Message from "Spyware-advisory..."

Every time I 'm entering internet I receive an annoying mesage (a lot of unterminated messages) such as:
Messenger Service:
Message from Spyware-advisory to 82.77.156.163: Your computer may be infected with unauthorized pop-up programs... Type www.EscapeAds.com.... Also go to www.BlockPopups.org and a lot of porno such popups!
They(POPUPS) make refference(WHY ARE SO "GOOD" GUYS??) to "Update: July 27, 2004. Microsoft Security Update MS03-043" but I have the patches: 828035,824141 on my WXP Pro SP1 computer.
I run antispy programs as adaware, spybot, Spysubtract, Spy sweeper and 2 antviruses but no solution! I could not get rid of them!!

At http://www.blockpopups.org/faq.html they say:
Is there a way to get rid of these popups myself?
No. Since the Messenger Service is built into Windows, the only way to disable it  is to edit the Windows programming code.  Windows Messenger Stopper safely changes this code for you with the click of a button.


luckyjohn_cmAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
You can disable the Messenger service.
Right-click My Computer, Manage, Services and Applications, Services, Right-click Messenger and select "stop" then set to "Disabled"
0
SheharyaarSaahilCommented:
Hello luckyjohn_cm =)

If im getting you right.... you wanna Disable messenger service ??
if yes then goto Start>Run>msconfig>Services and untick Messenger
restart and it should be disabled now! is that not what you need :-?
0
HypoviaxCommented:
A firewall will block these alerts. Generally never trust messages such as these.

The messenger service is a legit part of windows and can be useful across a network. If you do not want to disable it a firewall is a better option. The very fact you recieve these messages indicates that you are susceptible to other such sorts of connections. Install zonealarm which is a free firewall and your problems should go away:

www.zonelabs.com

Regards,

Hypoviax
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

luckyjohn_cmAuthor Commented:
HypoViax you are very close to a good answer, but why this computer receive such spy messages and all the computers I've seen before not!
Messanger is a essential serrvice (by the way, in case I disable it, what tasks I cannot run) and maybe the guy will not want that! You will say the firewall is the solution! But a lot of people without firewall don't receive such garb!MAybe somebody has annother disable or remove tool solution!
0
luckyjohn_cmAuthor Commented:
Smth. more!
What IP/port to block with the firewall?Or waht rule to aply?
0
HypoviaxCommented:
The reason why some computers recieve these 'messages' and others don't depends upon whether or not their IP address is available to be 'seen' by the sender. Your computer may have a static IP address which means that it is more susceptable to these messages because once they have gained your IP address they can continue to send these messages. Whereas with a dynamic IP address the IP address changes each time the Internet connection is made, making it more difficult to gain the IP address.

However another theory is that your computer has spyware on it leaking the IP address to a sender whom sends messages to you or the spyware sends itself a message (i.e netsend 127.0.0.1 "MESSAGE"). In the case of the latter theory run spybot and adaware (www.safer-networking.com and www.lavasoftusa.com respectively)

I had this same problem on my grandfathers computer. I put in zonealarm and the problem went away. If you are using another firewall or want to just block that specific port The Messenger service uses UDP ports 135, 137, and 138; TCP ports 135, 139, and 445; and an ephemeral (that is, short-lived) port number greater than 1024.

This is what Microsoft has to say about your problem : http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q330904

Regards,

Hypoviax
0
luckyjohn_cmAuthor Commented:
If you are using another firewall or want to just block that specific port The Messenger service uses

What specific port? You mean these as follows?

 UDP ports 135, 137, and 138; TCP ports 135, 139, and 445;

What do you mean by:
" and an ephemeral (that is, short-lived) port number greater than 1024. "
Who and why is ephemeral?
0
HypoviaxCommented:
Yeah, i mean those ports ( a firewall should block those automatically if they are not used by an internal approved application). The ephemeral is a random port used for short period before it is closed. The port is greater than 1024. This means that if you intend to block these ports you will have no idea as to which port the ephemeral is.

