BaldyMan

these bloody pop stars shows - do they honestly think we want pop up messages on our comps about them

who gives a toss if they get voted off or not

had to explain to me bird for an hour that i was'nt seeing some girl called kelly behind her back

[Edited by BaldyMan - 11/4/2002 10:46:26 AM]

BuRR

2 days running now, this box has popped up on my system. Anyone any ideas as to how it got on there? More importantly, how the hell do I get rid of it? I've tried ad-aware (latest ref file) and NAV (updated to latest definitions)


Thanks in advance.

BuRR

It just pops up out of nowhere. (Win2k) When I run task manager, it shows an application called "messenger service" or something. When I then click "go to process" it takes me to csrss.exe

Any ideas are welcome.

boomer

BuRR,

under NAV, click on "View Event Log" and have a look at the Connections Tab (plus other tabs) or even do a "View Statistics" to try to catch them real-time.

mb

BuRR

hutton_d - I'd appreciate if you manage to work out what it is, to let me know, please?

BuRR

ad-aware -- nothing

gregh

got into services, turn off messenger service

Greg

gregh

some more info from tweakxp.com

In the default installation of XP, the Messenger service runs by default. Messenger in Windows 2000/XP is similiar to the functionality of what "WinPopup" was to Win3.x/9X. However, having this service running will cause problems in the very near future, as ANYONE can send popup messages to your computer when you have this service running. (The service doesn't check where the message comes from).

Don't believe it? At the command prompt, type "net send IPADDRESS_OF_CLIENT_TO_SEND_TO Your Message" and that person will get a popup window immediately with "Your Message" .. the popup window will says "Messenger Service" in the titlebar and will contain your workstation's name and the time. You can send a message to yourself by typing "LOCALHOST" to test this.

Another thing worth noting, if you are using a Microsoft firewall, these messages will still be sent through the firewall.

To make it so others cannot send these messages to you, disable the Messenger service from Services. (Go to Control Panel > Perf. & Maint. > Administrative Tools > Services. Double click the Messenger Service, change 'Automatic' to 'Disabled' and click the Stop button.) Once you've done this, people trying to send messages via the net message service will get errors. While you're at it, it might be wise to disable the 'Administrative Alerts' service as well.

The description Microsoft gives for this service is as follows: "Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."

BuRR

Thanks to all involved.

boomer

"Another thing worth noting, if you are using a Microsoft firewall, these messages will still be sent through the firewall."

Don't you just hate MicroShaft [img]images/smilies/mad.gif[/img]

mb

IWatkins

Wow, that sucks.

We use it all the time internally, I.e. group sends to tell people donuts have arrived etc. or more importantly for automatic messages from servers etc. when they run low of disk space etc.

Spamming people using this stuff is just nasty.

Fairly easy to 'war' send through a list of IP addresses though.

Cheers

Ian

shunty

BuRR - I have a few nice software firewalls (tiny 3 I would recommend) for you that will stop sh1te like this. Mail me offline or ring me.
I have changed jobs now remember, so use my home number.

shunty

Foot_Tapper

Pain in the arris these poxy spammers.
I cant wait for them to get to grips with all the
services for XP, home users will have a nitemare.

BuRR

ah, Shunty, that'll explain why you didn't reply to my text

The exhaust is now on, and sounding lovely, however needs some adjustment as its knocking a bit on the underside of the car on decelleration.

super_si

cant remember if i emailed you burr!

Si

ChrisB

Ooo, I've seen this on a server today too.

BuRR

Weird thing is Norton found 6 virus-infected files on my PC when I switched on today

What worries me is that it didn't pick them up when they were put on the drive ????

Puff The Magic Wagon!

iTrader: (2)

I run my home network via a Cisco router that dials on demand etc. It's all locked down nice & tight (thanks Deano ) but I had a problem with the ISP I was connecting to. So I rigged up a TA & dialed up Demon to get internet access. I forgot to run ZoneAlarm (don't with my router) & one of those messages popped up. I ran ZA after that until the problem with my ISP was sorted.

Therefore, it might be a good idea to find the port that message comes through. My guess is they just send messages to as many IPs as they can, knowing that some will get through. Is there a "message received" facility? In that way they don't have to re-spam & can target instead

BuRR

This was quite an unnerving sight tonight:.......

The file C:\Drivers\iserver.bat is infected with the IRC/Flood.bc virus.
The file was deleted.

The file D:\mirc\Polaris\mirc.ini is infected with the IRC/Flood.ao virus.
The file was deleted.

The file D:\mirc\Biatch-X\Bitch-X\tools\pager.exe is infected with the Spam-ICQ.PageBomb.14 virus.
The file was deleted.

The file F:\WINNT\system32\BACKUP.BAT is infected with the IRC/Flood.ba virus.
The file was deleted.

The file F:\WINNT\system32\DLL32NT.HLP is infected with the IRC/Flood.c virus.
The file was deleted.

The file F:\WINNT\system32\nt32.ini is infected with the IRC/Flood.ba virus.
The file was deleted.

The file F:\WINNT\system32\TASKMNGR.EXE is infected with the IRC/Flood.i virus.
The file was deleted.

The file F:\WINNT\system32\TFTP8675 is infected with the MovieWorld virus.
The file was deleted.

The file F:\WINNT\system32\WINHP32.EXE is infected with the IRC/Flood.e virus.
The file was deleted.

The file F:\WINNT\Temp\xf4yga\internet explorer\iserver.bat is infected with the IRC/Flood.bc virus.
The file was deleted.

The file F:\WINNT\Temp\xf4yga\internet explorer\ntcmd.exe is infected with the Fluxay.gen virus.
The file was deleted.

The file F:\WINNT\Temp\xf4yga\internet explorer\recv\share.bat is infected with the IRC/Flood.bc virus.
The file was deleted.

The file F:\WINNT\Temp\xf4yga\internet explorer\share.bat is infected with the IRC/Flood.bc virus.
The file was deleted.

The file F:\WINNT\Temp\xf4yga\internet explorer\sysd.exe is infected with the IRC/Flood.e virus.
The file was deleted.

Managed to get all these off my system. The thing that worried me more is that Norton Antivirus 2002 missed ALL these on a full-system scan this afternoon (with the latest virus defs, and inspecting ALL files, including compressed files)

McAfee found the above files. I'm now going to find it much harder indeed to ever trust Norton Antivirus again.