Solved

a very strange virus or a spy thing please help

Posted on 2004-10-16
14
266 Views
Last Modified: 2013-11-16
when I started my internet and was checking my outlook mailbox messages, a pop up window came up sayin " Message frm MESSENGER SERVICE .INFO to .........( my IP address) and it says dont close this page until you note down the below address which is www.endmemessenger.com,
I close it but immediately another window comes up, it has no end and has a signal sound bip bip bip bip all the time, it never disappears,
i cant shut it down, what am i going to do,
please help me thanks ebru
0
Comment
Question by:ebruokeefe
  • 3
  • 3
  • 2
  • +5
14 Comments
 
LVL 32

Expert Comment

by:Luc Franken
ID: 12326472
Hi ebruokeefe,

This is a message used by spammers trying to sell you some software that'll just do one thing:
Disable the Messenger Service

You don't need it, so you can do this yourself:
Start => Run => type "services.msc"
Find the Messenger service
Right-click it and choose stop
Then right-click it again, choose properties and set it to disabled.

One thing I have to mention, every firewall will disable these messenges, so it appears you're on the internet without any firewall, get yourself one as soon as possible. For example the free one from Zonelabs:
http://www.zonelabs.com

Greetings,

LucF
0
 
LVL 11

Expert Comment

by:huntersvcs
ID: 12328758
Another tip:  DON'T CLICK ON ANYTHING ON THIS WINDOW!  Programmers can change the commands (for example the X in the upper right corner) to do anything they want!

Use only "ALT F4" to close these windows!  This is the only way to shut it down without inviting another popup to appear.

And LucF is right:  disable the messenger service!

And remember, delete COOKIES and TEMPORARY INTERNET FILES on a regular basis.  This will hinder others from knowing when you go ONLINE.
0
 

Expert Comment

by:KlickSuperfly
ID: 12328883
You also might want to scan for spyware while you're at it.  To do this, download and run one of the following utilities:
SpyBot S&D  http://www.safer-networking.org/en/index.html (this is the one I use)
Lavasoft Ad-Aware  http://www.lavasoftusa.com/support/download/

LucF makes a very good point when (s)he recomends using a firewall of some sort.  My personal preference is to use a router if you are connected to the internet via high-speed (cable, DSL, etc) because routers are always on and can't be disabled by nasty little programs that can be downloaded.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 5

Expert Comment

by:Hypoviax
ID: 12331054
The major concern is getting a firewall. This message will not be able to get to your computer if you have a good firewall. Like mentioned before zonealarm is a good choice.

Regards,

Hypoviax
0
 
LVL 2

Expert Comment

by:dramatix01
ID: 12331319
If you are running Windows XP then you should install service pack 2.  It will enable the Windows Firewall by default which will definately deter the novice from gaining access to your system.

In addition to running the above mentioned Spyware detectors you may also consider running a full system virus scan.  I use Norton Antivirus, but you can go to www.trendmicro.com and run a full system scan for free online.
0
 
LVL 3

Expert Comment

by:happythedog
ID: 12342443
what you have is the windows messenger open , theirs two ways to fix this
A) go into start settings controlpanel admin tools services look for messenger ,right click  hit properties click the arrow net to startup type click disabled in the drop down menu , then click stop , if says it has to stop other things say yes , although it should not do this , close out the properties and services and restart
B) go to http://www.grc.com/stm/shootthemessenger.htm   , download this and run the application it does the above for you
_____________________________________________________________________________________________________________________________________________
0
 

Expert Comment

by:c_stimmel
ID: 12358937
LucF is right, disable the messenger service.

Also, get a GOOD spyware program.  That means one with frequent trace updates to grab and quarantine the latest crap.

 Webroot software has an excellent spyware solution that is frequently updated and affordable.

I use it daily and it can be configured through the use of agents to watch for downloaded software in realtime.

http://www.webroot.com/products/spysweeper/

-CS

I am not affiliated with webroot.
0
 
LVL 3

Expert Comment

by:happythedog
ID: 12366437
a firewal doesntstop the message , it blocks it creating extra traffic on the link , your best just shuting it off
0
 
LVL 32

Accepted Solution

by:
Luc Franken earned 25 total points
ID: 12371800
happythedog,
I'm sorry to say, but you're wrong.

From the original question:
"a pop up window came up sayin " Message frm MESSENGER SERVICE"
The messenger service isn't spyware/adware or whatever, it's a perfectly legal service needed in a lot of business networks, for a home computer it's unneeded though.

http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html#netsend
--------------------------------------------------------------------------------------------
The NET SEND messages are making it past the usual NetBIOS filters (ports 137-139, port 445) because in Windows 2000 and XP, the Messenger Service now works using RPC. A lookup is done on port 135 (epmap, DCE [RPC] endpoint resolution). That tells what high-numbered port the Messenger Service is listening on. The best way to stop this is to permanently disable the Messenger Service. You may also want to block port 135. I have also included information about Microsoft Distributed COM (DCOM), which uses port 135.

You may also want to block port 1026, based on Windows Messenger Popup Spam on UDP Port 1026.
--------------------------------------------------------------------------------------------

LucF
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12375349
LucF is right, a firewall is perfectly capable of stopping the messenger service if required

Regards,

Hypoviax
0
 
LVL 3

Expert Comment

by:happythedog
ID: 12378102
Hypoviax lets go over this one more time
what is the purpose of a firewall , it is to keeep unwated traffic out of a network?
the firewall WILL BLOCK the service but traffic will still be generated '
and by DISABLING the service  it shuts down the hole
why cover the hole when you can fill it in
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12378260
True,

A Firewall will block WAN to LAn but can allow for LAN to LAN which may still may be useful to the user and thus i think unless the user will never use the service a firewall is more appropriate. However, if they will not use the service then i agree with you, disable the service

Regards,

Hypoviax
0
 
LVL 1

Assisted Solution

by:CharlyPhilly
CharlyPhilly earned 25 total points
ID: 12398848
You don't need to disable Messenger Service if you have installed a firewall that will stop remote users from sending you Messenger popup ads. But, if you don't need it, then disable it. If you don't have a firewall installed and don't plan to install one, you can disable the Microsoft Messenger Service, BUT, this may leave you exposed to other security issues, so disabling Messenger is not recommended. Some software applications, anti-virus, UPS system, SQL job Scheduler, and others use Messenger alerts to notify you of a critical system events. Use a firewall or a router with firewall capabilities to block the Messenger Pop-ups and leave Messenger service enabled if you are using such products. I use Symantec Client Security Firewall which blocks this problem.

Another good thing is to download the IESPYAD registry file which adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. This will prevent the web sites for these companies to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf and they won't be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC. Check back frequently to get updates.... https://netfiles.uiuc.edu/ehowes/www/res/ie-spyad.zip .....There are two registry files...one for ads and the other is for adult sites. hope this helps a little.
0
 
LVL 11

Expert Comment

by:huntersvcs
ID: 14968831
You need to either award points to somebody (accept answer) or request this be closed and ask for a refund of points.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Beyond Tools A conversation I recently had with the DevOps manager of a major online retailer really made me think about DevOps monitoring tools (https://www.onpage.com/devops-incident-management-tool/). The manager and I discussed how sever…
As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question