' to Yahoo! got
attention they didn't want...happily they're DOWN for the count!

If you know of any other 'booter' sites send me an e-mail to
report@... and I'll do what I can to take care of them too.

You may not realize it, but anyone who uses this software is possibly
breaking the law (depending on where you do it from).  It's NOT WORTH
IT!!

I'm currently developing 'booter protection/detection' software which
will be a sort of plugin, when someone boots you, it will trace back
to them and show them their IP/hostname/yahoo ID and the offending
boot string.  It will then copy the message to their ISP's abuse
contact as well as Yahoo! abuse.

My guess is after this happens a few times those who use booters will
understand that it's NOT A GAME!

Once a working beta is done, I'll post it and provide links for
download.  It will be FREE of course and can be copied onto your own
website if you like.

Till then...I'd suggest a firewall with Stateful Packet inspection
and IDS capabilities (meaning, it verifies connections, and "looks"
at the information contained in a packet comming to you).  Anyone
interested in trapping them, mail me doshelp@... and I'll be
happy to explain it to you.

Best Regards,
                   Troy A. Billington

Hi Everyone,

I invite you to take part in the security polls, if you have any
questions please let me know.  The Polls link is on doshelp.com under
the menu bar at the left side of the page.



Have a Great Day!

It seems a hacker has hacked into my computer even with McAffee
Firewall in place.  I'm not in this persons network.  How do I get
out of it and fix the portal?  I'm in the process of printing the
pages of trojan and worm ports and will be sure that they are all
being protected with my firewall.  Anything else that would be
helpful would be greatly appreciated!  Thanks =)

Hi everyone!

I've been working on the Trojan Ports list expanding each port so if
there are multiple trojans which can use a given port, I list details
for all of them.  My first REALLY BIG section was TCP port (80).  As
I sat down last night to work on that list, I never realized just how
many there are!!


Check the list at: http://www.doshelp.com/trojanports.htm

Hi All,

Some of you may not be aware, I've added a few new  sections to
http://www.doshelp.com  here they are:


Online Scams/Fraud information:    http://www.doshelp.com/scams-fraud
Net Messenger Spammer IPs: http://www.doshelp.com/ipspammers.asp

There are new methods scammers are using to part you from your money,
we want to help you not fall prey to it.

You can also try something called "The Cleaner" this is available at
http://www.moosoft.com
It is for removing trojans/spyware and ad-ware.


-----Original Message-----
From: Incognito [mailto:mainiacs101@...]
Sent: Saturday, February 28, 2004 5:18 PM
To: DoShelp@yahoogroups.com
Subject: [DoShelp] Trojan Help


Recently my anti- virus program(Trend Micro 2004) detected 3 trojans
called TROJ_AOL. The first two were sucessfully caught and
quarantined but not the last one. A pop up appeared on my desktop
for a porn site. I could not get rid of it and was forced to shut
down.
After contacting my virus program tech support and AOL support I
really did not get the help I was hoping to find.
I have a cable connection through my ISP and use AOL as an add on
but they are not my primary ISP.
I eventually ran my recovery disks erasing the hard drive with a
full recovery for my system as I had no where else to turn and had
to rid my pc of this pest. I am using the same anti-virus program
but am about to switch to another as I feel my anti-virus program
should have caught this. I am always current on my updates with both
windows and virus's as I receive automatic updates. However I did
notice about a week prior that some of my updates with my anti-virus
program were not sucessfully updated when I checked the logs. The
pattern files all were updated however but showed otheres as not
being updated. What they are I do not know as it does not list
these. I have added SPY BOT and ZONE ALARM.
Here is my problem now. In AOL I have 7 screen names. The first one
I was able to change the password and delete the porn site linked to
my profile. I am not able to change the passwords in the remaining
screen names as I cannot type the new password. Something or someone
is preventing it. Each repeat attempts allow fewer digits to be
typed. AOL community action team support person thinks the problem
is with my pc and that I still may have the trojan or keylogger.
I have scanned my system and find nothing. I believe that someone or
program has taken control of my account at AOL and not on my pc.
How do I tell if there is a trojan or pest program on my pc? I admit
I am a novice and therefore really do not understand which
programs/addresses I should block using Zone Alarm as it blocks both
incoming and outgoing communication.
If the problem is not on my pc then does anyone have any suggestions
as to how I can get back control of my AOL account short of deleting
it and started with a new one.
Any suggestions or ideas about this problem would be greatly
appreciated as I am at my wits end.
Any suggestions on good anti-virus programs would be great.
Thank you in advance!





