Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Brynn

Pages: 1 2 [3] 4 5
Internet / toobars
« on: July 27, 2006, 11:21:15 PM »
Hi Friends,
I've come across a couple of toolbars lately, which I think I would find quite useful.  However, back when the spyware type of malware was first proliferating, all security warnings were to avoid these 3rd party toolbars, as many were known to install malware.  I'm wondering if it's still the same advice now-days?  The 2 I'm interested in, ImageShack and Merriam-Webster Dictionary, appear to be safe, to me, but I don't know how one is to confirm it.

So my questions:
Should ALL 3rd party toolbars be avoided, still?
Can some be trusted?  How can one determine the safety of a toolbar, before installing it?

Thanks for any comments :)

Analysis and Malware Removal / possible browser hijack G-Connect
« on: July 21, 2006, 03:04:44 AM »
Hi Folks,
I'm not sure what to make of this, but hopefully some of you tech-types can shed some light.

Something less than a week ago, when I logged on to the internet it looked like my browser had been hijacked.  I immediately killed my connection (dialup) and ran all my security scans.  Nothing!  Log back on, everything is fine.  Working and surfing for hours -- something like 6 hours later, looks like the same hijack.

In the titlebar, it says G-Connect, and in the address field, it's really, really long -- 1st an IP address, then a bunch of characters, then "", then more characters, then my email address (EarthLink account), then a bunch more characters, which at this point are almost all "-"s.  The browser window contains nothing, completely blank.  No matter what address I try to browse to, no matter how many refreshes, this is all I see -- the same G-Connect in the titlebar, the same address in the address field, and the same blank bowser window.  I log off, run all my scans again, all clean.  Log back on, everything's fine.  Everything fine for a couple of days.  But then again, when I log on to the internet, G-Connect in titlebar again, same address, same blank window.  I go through the same routine, log off, scan, all scans clean, log back on, everything works fine. Everything was fine for a few hours, then it happened AGAIN.

Because of the "", and my email address (EarthLink account) in the address field, and because all my scans came up clean, and because the problem is random, it doesn't happen all the time, I wondered if it was more of a problem with my connection.  So I contacted EarthLink tech support, explained the problem, answered their questions, and performed all the troubleshooting steps they recommended.  Well, because of the language barrier with EL tech support....ok not exactly a language barrier, but in my experience most EL (Dell too) techs can barely speak English.  For those who just want to be walked through the troubleshooting and resolution, step by step, this doesn't seem to affect the quality of support.  But for those who want or need to understand the problem and/or solution, or otherwise want to learn from the experience, it's nearly impossible.  I typically have to make 4 or 5 calls before I feel confident that the problem was correctly identified, that the solution was appropriate, and have at least a general understanding of what went wrong and how it was fixed.

I guess I'll save the details of the fiasco that became several hours long, for their "How did we do?" survey.  But briefly, the 2nd one told me if his solution didn't work, I'd have to reinstall OS.  The 3rd said I'd have to reinstall IE.  The 4th said my TCP/IP protocols were corrupted.  And the 5th told me I had to contact my computer manufacturer for help reinstalling the TCP/IP protocol.  Interestingly, on my 2nd call to Dell tech support (finally someone with a lighter accent, who did not mind answering my questions) I learned that the steps which the EL techs had walked me through actually are the steps to reinstall the TCP/IP protocols.  So basically, EL just wanted to get rid of me!  ....oops, sorry -- guess I really need to  :soapboax:  about the language thing.

Anyway, Dell took me through a longer version of reinstalling those protocols, more or less "manually" (starting with deleting something out of the registry).  She was very nice and very helpful, and very patient with me!  She said if this did not solve the problem, we would have to try System Restore, and if that didn't fix it, we'd have to reinstall OS (which I call "playing the OS card" -- if you can't fix it, just give up...another  :soapboax: of mine).  But the problem was not solved.  And because 7 different techicians all thought this G-Connect problem was corrupted TCP/IP protocols, and because of my many clean scans, I wasn't too worried about a possible security issue.  And since it's occurring randomly, the last couple of days, and since I don't think System Restore should be taken as lightly as it seems to be, I've done nothing.  I mean, if System Restore turns out to be my best option, I'll be grateful for it.  I'm just not sure the problem has even been identified correctly yet!  When I get G-Connect, I just log off, wait a few minutes, and log back on.  And basically I've been hoping it will just go away ( :oops:  .....well, at least we know I'm human!  Yes?!)