However, generally if you are using a firewall such as zonealarm you needn't worry about blocking specific ports. A firewall will normally have all ports not required closed and will block all connection attempts (such as the messenger service) from the Internet with the exception of approved circumstances such as for webbrowsing (port 80) etc

Regards,

Hypoviax



0
luckyjohn_cmAuthor Commented:
a firewall should block those automatically if they are not used by an internal approved application
How do I know such a port is using by an whatever internal aplication! On the other hand internal application (such Word) asking permission to firewall to use that port?

This means that if you intend to block these ports you will have no idea as to which port the ephemeral is.
I undesrtand that no matter I resolved(or the firewall resolved) with those non ephemere ports ports(UDP ports 135, 137, and 138; TCP ports 135, 139, and 445), because anytime the hacker could attack the computer on a randoom port number!
0
HypoviaxCommented:
If you use zonealarm it will notify you as to when a application attempts for the first time to access the internet. It will tell you the port number and ip address. Inside the main screen up the top it will tell you the applications currently accessing the internet, and their details. Other firewalls should do the same thing

Hypoviax
0
HypoviaxCommented:
Generally, deny access to the internet to applications unless you trust them
0
luckyjohn_cmAuthor Commented:
hypoviax
I installed the free zonealarm on 2 computers:
-on one computer I could not enter after rebooting in lan
- on other computer the computer is blocking after rebooting. Is smt. in computer safe mode to set on ZA to react better?
0
HypoviaxCommented:
>>-on one computer i could not enter after rebooting in LAN

I assume you mean you could not access the LAN resources. Zonealarm will block connections from the LAN unless you add them to the "Trusted zone".  Generally the best way to do this is to add a "trusted range" - that is to specify the range of IP addresses used on your LAN (e.g. 192.168.0.1 -> 192.168.0.100). If you have trouble using zonealarm they have a manual : http://download.zonelabs.com/bin/media/pdf/zaclient55_user_manual.pdf

From the manual this is the steps to add to the trusted zone:

Adding to the Trusted Zone

The Trusted Zone contains computers you trust want to share resources with. For
example, if you have three home PCs that are linked together in an Ethernet network,
you can put each individual computer or the entire network adapter subnet in the
Trusted Zone. The Trusted Zone’s default medium security settings enable you to safely
share files, printers, and other resources over the home network. Hackers are confined
to the Internet Zone, where high security settings keep you safe.

To add a single IP address:

1. Select Firewall|Zones.
2. Click Add, then select IP address from the shortcut menu.
The Add IP Address dialog appears.
3. Select Trusted from the Zone drop-down list.
4. Type the IP address and a description in the boxes provided, then click OK.
To add an IP range:
1. Select Firewall|Zones.
2. Click Add, then select IP address from the shortcut menu.
The Add IP Range dialog appears.
3. Select Trusted from the Zone drop-down list.
4. Type the beginning IP address in the first field, and the ending IP address in the
second field.
5. Type a description in the field provided, then click OK.


To add a subnet:
1. Select Firewall|Zones.
2. Click Add, then select Subnet from the shortcut menu.
The Add Subnet dialog appears.
3. Select Trusted from the Zone drop-down list.
4. Type the IP address in the first field, and the Subnet mask in the second field.
5. Type a description in the field provided, then click OK.
To add to a Host or Site to the trusted Zone:
1. Select Firewall|Zones.
2. Click Add, then select Host/Site.
The Add Host/Site dialog appears.
Chapter 5:
3. Select Trusted from the Zones drop-down list.
4. Type the fully qualified host name in the Host name field.
5. Type a description of the host/site, then click OK.
To add a network to the Trusted Zone:
1. Select Firewall|Zones.
2. In the Zone column, click the row containing the network, then select Trusted from
the shortcut menu.
3. Click Apply.

You shouldn't need to put your computer into safe mode with zonealarm.

Hope this solves your problem,

Hypoviax
0
luckyjohn_cmAuthor Commented:
Hypoviax
On a computer1 (from a lan) ZA not let me login in!!!!
After unistalling it I could loging in!!
On another computer2 (not belonging to a lan) after installing it the computer cannot do an elementary ctrl/alt/delete. Just the clepsydre!Only after remove ZA from Safe mode I could get control over the mouse after XP starting!
0
HypoviaxCommented:
Strange problem which should not happen.

Try a different firewall such as sygate personal:

http://smb.sygate.com/products/spf_standard.htm

Hypoviax
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.