[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Message from "Spyware-advisory..."

Posted on 2004-11-27
15
Medium Priority
?
597 Views
Last Modified: 2010-04-11
Every time I 'm entering internet I receive an annoying mesage (a lot of unterminated messages) such as:
Messenger Service:
Message from Spyware-advisory to 82.77.156.163: Your computer may be infected with unauthorized pop-up programs... Type www.EscapeAds.com.... Also go to www.BlockPopups.org and a lot of porno such popups!
They(POPUPS) make refference(WHY ARE SO "GOOD" GUYS??) to "Update: July 27, 2004. Microsoft Security Update MS03-043" but I have the patches: 828035,824141 on my WXP Pro SP1 computer.
I run antispy programs as adaware, spybot, Spysubtract, Spy sweeper and 2 antviruses but no solution! I could not get rid of them!!

At http://www.blockpopups.org/faq.html they say:
Is there a way to get rid of these popups myself?
No. Since the Messenger Service is built into Windows, the only way to disable it  is to edit the Windows programming code.  Windows Messenger Stopper safely changes this code for you with the click of a button.


0
Comment
Question by:luckyjohn_cm
15 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12686216
You can disable the Messenger service.
Right-click My Computer, Manage, Services and Applications, Services, Right-click Messenger and select "stop" then set to "Disabled"
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12686220
Hello luckyjohn_cm =)

If im getting you right.... you wanna Disable messenger service ??
if yes then goto Start>Run>msconfig>Services and untick Messenger
restart and it should be disabled now! is that not what you need :-?
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12688512
A firewall will block these alerts. Generally never trust messages such as these.

The messenger service is a legit part of windows and can be useful across a network. If you do not want to disable it a firewall is a better option. The very fact you recieve these messages indicates that you are susceptible to other such sorts of connections. Install zonealarm which is a free firewall and your problems should go away:

www.zonelabs.com

Regards,

Hypoviax
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 

Author Comment

by:luckyjohn_cm
ID: 12694569
HypoViax you are very close to a good answer, but why this computer receive such spy messages and all the computers I've seen before not!
Messanger is a essential serrvice (by the way, in case I disable it, what tasks I cannot run) and maybe the guy will not want that! You will say the firewall is the solution! But a lot of people without firewall don't receive such garb!MAybe somebody has annother disable or remove tool solution!
0
 

Author Comment

by:luckyjohn_cm
ID: 12694620
Smth. more!
What IP/port to block with the firewall?Or waht rule to aply?
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12700254
The reason why some computers recieve these 'messages' and others don't depends upon whether or not their IP address is available to be 'seen' by the sender. Your computer may have a static IP address which means that it is more susceptable to these messages because once they have gained your IP address they can continue to send these messages. Whereas with a dynamic IP address the IP address changes each time the Internet connection is made, making it more difficult to gain the IP address.

However another theory is that your computer has spyware on it leaking the IP address to a sender whom sends messages to you or the spyware sends itself a message (i.e netsend 127.0.0.1 "MESSAGE"). In the case of the latter theory run spybot and adaware (www.safer-networking.com and www.lavasoftusa.com respectively)

I had this same problem on my grandfathers computer. I put in zonealarm and the problem went away. If you are using another firewall or want to just block that specific port The Messenger service uses UDP ports 135, 137, and 138; TCP ports 135, 139, and 445; and an ephemeral (that is, short-lived) port number greater than 1024.

This is what Microsoft has to say about your problem : http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q330904

Regards,

Hypoviax
0
 

Author Comment

by:luckyjohn_cm
ID: 12704120
If you are using another firewall or want to just block that specific port The Messenger service uses

What specific port? You mean these as follows?

 UDP ports 135, 137, and 138; TCP ports 135, 139, and 445;

What do you mean by:
" and an ephemeral (that is, short-lived) port number greater than 1024. "
Who and why is ephemeral?
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12710214
Yeah, i mean those ports ( a firewall should block those automatically if they are not used by an internal approved application). The ephemeral is a random port used for short period before it is closed. The port is greater than 1024. This means that if you intend to block these ports you will have no idea as to which port the ephemeral is.