So, just now, it occurred to me that I didn't necessarily need to rely entirely on tech support.  I decided to Google on "G-Connect".  Lo and behold, there is actually an ISP by that name (!  Although I did not follow any of the many links from Google (goodness knows what they might do if actually visit their site!), there are enough search results that I do believe it's a legitimate....allbeit unscrupulous...ISP.

Sorry for that long explanation, but here are my questions:
Is this truly a browser hijack?  Why aren't my scans picking it up?  Why aren't my blockers blocking it?  How can I get rid of it?

I only just now Googled, and in a mild panic, dashed here to post!  But while waiting for a reply, I will update all my definitions, run all my scans AGAIN! and I've even thought of searching some larger and busier security forums, to see if it's been discussed, but not picked up by Google yet.  So as I learn more (if I learn more), I will post (to this thread) with my progress.

Thanks, as always, for any and all help and support on this problem  :flowers:

Internet / RE the IE Security Zones (also called Web Content Zones)
« on: July 17, 2006, 11:44:27 PM »
Hi Friends,
These are probably simple questions to most of you.  But I've never been clear about it.

A little background:
I have my IE security zones (also called web content zones) set to "maximum paranoia" (also called "locked down" by some).  In other words, I have everything set either to Disable or Prompt in the Internet Zone.  Then whenever I come across a website which I need to see displayed properly, and/or I expect to visit again in the future, AND I trust it, I put it in my Trusted Zone.  I had such a serious problem a couple of years ago that I had to reinstall my OS, and since have been really paranoid.  Even in my Trusted Zone, almost everything is set to Disable or Prompt!

So from the experience of finding websites which don't display properly in the Internet Zone, and entering websites into the Trusted Zone, I have learned, well, a few things, I guess.  Most importantly to this topic, is that it appears to me that every website on the internet uses JavaScript.  I realize this may not be entirely true, but I would hard-pressed to name a website which doesn't use it.

More background:
I Custom configured my Zones following Eric Howes' instructions, and I think it's mitch's Phantom Phixer website also covers this topic.  (My apologies if it's not mitch -- it is a LzD member, but I'm pretty sure it's mitch.)  But even with such great resources, there was still a lot that I did not truly understand.  So there was a good measure of trial and error, as well, involved in configuring my Zones, but guided by those professionals' resources as best I could.

Now 2+ years later, I've run out of patience trying to determine the trustworthiness of almost every single website I come across, then entering them into the Trusted Zone, if I find them trustworthy.  In almost every case, it's the JavaScripted part of a website that doesn't work, which necessitates its entry into the Trusted Zone.  So I really, really, really (really!) would like to allow the JavaScript in the Internet Zone.

Here are my questions:
 1 -- What type of security risk is represented by JavaScript?  What's the worst that could happen by enabling it in the Internet Zone?
 2 -- If I find this to be an acceptable, or otherwise avoidable risk, which Zone setting(s) should I change?  I do have it narrowed down to either "Binary and script behavior" near the top of the list of settings, and/or "Java VM/Java permissions", a little ways below, and/or "Allow scripting of IE Webbrowser control" around the middle of the list, and/or the 3 settings under the heading "Scripting" at the bottom of the list.  I'm just not sure specifically which ones affect JavaScript.

And as always, thanks for your seemingly endless supply of patience, help, and support.

Hi folks,
I know this is a strange question.....sometimes I think too much!

Recently when I checked my spam folder for legitimate mail, before deleting the spam, I noticed one of the kind of spam that's really junk mail, but it has the name of someone from your address book in the From field.  So it looks like it comes from someone you know, but it's really spam.  I was pretty sure by the subject line that it was spam, so I never opened it, and instead double-checked with that person.  Turns out, it definitely was spam, and it got me thinking about how the spammer could have gotten the name from my address book.

