• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 272
  • Last Modified:

a very strange virus or a spy thing please help

when I started my internet and was checking my outlook mailbox messages, a pop up window came up sayin " Message frm MESSENGER SERVICE .INFO to .........( my IP address) and it says dont close this page until you note down the below address which is www.endmemessenger.com,
I close it but immediately another window comes up, it has no end and has a signal sound bip bip bip bip all the time, it never disappears,
i cant shut it down, what am i going to do,
please help me thanks ebru
0
ebruokeefe
Asked:
ebruokeefe
  • 3
  • 3
  • 2
  • +5
2 Solutions
 
LucFCommented:
Hi ebruokeefe,

This is a message used by spammers trying to sell you some software that'll just do one thing:
Disable the Messenger Service

You don't need it, so you can do this yourself:
Start => Run => type "services.msc"
Find the Messenger service
Right-click it and choose stop
Then right-click it again, choose properties and set it to disabled.

One thing I have to mention, every firewall will disable these messenges, so it appears you're on the internet without any firewall, get yourself one as soon as possible. For example the free one from Zonelabs:
http://www.zonelabs.com

Greetings,

LucF
0
 
huntersvcsCommented:
Another tip:  DON'T CLICK ON ANYTHING ON THIS WINDOW!  Programmers can change the commands (for example the X in the upper right corner) to do anything they want!

Use only "ALT F4" to close these windows!  This is the only way to shut it down without inviting another popup to appear.

And LucF is right:  disable the messenger service!

And remember, delete COOKIES and TEMPORARY INTERNET FILES on a regular basis.  This will hinder others from knowing when you go ONLINE.
0
 
KlickSuperflyCommented:
You also might want to scan for spyware while you're at it.  To do this, download and run one of the following utilities:
SpyBot S&D  http://www.safer-networking.org/en/index.html (this is the one I use)
Lavasoft Ad-Aware  http://www.lavasoftusa.com/support/download/

LucF makes a very good point when (s)he recomends using a firewall of some sort.  My personal preference is to use a router if you are connected to the internet via high-speed (cable, DSL, etc) because routers are always on and can't be disabled by nasty little programs that can be downloaded.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
HypoviaxCommented:
The major concern is getting a firewall. This message will not be able to get to your computer if you have a good firewall. Like mentioned before zonealarm is a good choice.

Regards,

Hypoviax
0
 
dramatix01Commented:
If you are running Windows XP then you should install service pack 2.  It will enable the Windows Firewall by default which will definately deter the novice from gaining access to your system.

In addition to running the above mentioned Spyware detectors you may also consider running a full system virus scan.  I use Norton Antivirus, but you can go to www.trendmicro.com and run a full system scan for free online.
0
 
happythedogCommented:
what you have is the windows messenger open , theirs two ways to fix this
A) go into start settings controlpanel admin tools services look for messenger ,right click  hit properties click the arrow net to startup type click disabled in the drop down menu , then click stop , if says it has to stop other things say yes , although it should not do this , close out the properties and services and restart
B) go to http://www.grc.com/stm/shootthemessenger.htm   , download this and run the application it does the above for you
_____________________________________________________________________________________________________________________________________________
0
 
c_stimmelCommented:
LucF is right, disable the messenger service.

Also, get a GOOD spyware program.  That means one with frequent trace updates to grab and quarantine the latest crap.

 Webroot software has an excellent spyware solution that is frequently updated and affordable.

I use it daily and it can be configured through the use of agents to watch for downloaded software in realtime.

http://www.webroot.com/products/spysweeper/

-CS

I am not affiliated with webroot.
0
 
happythedogCommented:
a firewal doesntstop the message , it blocks it creating extra traffic on the link , your best just shuting it off
0
 
LucFCommented:
happythedog,
I'm sorry to say, but you're wrong.

From the original question:
"a pop up window came up sayin " Message frm MESSENGER SERVICE"
The messenger service isn't spyware/adware or whatever, it's a perfectly legal service needed in a lot of business networks, for a home computer it's unneeded though.

http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html#netsend
--------------------------------------------------------------------------------------------
The NET SEND messages are making it past the usual NetBIOS filters (ports 137-139, port 445) because in Windows 2000 and XP, the Messenger Service now works using RPC. A lookup is done on port 135 (epmap, DCE [RPC] endpoint resolution). That tells what high-numbered port the Messenger Service is listening on. The best way to stop this is to permanently disable the Messenger Service. You may also want to block port 135. I have also included information about Microsoft Distributed COM (DCOM), which uses port 135.

You may also want to block port 1026, based on Windows Messenger Popup Spam on UDP Port 1026.
--------------------------------------------------------------------------------------------

LucF
0
 
HypoviaxCommented:
LucF is right, a firewall is perfectly capable of stopping the messenger service if required

Regards,

Hypoviax
0
 
happythedogCommented:
Hypoviax lets go over this one more time
what is the purpose of a firewall , it is to keeep unwated traffic out of a network?
the firewall WILL BLOCK the service but traffic will still be generated '
and by DISABLING the service  it shuts down the hole
why cover the hole when you can fill it in
0
 
HypoviaxCommented:
True,

A Firewall will block WAN to LAn but can allow for LAN to LAN which may still may be useful to the user and thus i think unless the user will never use the service a firewall is more appropriate. However, if they will not use the service then i agree with you, disable the service

Regards,

Hypoviax
0
 
CharlyPhillyCommented:
You don't need to disable Messenger Service if you have installed a firewall that will stop remote users from sending you Messenger popup ads. But, if you don't need it, then disable it. If you don't have a firewall installed and don't plan to install one, you can disable the Microsoft Messenger Service, BUT, this may leave you exposed to other security issues, so disabling Messenger is not recommended. Some software applications, anti-virus, UPS system, SQL job Scheduler, and others use Messenger alerts to notify you of a critical system events. Use a firewall or a router with firewall capabilities to block the Messenger Pop-ups and leave Messenger service enabled if you are using such products. I use Symantec Client Security Firewall which blocks this problem.

Another good thing is to download the IESPYAD registry file which adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. This will prevent the web sites for these companies to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf and they won't be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC. Check back frequently to get updates.... https://netfiles.uiuc.edu/ehowes/www/res/ie-spyad.zip .....There are two registry files...one for ads and the other is for adult sites. hope this helps a little.
0
 
huntersvcsCommented:
You need to either award points to somebody (accept answer) or request this be closed and ask for a refund of points.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 3
  • 3
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now