However, generally if you are using a firewall such as zonealarm you needn't worry about blocking specific ports. A firewall will normally have all ports not required closed and will block all connection attempts (such as the messenger service) from the Internet with the exception of approved circumstances such as for webbrowsing (port 80) etc

Regards,

Hypoviax



0
 

Author Comment

by:luckyjohn_cm
ID: 12714036
a firewall should block those automatically if they are not used by an internal approved application
How do I know such a port is using by an whatever internal aplication! On the other hand internal application (such Word) asking permission to firewall to use that port?

This means that if you intend to block these ports you will have no idea as to which port the ephemeral is.
I undesrtand that no matter I resolved(or the firewall resolved) with those non ephemere ports ports(UDP ports 135, 137, and 138; TCP ports 135, 139, and 445), because anytime the hacker could attack the computer on a randoom port number!
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12719730
If you use zonealarm it will notify you as to when a application attempts for the first time to access the internet. It will tell you the port number and ip address. Inside the main screen up the top it will tell you the applications currently accessing the internet, and their details. Other firewalls should do the same thing

Hypoviax
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12719744
Generally, deny access to the internet to applications unless you trust them
0
 

Author Comment

by:luckyjohn_cm
ID: 12724033
hypoviax
I installed the free zonealarm on 2 computers:
-on one computer I could not enter after rebooting in lan
- on other computer the computer is blocking after rebooting. Is smt. in computer safe mode to set on ZA to react better?
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12730310
>>-on one computer i could not enter after rebooting in LAN

I assume you mean you could not access the LAN resources. Zonealarm will block connections from the LAN unless you add them to the "Trusted zone".  Generally the best way to do this is to add a "trusted range" - that is to specify the range of IP addresses used on your LAN (e.g. 192.168.0.1 -> 192.168.0.100). If you have trouble using zonealarm they have a manual : http://download.zonelabs.com/bin/media/pdf/zaclient55_user_manual.pdf

From the manual this is the steps to add to the trusted zone:

Adding to the Trusted Zone

The Trusted Zone contains computers you trust want to share resources with. For
example, if you have three home PCs that are linked together in an Ethernet network,
you can put each individual computer or the entire network adapter subnet in the
Trusted Zone. The Trusted Zone’s default medium security settings enable you to safely
share files, printers, and other resources over the home network. Hackers are confined
to the Internet Zone, where high security settings keep you safe.

To add a single IP address:

1. Select Firewall|Zones.
2. Click Add, then select IP address from the shortcut menu.
The Add IP Address dialog appears.
3. Select Trusted from the Zone drop-down list.
4. Type the IP address and a description in the boxes provided, then click OK.
To add an IP range:
1. Select Firewall|Zones.
2. Click Add, then select IP address from the shortcut menu.
The Add IP Range dialog appears.
3. Select Trusted from the Zone drop-down list.
4. Type the beginning IP address in the first field, and the ending IP address in the
second field.
5. Type a description in the field provided, then click OK.


To add a subnet:
1. Select Firewall|Zones.
2. Click Add, then select Subnet from the shortcut menu.
The Add Subnet dialog appears.
3. Select Trusted from the Zone drop-down list.
4. Type the IP address in the first field, and the Subnet mask in the second field.
5. Type a description in the field provided, then click OK.
To add to a Host or Site to the trusted Zone:
1. Select Firewall|Zones.
2. Click Add, then select Host/Site.
The Add Host/Site dialog appears.
Chapter 5:
3. Select Trusted from the Zones drop-down list.
4. Type the fully qualified host name in the Host name field.
5. Type a description of the host/site, then click OK.
To add a network to the Trusted Zone:
1. Select Firewall|Zones.
2. In the Zone column, click the row containing the network, then select Trusted from
the shortcut menu.
3. Click Apply.

You shouldn't need to put your computer into safe mode with zonealarm.

Hope this solves your problem,

Hypoviax
0
 

Author Comment

by:luckyjohn_cm
ID: 12737228
Hypoviax
On a computer1 (from a lan) ZA not let me login in!!!!
After unistalling it I could loging in!!
On another computer2 (not belonging to a lan) after installing it the computer cannot do an elementary ctrl/alt/delete. Just the clepsydre!Only after remove ZA from Safe mode I could get control over the mouse after XP starting!
0
 
LVL 5

Accepted Solution

by:
Hypoviax earned 375 total points
ID: 12740601
Strange problem which should not happen.

Try a different firewall such as sygate personal:

http://smb.sygate.com/products/spf_standard.htm

Hypoviax
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question