All my recent scans have come up clean.  I have not had even a tracking cookie for many months.  So I'm not really too worried that I might have some spyware.  But how does the spammer get the name from your address book?

Hi Friends,
I've never been able to use the conventional mouse.  I mean, if someone set out to design the worst possible ergonomic mouse, for me, it would be the conventional one, which I assume most people use.  A few years ago...maybe something like 5 years, I found out there were different kinds of mice, and was thrilled to find a touchpad mouse (not the drawing pad, but like laptops have).  And the store had a large selection.  Not sure if was right for me, I bought the lowest end of all the available ones.  And it turns out that there could be no more perfect mouse for me, than a touchpad mouse.  So now, it's wearing out, and I'm thinking -- Great, now I can get one of those with all the bells and whistles!

3 computer stores later, and someone finally tells me there are no longer lots of different kinds of mice -- just a couple -- the conventional kind and the trackball kind.  Boo-hoo-hoo!!  :cry:

So I had to settle on the trackball kind.  I'm not sure if it will work, but I've got 30 days to try it!  What I want to do, is have both my wearing out touchpad, and the trackball, both connected at the same time, so I can compare them.  Plus, where I have my computer, it's hard to access the ports in the back.  So changing them back and forth would really be a pain.

My question:
Is it possible to have 2 mice connected and available for use?  And if possible, is it ok, or is it inadvisable?

As far as I can tell, I have a spare port.  I'm just not sure if using the new mouse, without disconnecting the old one, would 1 - work, and 2 - cause any problems.

Thanks for your comments :)

Hi Friends,
This is hopefully a simple Q.
In my HT log today, I see one of the 04's is duplicated, almost identically.

O4 - HKCU\..\Run: [Restore Desktop] "C:\Program Files\Restore Desktop\Restore Desktop.exe"


O4 - HKCU\..\Run: [RestoreDesktop] C:\Program Files\Restore Desktop\RestoreDesktop.exe

I was fiddling with that program the other day, and so it looks like I somehow accidentally got a 2nd instance of it to run at startup.  (That's what the 04 entries do right -- run at startup?)

But I see the entries are slightly different -- the first one has quotation marks, and a space between Restore and Desktop.

My questions:
What is the significance of those subtle differences?
Should I delete one of them?
If so, which one?

Oh, I did search my system, and there are NOT 2 of this program.  I'm not quite sure why 2 of it run at startup, when it's just one program.  But it's certainly not the first time I've not understood my computer, lol!

I realize this isn't much of a problem -- certainly not a serious one, anyway.  But if someone has a moment to spare, after all the serious problem threads are handled, I would appreciate it.

Thanks very much  :breakkie:

Hi Friends,
It was hard for me to come up with a title for this problem, and I'm not sure it accurately describes it.  So please feel free to tweak it, if necessary  :lol:

I use Spybot S&D with Tea Timer enabled.  I have one particular program which triggers alerts from S&D, and I'm pretty sure Tea Timer in particular (with options to Allow or Deny certain changes), as a normal part of this program's process.  Soon after I installed it, I got tired of all the alerts.  I wasn't really ready to use the program, at the time, so I thought the safest thing would be to choose "always take this action" and then click Deny.  I don't really know why, but it just seemed less complicated, since I wasn't ready to use the program yet.

But now, I'm ready to use the program, and I need to reverse the 'always Deny'.  But a thorough look through everything I actually understand about S&D has not turned up a means to change it.  Can someone tell me how to change that so I can get the alerts once again.  Eventually, I will probably change it to always Allow, but for now, I want the alerts.

As always, thanks for your help.

Hello :)
Someone recently referred me to a website, but when I visited the site, I saw that it is a Restricted Site (or a site in the Restricted Zone).  Prominently displayed on the homepage, it says "No Adware - No Spyware".  And I know that this could be a ploy to actually install adware or spyware.  But the referral came from a trusted friend, so I'm wondering if maybe the site has recently "cleaned up its act".

