Solved

a very strange virus or a spy thing please help

Posted on 2004-10-16
14
265 Views
Last Modified: 2013-11-16
when I started my internet and was checking my outlook mailbox messages, a pop up window came up sayin " Message frm MESSENGER SERVICE .INFO to .........( my IP address) and it says dont close this page until you note down the below address which is www.endmemessenger.com,
I close it but immediately another window comes up, it has no end and has a signal sound bip bip bip bip all the time, it never disappears,
i cant shut it down, what am i going to do,
please help me thanks ebru
0
Comment
Question by:ebruokeefe
  • 3
  • 3
  • 2
  • +5
14 Comments
 
LVL 32

Expert Comment

by:Luc Franken
ID: 12326472
Hi ebruokeefe,

This is a message used by spammers trying to sell you some software that'll just do one thing:
Disable the Messenger Service

You don't need it, so you can do this yourself:
Start => Run => type "services.msc"
Find the Messenger service
Right-click it and choose stop
Then right-click it again, choose properties and set it to disabled.

One thing I have to mention, every firewall will disable these messenges, so it appears you're on the internet without any firewall, get yourself one as soon as possible. For example the free one from Zonelabs:
http://www.zonelabs.com

Greetings,

LucF
0
 
LVL 11

Expert Comment

by:huntersvcs
ID: 12328758
Another tip:  DON'T CLICK ON ANYTHING ON THIS WINDOW!  Programmers can change the commands (for example the X in the upper right corner) to do anything they want!

Use only "ALT F4" to close these windows!  This is the only way to shut it down without inviting another popup to appear.

And LucF is right:  disable the messenger service!

And remember, delete COOKIES and TEMPORARY INTERNET FILES on a regular basis.  This will hinder others from knowing when you go ONLINE.
0
 

Expert Comment

by:KlickSuperfly
ID: 12328883
You also might want to scan for spyware while you're at it.  To do this, download and run one of the following utilities:
SpyBot S&D  http://www.safer-networking.org/en/index.html (this is the one I use)
Lavasoft Ad-Aware  http://www.lavasoftusa.com/support/download/

LucF makes a very good point when (s)he recomends using a firewall of some sort.  My personal preference is to use a router if you are connected to the internet via high-speed (cable, DSL, etc) because routers are always on and can't be disabled by nasty little programs that can be downloaded.
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12331054
The major concern is getting a firewall. This message will not be able to get to your computer if you have a good firewall. Like mentioned before zonealarm is a good choice.

Regards,

Hypoviax
0
 
LVL 2

Expert Comment

by:dramatix01
ID: 12331319
If you are running Windows XP then you should install service pack 2.  It will enable the Windows Firewall by default which will definately deter the novice from gaining access to your system.

In addition to running the above mentioned Spyware detectors you may also consider running a full system virus scan.  I use Norton Antivirus, but you can go to www.trendmicro.com and run a full system scan for free online.
0
 
LVL 3

Expert Comment

by:happythedog
ID: 12342443
what you have is the windows messenger open , theirs two ways to fix this
A) go into start settings controlpanel admin tools services look for messenger ,right click  hit properties click the arrow net to startup type click disabled in the drop down menu , then click stop , if says it has to stop other things say yes , although it should not do this , close out the properties and services and restart
B) go to http://www.grc.com/stm/shootthemessenger.htm   , download this and run the application it does the above for you
_____________________________________________________________________________________________________________________________________________
0
 

Expert Comment

by:c_stimmel
ID: 12358937
LucF is right, disable the messenger service.

Also, get a GOOD spyware program.  That means one with frequent trace updates to grab and quarantine the latest crap.

 Webroot software has an excellent spyware solution that is frequently updated and affordable.

I use it daily and it can be configured through the use of agents to watch for downloaded software in realtime.

http://www.webroot.com/products/spysweeper/

-CS

I am not affiliated with webroot.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 3

Expert Comment

by:happythedog
ID: 12366437
a firewal doesntstop the message , it blocks it creating extra traffic on the link , your best just shuting it off
0
 
LVL 32

Accepted Solution

by:
Luc Franken earned 25 total points
ID: 12371800
happythedog,
I'm sorry to say, but you're wrong.

From the original question:
"a pop up window came up sayin " Message frm MESSENGER SERVICE"
The messenger service isn't spyware/adware or whatever, it's a perfectly legal service needed in a lot of business networks, for a home computer it's unneeded though.

http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html#netsend
--------------------------------------------------------------------------------------------
The NET SEND messages are making it past the usual NetBIOS filters (ports 137-139, port 445) because in Windows 2000 and XP, the Messenger Service now works using RPC. A lookup is done on port 135 (epmap, DCE [RPC] endpoint resolution). That tells what high-numbered port the Messenger Service is listening on. The best way to stop this is to permanently disable the Messenger Service. You may also want to block port 135. I have also included information about Microsoft Distributed COM (DCOM), which uses port 135.

You may also want to block port 1026, based on Windows Messenger Popup Spam on UDP Port 1026.
--------------------------------------------------------------------------------------------

LucF
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12375349
LucF is right, a firewall is perfectly capable of stopping the messenger service if required

Regards,

Hypoviax
0
 
LVL 3

Expert Comment

by:happythedog
ID: 12378102
Hypoviax lets go over this one more time
what is the purpose of a firewall , it is to keeep unwated traffic out of a network?
the firewall WILL BLOCK the service but traffic will still be generated '
and by DISABLING the service  it shuts down the hole
why cover the hole when you can fill it in
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12378260
True,

A Firewall will block WAN to LAn but can allow for LAN to LAN which may still may be useful to the user and thus i think unless the user will never use the service a firewall is more appropriate. However, if they will not use the service then i agree with you, disable the service

Regards,

Hypoviax
0
 
LVL 1

Assisted Solution

by:CharlyPhilly
CharlyPhilly earned 25 total points
ID: 12398848
You don't need to disable Messenger Service if you have installed a firewall that will stop remote users from sending you Messenger popup ads. But, if you don't need it, then disable it. If you don't have a firewall installed and don't plan to install one, you can disable the Microsoft Messenger Service, BUT, this may leave you exposed to other security issues, so disabling Messenger is not recommended. Some software applications, anti-virus, UPS system, SQL job Scheduler, and others use Messenger alerts to notify you of a critical system events. Use a firewall or a router with firewall capabilities to block the Messenger Pop-ups and leave Messenger service enabled if you are using such products. I use Symantec Client Security Firewall which blocks this problem.

Another good thing is to download the IESPYAD registry file which adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. This will prevent the web sites for these companies to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf and they won't be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC. Check back frequently to get updates.... https://netfiles.uiuc.edu/ehowes/www/res/ie-spyad.zip .....There are two registry files...one for ads and the other is for adult sites. hope this helps a little.
0
 
LVL 11

Expert Comment

by:huntersvcs
ID: 14968831
You need to either award points to somebody (accept answer) or request this be closed and ask for a refund of points.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now