Anyone any ideas please?
#1
Scooby Regular
Thread Starter
Join Date: Aug 2002
Location: Sunny Lancs
Posts: 2,530
Likes: 0
Received 0 Likes
on
0 Posts
these bloody pop stars shows - do they honestly think we want pop up messages on our comps about them
who gives a toss if they get voted off or not
had to explain to me bird for an hour that i was'nt seeing some girl called kelly behind her back
[Edited by BaldyMan - 11/4/2002 10:46:26 AM]
who gives a toss if they get voted off or not
had to explain to me bird for an hour that i was'nt seeing some girl called kelly behind her back
[Edited by BaldyMan - 11/4/2002 10:46:26 AM]
#2
Scooby Regular
2 days running now, this box has popped up on my system. Anyone any ideas as to how it got on there? More importantly, how the hell do I get rid of it? I've tried ad-aware (latest ref file) and NAV (updated to latest definitions)
Thanks in advance.
Thanks in advance.
#3
Scooby Regular
It just pops up out of nowhere. (Win2k) When I run task manager, it shows an application called "messenger service" or something. When I then click "go to process" it takes me to csrss.exe
Any ideas are welcome.
Any ideas are welcome.
#5
Scooby Senior
Join Date: Feb 2000
Location: West Midlands
Posts: 5,763
Likes: 0
Received 0 Likes
on
0 Posts
BuRR,
under NAV, click on "View Event Log" and have a look at the Connections Tab (plus other tabs) or even do a "View Statistics" to try to catch them real-time.
mb
under NAV, click on "View Event Log" and have a look at the Connections Tab (plus other tabs) or even do a "View Statistics" to try to catch them real-time.
mb
Trending Topics
#9
some more info from tweakxp.com
In the default installation of XP, the Messenger service runs by default. Messenger in Windows 2000/XP is similiar to the functionality of what "WinPopup" was to Win3.x/9X. However, having this service running will cause problems in the very near future, as ANYONE can send popup messages to your computer when you have this service running. (The service doesn't check where the message comes from).
Don't believe it? At the command prompt, type "net send IPADDRESS_OF_CLIENT_TO_SEND_TO Your Message" and that person will get a popup window immediately with "Your Message" .. the popup window will says "Messenger Service" in the titlebar and will contain your workstation's name and the time. You can send a message to yourself by typing "LOCALHOST" to test this.
Another thing worth noting, if you are using a Microsoft firewall, these messages will still be sent through the firewall.
To make it so others cannot send these messages to you, disable the Messenger service from Services. (Go to Control Panel > Perf. & Maint. > Administrative Tools > Services. Double click the Messenger Service, change 'Automatic' to 'Disabled' and click the Stop button.) Once you've done this, people trying to send messages via the net message service will get errors. While you're at it, it might be wise to disable the 'Administrative Alerts' service as well.
The description Microsoft gives for this service is as follows: "Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."
In the default installation of XP, the Messenger service runs by default. Messenger in Windows 2000/XP is similiar to the functionality of what "WinPopup" was to Win3.x/9X. However, having this service running will cause problems in the very near future, as ANYONE can send popup messages to your computer when you have this service running. (The service doesn't check where the message comes from).
Don't believe it? At the command prompt, type "net send IPADDRESS_OF_CLIENT_TO_SEND_TO Your Message" and that person will get a popup window immediately with "Your Message" .. the popup window will says "Messenger Service" in the titlebar and will contain your workstation's name and the time. You can send a message to yourself by typing "LOCALHOST" to test this.
Another thing worth noting, if you are using a Microsoft firewall, these messages will still be sent through the firewall.
To make it so others cannot send these messages to you, disable the Messenger service from Services. (Go to Control Panel > Perf. & Maint. > Administrative Tools > Services. Double click the Messenger Service, change 'Automatic' to 'Disabled' and click the Stop button.) Once you've done this, people trying to send messages via the net message service will get errors. While you're at it, it might be wise to disable the 'Administrative Alerts' service as well.
The description Microsoft gives for this service is as follows: "Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."