But my question is not to evaluate the site itself; I can handle that responsibility.  It's when I look in the list of sites in my Restricted Zone, it's not there.  It seems to me I've read somewhere, that sites added to the Restricted Zone by updates of various programs (Spybot S&D, IE-SpyAd, maybe Ad-Aware???, maybe Ewido???, maybe SpywareBlaster???, in my case) don't always show up in the list, but that doesn't mean it's not Restricted.  So that's fine, but what if I do all my homework and feel confident the site is safe?

1st Q -- How would I put it back into the Internet Zone....well, yes I know, remove it from the list of Restricted Sites.  But if it's not showing on the list, how would I remove it?  Enter it manually, and then remove it?
2nd Q -- Would it be safer to wait for security updates to remove it?  (which would indicate the site meets the safety requirements of one or more security programs)

Thanks for your help

Security Software Programs / SpywareGuard in HT scan
« on: April 20, 2006, 12:49:25 PM »
Hi Friends,
I don't think this is a problem, but need to be sure.
I installed SpywareGuard not too long ago, but soon after that, I read that one should only have one real-time spyware protection enabled.  I already had Tea Timer enabled, so I then disabled my new SpywareGuard.

Now I just ran a HijackThis scan, and the log shows SpywareGuard as a running process:
C:\Program Files\Javacool\SpywareGuard\sgmain.exe

It also shows it is set to run on startup:
O4 - Startup: SpywareGuard.lnk = C:\Program Files\Javacool\SpywareGuard\sgmain.exe

I opened SG to confirm everything is disabled, and it appears to be completely disabled.  So I don't understand why HT shows it is currently running and running at startup???

Can someone explain this to me?  Do these HT entries mean that some parts of SG are enabled, even though all the settings appear to be disabled?  If so, could I be at risk by having 2 real-time spyware programs running?  Should I go ahead and delete SG to avoid conflict?  Or have I just overlooked some settings in SG?   :uhm:

Thanks very much.

Computer Problems, Questions and Solutions! / can you recommend?
« on: April 18, 2006, 11:24:56 AM »
Hi Friends,
For whatever reasons, I'm teaching myself how to use computers, and how to create and manage webpages and websites (rather than take formal lessons or classes).  Currently, I'm diving into the world of graphics.  From what I can tell at this point, I may never find my way out......which is not such a bad thought, actually!  Anyway, I've been seriously teaching myself for 3 or 4 years, all by myself, and at this point, I have the basics down -- can make simple webpages and get them on the internet.

But lately, it seems I have reached a plateau of sorts....  I guess I can't really say why, but it's getting harder and harder to find answers to my questions.  I hope it's simply a case of having exhausted my usual sources, and simply needing to find new ones.  As far as web design and management, I'm good.  I've found w3schools and echoecho, and they're quite adequate for me.  But it's the more generalized computer and internet questions for which I'm having a hard time finding answers.  And while I appreciate this particular message board, I get the feeling it's not designed to handle my needs in this way.

For example, this is the question which is currently nagging me to death, but I don't know where to turn, to find the answer.  What is "silent installation" or what does it mean to "silently install" software?  I've looked at webopedia and wikipedia, with no luck.  Webopedia just doesn't have it, and if wikipedia has it, I can't find it!  So more than an answer to that question, here, I'm asking if folks can refer me to a website which can answer questions like this, for the perpetual beginner, like me.  It could be databases like webo-and wiki-pedia, or it could be forums -- anything, at this point, would be helpful.

Unless I have misunderstood the purpose of this board, and the Internet board.  Perhaps, between those 2, LzD endeavors to answer beginner-type questions and problems.  But I just get the impression those boards are intended for slightly more sophisticated questions.  Right?  Any tips will be appreciated!

PS -- I have thoroughly perused mitch's good stuff (phantom phixer)....but that is exactly the type of info I need, just more of it -- much, much more! 

Suggestions and Site Feedback / Promote your website?
« on: April 01, 2006, 09:31:14 PM »
Not that I have a website to promote, lol!  But I always find it interesting what other members are up to, outside of LzD.  Plus it could encourage networking, which might in turn, extend promotion of Landzdown, possibly reaching more potential new members.

