Solved

a very strange virus or a spy thing please help

Posted on 2004-10-16
14
264 Views
Last Modified: 2013-11-16
when I started my internet and was checking my outlook mailbox messages, a pop up window came up sayin " Message frm MESSENGER SERVICE .INFO to .........( my IP address) and it says dont close this page until you note down the below address which is www.endmemessenger.com,
I close it but immediately another window comes up, it has no end and has a signal sound bip bip bip bip all the time, it never disappears,
i cant shut it down, what am i going to do,
please help me thanks ebru
0
Comment
Question by:ebruokeefe
  • 3
  • 3
  • 2
  • +5
14 Comments
 
LVL 32

Expert Comment

by:Luc Franken
Comment Utility
Hi ebruokeefe,

This is a message used by spammers trying to sell you some software that'll just do one thing:
Disable the Messenger Service

You don't need it, so you can do this yourself:
Start => Run => type "services.msc"
Find the Messenger service
Right-click it and choose stop
Then right-click it again, choose properties and set it to disabled.

One thing I have to mention, every firewall will disable these messenges, so it appears you're on the internet without any firewall, get yourself one as soon as possible. For example the free one from Zonelabs:
http://www.zonelabs.com

Greetings,

LucF
0
 
LVL 11

Expert Comment

by:huntersvcs
Comment Utility
Another tip:  DON'T CLICK ON ANYTHING ON THIS WINDOW!  Programmers can change the commands (for example the X in the upper right corner) to do anything they want!

Use only "ALT F4" to close these windows!  This is the only way to shut it down without inviting another popup to appear.

And LucF is right:  disable the messenger service!

And remember, delete COOKIES and TEMPORARY INTERNET FILES on a regular basis.  This will hinder others from knowing when you go ONLINE.
0
 

Expert Comment

by:KlickSuperfly
Comment Utility
You also might want to scan for spyware while you're at it.  To do this, download and run one of the following utilities:
SpyBot S&D  http://www.safer-networking.org/en/index.html (this is the one I use)
Lavasoft Ad-Aware  http://www.lavasoftusa.com/support/download/

LucF makes a very good point when (s)he recomends using a firewall of some sort.  My personal preference is to use a router if you are connected to the internet via high-speed (cable, DSL, etc) because routers are always on and can't be disabled by nasty little programs that can be downloaded.
0
 
LVL 5

Expert Comment

by:Hypoviax
Comment Utility
The major concern is getting a firewall. This message will not be able to get to your computer if you have a good firewall. Like mentioned before zonealarm is a good choice.

Regards,

Hypoviax
0
 
LVL 2

Expert Comment

by:dramatix01
Comment Utility
If you are running Windows XP then you should install service pack 2.  It will enable the Windows Firewall by default which will definately deter the novice from gaining access to your system.

In addition to running the above mentioned Spyware detectors you may also consider running a full system virus scan.  I use Norton Antivirus, but you can go to www.trendmicro.com and run a full system scan for free online.
0
 
LVL 3

Expert Comment

by:happythedog
Comment Utility
what you have is the windows messenger open , theirs two ways to fix this
A) go into start settings controlpanel admin tools services look for messenger ,right click  hit properties click the arrow net to startup type click disabled in the drop down menu , then click stop , if says it has to stop other things say yes , although it should not do this , close out the properties and services and restart
B) go to http://www.grc.com/stm/shootthemessenger.htm   , download this and run the application it does the above for you
_____________________________________________________________________________________________________________________________________________
0
 

Expert Comment

by:c_stimmel
Comment Utility
LucF is right, disable the messenger service.

Also, get a GOOD spyware program.  That means one with frequent trace updates to grab and quarantine the latest crap.

 Webroot software has an excellent spyware solution that is frequently updated and affordable.

I use it daily and it can be configured through the use of agents to watch for downloaded software in realtime.

http://www.webroot.com/products/spysweeper/

-CS

I am not affiliated with webroot.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 3

Expert Comment

by:happythedog
Comment Utility
a firewal doesntstop the message , it blocks it creating extra traffic on the link , your best just shuting it off
0
 
LVL 32

Accepted Solution

by:
Luc Franken earned 25 total points
Comment Utility
happythedog,
I'm sorry to say, but you're wrong.

From the original question:
"a pop up window came up sayin " Message frm MESSENGER SERVICE"
The messenger service isn't spyware/adware or whatever, it's a perfectly legal service needed in a lot of business networks, for a home computer it's unneeded though.

http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html#netsend
--------------------------------------------------------------------------------------------
The NET SEND messages are making it past the usual NetBIOS filters (ports 137-139, port 445) because in Windows 2000 and XP, the Messenger Service now works using RPC. A lookup is done on port 135 (epmap, DCE [RPC] endpoint resolution). That tells what high-numbered port the Messenger Service is listening on. The best way to stop this is to permanently disable the Messenger Service. You may also want to block port 135. I have also included information about Microsoft Distributed COM (DCOM), which uses port 135.

You may also want to block port 1026, based on Windows Messenger Popup Spam on UDP Port 1026.
--------------------------------------------------------------------------------------------

LucF
0
 
LVL 5

Expert Comment

by:Hypoviax
Comment Utility
LucF is right, a firewall is perfectly capable of stopping the messenger service if required

Regards,

Hypoviax
0
 
LVL 3

Expert Comment

by:happythedog
Comment Utility
Hypoviax lets go over this one more time
what is the purpose of a firewall , it is to keeep unwated traffic out of a network?
the firewall WILL BLOCK the service but traffic will still be generated '
and by DISABLING the service  it shuts down the hole
why cover the hole when you can fill it in
0
 
LVL 5

Expert Comment

by:Hypoviax
Comment Utility
True,

A Firewall will block WAN to LAn but can allow for LAN to LAN which may still may be useful to the user and thus i think unless the user will never use the service a firewall is more appropriate. However, if they will not use the service then i agree with you, disable the service

Regards,

Hypoviax
0
 
LVL 1

Assisted Solution

by:CharlyPhilly
CharlyPhilly earned 25 total points
Comment Utility
You don't need to disable Messenger Service if you have installed a firewall that will stop remote users from sending you Messenger popup ads. But, if you don't need it, then disable it. If you don't have a firewall installed and don't plan to install one, you can disable the Microsoft Messenger Service, BUT, this may leave you exposed to other security issues, so disabling Messenger is not recommended. Some software applications, anti-virus, UPS system, SQL job Scheduler, and others use Messenger alerts to notify you of a critical system events. Use a firewall or a router with firewall capabilities to block the Messenger Pop-ups and leave Messenger service enabled if you are using such products. I use Symantec Client Security Firewall which blocks this problem.

Another good thing is to download the IESPYAD registry file which adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. This will prevent the web sites for these companies to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf and they won't be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC. Check back frequently to get updates.... https://netfiles.uiuc.edu/ehowes/www/res/ie-spyad.zip .....There are two registry files...one for ads and the other is for adult sites. hope this helps a little.
0
 
LVL 11

Expert Comment

by:huntersvcs
Comment Utility
You need to either award points to somebody (accept answer) or request this be closed and ask for a refund of points.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now