Yahoo! Groups Links





---
Outgoing mail is certified Virus Free with AVG Anti-virus scanner.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.596 / Virus Database: 379 - Release Date: 2/26/2004

Recently my anti- virus program(Trend Micro 2004) detected 3 trojans
called TROJ_AOL. The first two were sucessfully caught and
quarantined but not the last one. A pop up appeared on my desktop
for a porn site. I could not get rid of it and was forced to shut
down.
After contacting my virus program tech support and AOL support I
really did not get the help I was hoping to find.
I have a cable connection through my ISP and use AOL as an add on
but they are not my primary ISP.
I eventually ran my recovery disks erasing the hard drive with a
full recovery for my system as I had no where else to turn and had
to rid my pc of this pest. I am using the same anti-virus program
but am about to switch to another as I feel my anti-virus program
should have caught this. I am always current on my updates with both
windows and virus's as I receive automatic updates. However I did
notice about a week prior that some of my updates with my anti-virus
program were not sucessfully updated when I checked the logs. The
pattern files all were updated however but showed otheres as not
being updated. What they are I do not know as it does not list
these. I have added SPY BOT and ZONE ALARM.
Here is my problem now. In AOL I have 7 screen names. The first one
I was able to change the password and delete the porn site linked to
my profile. I am not able to change the passwords in the remaining
screen names as I cannot type the new password. Something or someone
is preventing it. Each repeat attempts allow fewer digits to be
typed. AOL community action team support person thinks the problem
is with my pc and that I still may have the trojan or keylogger.
I have scanned my system and find nothing. I believe that someone or
program has taken control of my account at AOL and not on my pc.
How do I tell if there is a trojan or pest program on my pc? I admit
I am a novice and therefore really do not understand which
programs/addresses I should block using Zone Alarm as it blocks both
incoming and outgoing communication.
If the problem is not on my pc then does anyone have any suggestions
as to how I can get back control of my AOL account short of deleting
it and started with a new one.
Any suggestions or ideas about this problem would be greatly
appreciated as I am at my wits end.
Any suggestions on good anti-virus programs would be great.
Thank you in advance!

--- In DoShelp@yahoogroups.com, "Incognito" <mainiacs101@y...> wrote:
> Hi,
> I recieved 3 trojans...the first two my virus program caught but
was
> not able to catch the 3rd. It was called Troj_AOL. My aol account
> was infected. I could not type while in aol. I use a broadband
> connection and aol is an add on but not my primary ISP.
> Here is my problem. I tried working with my virus program...my
> broadband ISP...AOL(spoke to 4 different techs and was referred to
a
> community action committe...none were all that helpful.
> I ended up erasing the hard drive and reloading the application
disks
> (full recovery.)
> Whenever I go into AOL...I have problems. I sucessfully changed a
> password under one of my screen names. In another screen name I
> tried to change the password but I could not type to finish. Every
> time I erased the new screen name and tried to type I was only able
> to type a few letters/numbers. The more I repeated this the less I
> was able to type. For example the first time I could type 6 digits
> then when I went to the next box to re-type the password(must type
> twice) I was only able to type say 5 digits. Erasing and reyping I
> could only type 4 etc. I don't understand why. All of my screen
> names have porn sites links. I explained to AOL techs that my
> account has been hacked. Their answer is to call my virus program
as
> it is not their problem. I am about to close my account out of
> frustration but really hate to as I use one of the screen names for
> alot of things for the past 7 years. I am also about to switch
virus
> prevention program to another.
> No one has been able to help me with this. One person in AOL still
> thinks I have the trojan on my pc but how could that be if I did a
> full erase and recovery? What should I look for on my pc to see if
> this indeed is true.
> I am running my virus program...adding Zone Alarm and SPY BOT in
> addition currently using them all.
> I don't believe my pc is infected currently but rather someone has
> taken control of my AOL account.
> Any suggestions would be greatly helpful as I am at my wits end
over
> this.
> Thank you in advance!


Contact me off the list with regards to this doshelp@..., I'd
like to find out what items are in your registry's "Run" section for
windows.  It sounds to me like something hijacking your web browser's
startup page (which isn't going to go away untill you remove it.


You can find out how to get to the registry key I'm talking about by
visiting the following link:

http://www.doshelp.com/HowToView/Registry_Keys.htm

This will help you to find/export your 'Run' registry key where most
of these programs put themselves.