#11
Guest
Posts: n/a
Well, disabled Messenger Service - wot the heck is that needed for anyway in the real world ...??? The Admin Alerter is not started automaticaly on mine. Running W2K Pro.
Ta for info. Heck this list is fast - and frequented by lots of sad muppets with nowt else to do on a Friday evening ... :-) Mind you, it is peeing down outside ...
Dave
PS: Just gone onto Home Highway - been using it at 128K for an hour or so. Would this be the reason they got me? Ot would they have zapped me down a modem link also ..??
PPS: anyone else keep getting the Nimda virus when surfing seemingly innocuous web sites? Like this one ...???
#12
Scooby Senior
Join Date: Feb 2000
Location: West Midlands
Posts: 5,763
Likes: 0
Received 0 Likes
on
0 Posts
"Another thing worth noting, if you are using a Microsoft firewall, these messages will still be sent through the firewall."
Don't you just hate MicroShaft [img]images/smilies/mad.gif[/img]
mb
Don't you just hate MicroShaft [img]images/smilies/mad.gif[/img]
mb
#13
Scooby Regular
Join Date: Mar 2000
Location: Gloucestershire, home of the lawnmower.
Posts: 4,531
Likes: 0
Received 0 Likes
on
0 Posts
Wow, that sucks.
We use it all the time internally, I.e. group sends to tell people donuts have arrived etc. or more importantly for automatic messages from servers etc. when they run low of disk space etc.
Spamming people using this stuff is just nasty.
Fairly easy to 'war' send through a list of IP addresses though.
Cheers
Ian
We use it all the time internally, I.e. group sends to tell people donuts have arrived etc. or more importantly for automatic messages from servers etc. when they run low of disk space etc.
Spamming people using this stuff is just nasty.
Fairly easy to 'war' send through a list of IP addresses though.
Cheers
Ian
#14
Scooby Regular
Join Date: Aug 2001
Location: wakefield
Posts: 2,082
Likes: 0
Received 0 Likes
on
0 Posts
BuRR - I have a few nice software firewalls (tiny 3 I would recommend) for you that will stop sh1te like this. Mail me offline or ring me.
I have changed jobs now remember, so use my home number.
shunty
I have changed jobs now remember, so use my home number.
shunty
#16
Scooby Regular
ah, Shunty, that'll explain why you didn't reply to my text
The exhaust is now on, and sounding lovely, however needs some adjustment as its knocking a bit on the underside of the car on decelleration.
The exhaust is now on, and sounding lovely, however needs some adjustment as its knocking a bit on the underside of the car on decelleration.
#19
Scooby Regular
Weird thing is Norton found 6 virus-infected files on my PC when I switched on today
What worries me is that it didn't pick them up when they were put on the drive ????
What worries me is that it didn't pick them up when they were put on the drive ????
#20
Moderator
iTrader: (2)
I run my home network via a Cisco router that dials on demand etc. It's all locked down nice & tight (thanks Deano ) but I had a problem with the ISP I was connecting to. So I rigged up a TA & dialed up Demon to get internet access. I forgot to run ZoneAlarm (don't with my router) & one of those messages popped up. I ran ZA after that until the problem with my ISP was sorted.
Therefore, it might be a good idea to find the port that message comes through. My guess is they just send messages to as many IPs as they can, knowing that some will get through. Is there a "message received" facility? In that way they don't have to re-spam & can target instead
Therefore, it might be a good idea to find the port that message comes through. My guess is they just send messages to as many IPs as they can, knowing that some will get through. Is there a "message received" facility? In that way they don't have to re-spam & can target instead
#21
Scooby Regular
This was quite an unnerving sight tonight:.......
The file C:\Drivers\iserver.bat is infected with the IRC/Flood.bc virus.
The file was deleted.
The file D:\mirc\Polaris\mirc.ini is infected with the IRC/Flood.ao virus.
The file was deleted.
The file D:\mirc\Biatch-X\Bitch-X\tools\pager.exe is infected with the Spam-ICQ.PageBomb.14 virus.
The file was deleted.
The file F:\WINNT\system32\BACKUP.BAT is infected with the IRC/Flood.ba virus.