I'm thinking this would be a forum under the Misc. section.  Having a forum would allow for discussion, where posting one's website in a profile doesn't.  Just an idea 

LandzDown Lounge / strange problem w/ animated images in LzD forums
« on: March 24, 2006, 02:46:30 PM »
Hi Everyone,
This is so least it seems so to me.  And no doubt, it's something about my system that's causing it.  I just don't know where to look, to fix, or even just diagnose.

With all the recent interest in using different smileys, in the LzD forums, I notice that some smileys which are supposed to be animated, are not.  The weird thing is that others are animated.  So it seems the smilelys/emoticons offered by the LzD editor, are all animated, as they always have been for me.  But animated smileys/emoticons which members post from their own sources, are not animated, not all of them anyway.

For example, let's use this thread:
None of winchester73's or Corrine's are animated, yet all of ripley's are.  The image in GR@PH's signature is animated, as is the  :breakkie: he closes with.

I normally keep my browser (IE) "locked down", so I routinely have to configure individual sites for animation.  And I do have LzD configured for animation -- as obviously some graphics are animated.  I just can't figure out why some are not animated 

Can anyone give me a hint about this -- where to look to fix??
Thanks for your help   

PS -- I empty Temporary Internet Files frequently...every other day.

Phishing, Spam and Hoaxes /'s antispam effort
« on: March 22, 2006, 05:14:00 PM »
Hi Friends,
I just came across this webpage, and wonder what your opinions might be?  Is it really very effective, in the "big picture"?

I'm not really very knowledgable about spam/antispam, beyond knowing how to use a good spam-blocker.  But it seems to me the type of spam targetted by this...concept (software? program?) is only one type of spam.  And that it probably only puts a dent in the overall problem of spam.  But, as I implied, what do I know?!!  If it could be a powerful tool, I might want to promote it (in my own humble way, do my part).  What do you all think  :?:

LandzDown Lounge / OOoo, new smileys!
« on: March 06, 2006, 04:30:35 AM »
Love them smileys (emoticons)!   :gwave:
Hey, can members suggest new ones?
Or does bandwidth come at too high a premium at LzD?
Well, I guess I should say that bandwidth is my understanding as being the limiting factors for use of smileys/emoticons at other forums.  I don't know what it translates to, as far as $$, but I sure think they enrich the forum/community experience!

Hi Folks,
I first posted this question in the General Software forum, under the title Google Earth.  But now I realize that really isn't the best place (or title) for my question.  So mods, would you please delete that post, at your convenience?  Thanks :)

I've downloaded and installed the Google Earth free version, but cannot open it.  During the diagnostic process in their Support Community, I was asked to post Warning, Errors, and Failure Audits from my Event Viewer, which might have occured around the time of installation.  The following event occured in my Security Events log approx 10 times over a week's time.  (I've reinstalled GE multiples times, troubleshooting.)
Event Type:   Failure Audit
Event Source:   Security
Event Category:   Policy Change
Event ID:   615
Date:      3/1/2006
Time:      11:06:05 PM
Computer:   MY-MACHINE
IPSec Services:    IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem.

For more information, see Help and Support Center at
I suspect their comments come more from a "sour grapes" perspective, because they have not been able to solve my problem, rather than from any technical knowledge they may have.  So I don't really think it's a serious problem.  But since they told me these Events are an indication that my computer is about to crash, I thought I should run it by all the wise folks, here in my trusted LzD Forums.  They literally have told me to start backing up my data and programs, and prepare for a long arduous reinstallation of XP!!

I think it's a bunch of BS!  What do you all think?  Do I really have anything to worry about?

PS -- I have tried to learn about the IPSec Services, but don't really understand what I've read.  Don't know if it matters, but I do not use a network.  Oh, and also, if this is a realistic threat, I have been unable to locate a IPSec monitor snap-in.  Can someone point me in the right direction?

As always, many thanks for your time and attention to this question   :D

Pages: 1 2 [3] 4 5