Hi,
I recieved 3 trojans...the first two my virus program caught but was
not able to catch the 3rd. It was called Troj_AOL. My aol account
was infected. I could not type while in aol. I use a broadband
connection and aol is an add on but not my primary ISP.
Here is my problem. I tried working with my virus program...my
broadband ISP...AOL(spoke to 4 different techs and was referred to a
community action committe...none were all that helpful.
I ended up erasing the hard drive and reloading the application disks
(full recovery.)
Whenever I go into AOL...I have problems. I sucessfully changed a
password under one of my screen names. In another screen name I
tried to change the password but I could not type to finish. Every
time I erased the new screen name and tried to type I was only able
to type a few letters/numbers. The more I repeated this the less I
was able to type. For example the first time I could type 6 digits
then when I went to the next box to re-type the password(must type
twice) I was only able to type say 5 digits. Erasing and reyping I
could only type 4 etc. I don't understand why. All of my screen
names have porn sites links. I explained to AOL techs that my
account has been hacked. Their answer is to call my virus program as
it is not their problem. I am about to close my account out of
frustration but really hate to as I use one of the screen names for
alot of things for the past 7 years. I am also about to switch virus
prevention program to another.
No one has been able to help me with this. One person in AOL still
thinks I have the trojan on my pc but how could that be if I did a
full erase and recovery? What should I look for on my pc to see if
this indeed is true.
I am running my virus program...adding Zone Alarm and SPY BOT in
addition currently using them all.
I don't believe my pc is infected currently but rather someone has
taken control of my AOL account.
Any suggestions would be greatly helpful as I am at my wits end over
this.
Thank you in advance!

Your answer would be on Microsoft's Exchange 2003 security page:
http://www.microsoft.com/exchange/techinfo/security
Since I have not seen/setup 2003 yet, I'd suggest following their
guidelines.  It sounds to me like you need to authenticate users/or at least
reverse-dns lookup to verify them.


-----Original Message-----
From: zzz9939 [mailto:zzz9939@...]
Sent: Thursday, February 26, 2004 11:30 AM
To: DoShelp@yahoogroups.com
Subject: [DoShelp] SPAM Relay Problem


I have a server running Small Business Server 2003 and I have noticed
a lot of outgoing spam leaving our server.  When I look at the
Exchange Server logs I notice that an incoming e-mail is received by
our server that is addressed to ######.$$$$.com.  Where ##### is not
a valid e-mail user on our system but "$$$$.com is actually our real
domain name (I am hiding our actual domain name with $$$$ to protect
our privacy).  Soon after the e-mail is received, an outgoing e-mail
is sent to an address that has some of the characters from the "From"
field of the prior incoming e-mail.  I have run a virus check and
could not find a problem.  I have also have checked that all of the
relay options are disabled on this server?
Any help is appreciated.





Yahoo! Groups Links





---
Outgoing mail is certified Virus Free with AVG Anti-virus scanner.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.595 / Virus Database: 378 - Release Date: 2/25/2004

I have a server running Small Business Server 2003 and I have noticed
a lot of outgoing spam leaving our server.  When I look at the
Exchange Server logs I notice that an incoming e-mail is received by
our server that is addressed to ######.$$$$.com.  Where ##### is not
a valid e-mail user on our system but "$$$$.com is actually our real
domain name (I am hiding our actual domain name with $$$$ to protect
our privacy).  Soon after the e-mail is received, an outgoing e-mail
is sent to an address that has some of the characters from the "From"
field of the prior incoming e-mail.  I have run a virus check and
could not find a problem.  I have also have checked that all of the
relay options are disabled on this server?
Any help is appreciated.

--- In DoShelp@yahoogroups.com, "echolsg2004" <echolsg2004@y...>
wrote:
> I was told by my ISP cox.net that I have the deadhat trojan.  Can
> anyone render any assistance.  My ISP wants me to reformat my hard
> drive.

You can find information and a removal tool at:

http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadh
at.html

Hello,

Welcome to DoShelp's discussion group, this is an open forum to
discuss privacy/security issues and related material.  Please do not
post off-topic messages.  If you wish to send me a private message I
can be reached at: doshelp@... to assist you.





Sincerely,

              Troy Billington
               DoShelp.com Admin

Enter your vote today!  A new poll has been created for the
DoShelp group:

Should your ISP be responsible for
filtering SPAM/Viruses from e-mail, or
do you believe this to be an invasion
of privacy?

   o Yes these things I shouldn't have to deal with
   o No, The ISP shouldn't be responsible
   o No, I don't want my ISP deciding what is/is not spam


To vote, please visit the following web page:

http://groups.yahoo.com/group/DoShelp/surveys?id=461813

Note: Please do not reply to this message. Poll votes are
not collected via email. To vote, you must go to the Yahoo! Groups
web site listed above.

Thanks!

Greetings,


Now more than ever there is a sharp increase in the number and
variety of online scams.  Due to the diverse medium the internet
presents to us, these scams are using all of them to their advantage.


It is for this reason I have added a section on DoShelp.com which
deals specifically with Fraud/Scams.  You can view them all by
opening your web browser to:

             http://www.doshelp.com/Scams-fraud/default.htm


If you receive what is belived to be a scam I do Not have, please
contribute it and If it is in fact a scam it will be  published in
the appropriate category.

I was told by my ISP cox.net that I have the deadhat trojan.  Can
anyone render any assistance.  My ISP wants me to reformat my hard
drive.