The file was deleted.
The file F:\WINNT\system32\DLL32NT.HLP is infected with the IRC/Flood.c virus.
The file was deleted.
The file F:\WINNT\system32\nt32.ini is infected with the IRC/Flood.ba virus.
The file was deleted.
The file F:\WINNT\system32\TASKMNGR.EXE is infected with the IRC/Flood.i virus.
The file was deleted.
The file F:\WINNT\system32\TFTP8675 is infected with the MovieWorld virus.
The file was deleted.
The file F:\WINNT\system32\WINHP32.EXE is infected with the IRC/Flood.e virus.
The file was deleted.
The file F:\WINNT\Temp\xf4yga\internet explorer\iserver.bat is infected with the IRC/Flood.bc virus.
The file was deleted.
The file F:\WINNT\Temp\xf4yga\internet explorer\ntcmd.exe is infected with the Fluxay.gen virus.
The file was deleted.
The file F:\WINNT\Temp\xf4yga\internet explorer\recv\share.bat is infected with the IRC/Flood.bc virus.
The file was deleted.
The file F:\WINNT\Temp\xf4yga\internet explorer\share.bat is infected with the IRC/Flood.bc virus.
The file was deleted.
The file F:\WINNT\Temp\xf4yga\internet explorer\sysd.exe is infected with the IRC/Flood.e virus.
The file was deleted.
Managed to get all these off my system. The thing that worried me more is that Norton Antivirus 2002 missed ALL these on a full-system scan this afternoon (with the latest virus defs, and inspecting ALL files, including compressed files)
McAfee found the above files. I'm now going to find it much harder indeed to ever trust Norton Antivirus again.
The file C:\Drivers\iserver.bat is infected with the IRC/Flood.bc virus.
The file was deleted.
The file D:\mirc\Polaris\mirc.ini is infected with the IRC/Flood.ao virus.
The file was deleted.
The file D:\mirc\Biatch-X\Bitch-X\tools\pager.exe is infected with the Spam-ICQ.PageBomb.14 virus.
The file was deleted.
The file F:\WINNT\system32\BACKUP.BAT is infected with the IRC/Flood.ba virus.
The file was deleted.
The file F:\WINNT\system32\DLL32NT.HLP is infected with the IRC/Flood.c virus.
The file was deleted.
The file F:\WINNT\system32\nt32.ini is infected with the IRC/Flood.ba virus.
The file was deleted.
The file F:\WINNT\system32\TASKMNGR.EXE is infected with the IRC/Flood.i virus.
The file was deleted.
The file F:\WINNT\system32\TFTP8675 is infected with the MovieWorld virus.
The file was deleted.
The file F:\WINNT\system32\WINHP32.EXE is infected with the IRC/Flood.e virus.
The file was deleted.
The file F:\WINNT\Temp\xf4yga\internet explorer\iserver.bat is infected with the IRC/Flood.bc virus.
The file was deleted.
The file F:\WINNT\Temp\xf4yga\internet explorer\ntcmd.exe is infected with the Fluxay.gen virus.
The file was deleted.
The file F:\WINNT\Temp\xf4yga\internet explorer\recv\share.bat is infected with the IRC/Flood.bc virus.
The file was deleted.
The file F:\WINNT\Temp\xf4yga\internet explorer\share.bat is infected with the IRC/Flood.bc virus.
The file was deleted.
The file F:\WINNT\Temp\xf4yga\internet explorer\sysd.exe is infected with the IRC/Flood.e virus.
The file was deleted.
Managed to get all these off my system. The thing that worried me more is that Norton Antivirus 2002 missed ALL these on a full-system scan this afternoon (with the latest virus defs, and inspecting ALL files, including compressed files)
McAfee found the above files. I'm now going to find it much harder indeed to ever trust Norton Antivirus again.
Thread
Thread Starter
Forum
Replies
Last Post
Sam Witwicky
Engine Management and ECU Remapping
17
13 November 2015 10:49 AM
MightyArsenal
Wheels, Tyres & Brakes
6
25 September 2015 08:31 PM