Anyone any ideas please?

Reply Subscribe

Thread Tools

Search this Thread

Apr 11, 2002 | 10:45 AM

BaldyMan

Thread Starter

Scooby Regular

Joined: Aug 2002

Posts: 2,530

Likes: 0

From: Sunny Lancs

these bloody pop stars shows - do they honestly think we want pop up messages on our comps about them

who gives a toss if they get voted off or not

had to explain to me bird for an hour that i was'nt seeing some girl called kelly behind her back

[Edited by BaldyMan - 11/4/2002 10:46:26 AM]

Nov 1, 2002 | 10:37 PM

BuRR

Scooby Regular

Joined: Dec 2001

Posts: 5,210

Likes: 0

From: Was Wakefield, now London

2 days running now, this box has popped up on my system. Anyone any ideas as to how it got on there? More importantly, how the hell do I get rid of it? I've tried ad-aware (latest ref file) and NAV (updated to latest definitions)

Thanks in advance.

Nov 1, 2002 | 10:42 PM

BuRR

Scooby Regular

Joined: Dec 2001

Posts: 5,210

Likes: 0

From: Was Wakefield, now London

It just pops up out of nowhere. (Win2k) When I run task manager, it shows an application called "messenger service" or something. When I then click "go to process" it takes me to csrss.exe

Any ideas are welcome.

Nov 1, 2002 | 10:44 PM

hutton_d

Guest

Posts: n/a

Hmmm. Just happned to me tonight - twice.... Exactly the same window - except for the time which is the current time ....

Digging into it ....

Dave

Nov 1, 2002 | 10:46 PM

boomer

Scooby Senior

Joined: Feb 2000

Posts: 5,763

Likes: 0

From: West Midlands

BuRR,

under NAV, click on "View Event Log" and have a look at the Connections Tab (plus other tabs) or even do a "View Statistics" to try to catch them real-time.

mb

Nov 1, 2002 | 10:50 PM

BuRR

Scooby Regular

Joined: Dec 2001

Posts: 5,210

Likes: 0

From: Was Wakefield, now London

hutton_d - I'd appreciate if you manage to work out what it is, to let me know, please?

Nov 1, 2002 | 10:51 PM

BuRR

Scooby Regular

Joined: Dec 2001

Posts: 5,210

Likes: 0

From: Was Wakefield, now London

ad-aware -- nothing

Trending Topics

Flatspot on acceleration causes.

9

664
Paint or wrap roof

8

581
Info on these overalls

1

130

Nov 1, 2002 | 10:52 PM

gregh

Scooby Regular

Joined: Dec 1999

Posts: 3,360

Likes: 0

got into services, turn off messenger service

Greg

Nov 1, 2002 | 10:54 PM

gregh

Scooby Regular

Joined: Dec 1999

Posts: 3,360

Likes: 0

some more info from tweakxp.com

In the default installation of XP, the Messenger service runs by default. Messenger in Windows 2000/XP is similiar to the functionality of what "WinPopup" was to Win3.x/9X. However, having this service running will cause problems in the very near future, as ANYONE can send popup messages to your computer when you have this service running. (The service doesn't check where the message comes from).

Don't believe it? At the command prompt, type "net send IPADDRESS_OF_CLIENT_TO_SEND_TO Your Message" and that person will get a popup window immediately with "Your Message" .. the popup window will says "Messenger Service" in the titlebar and will contain your workstation's name and the time. You can send a message to yourself by typing "LOCALHOST" to test this.

Another thing worth noting, if you are using a Microsoft firewall, these messages will still be sent through the firewall.

To make it so others cannot send these messages to you, disable the Messenger service from Services. (Go to Control Panel > Perf. & Maint. > Administrative Tools > Services. Double click the Messenger Service, change 'Automatic' to 'Disabled' and click the Stop button.) Once you've done this, people trying to send messages via the net message service will get errors. While you're at it, it might be wise to disable the 'Administrative Alerts' service as well.

The description Microsoft gives for this service is as follows: "Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."

Nov 1, 2002 | 10:59 PM

#10

BuRR

Scooby Regular

Joined: Dec 2001

Posts: 5,210

Likes: 0

From: Was Wakefield, now London

Thanks to all involved.

Nov 1, 2002 | 11:02 PM

#11

hutton_d

Guest

Posts: n/a

Well, disabled Messenger Service - wot the heck is that needed for anyway in the real world ...??? The Admin Alerter is not started automaticaly on mine. Running W2K Pro.

Ta for info. Heck this list is fast - and frequented by lots of sad muppets with nowt else to do on a Friday evening ... :-) Mind you, it is peeing down outside ...

Dave

PS: Just gone onto Home Highway - been using it at 128K for an hour or so. Would this be the reason they got me? Ot would they have zapped me down a modem link also ..??

PPS: anyone else keep getting the Nimda virus when surfing seemingly innocuous web sites? Like this one ...???

Nov 1, 2002 | 11:08 PM

#12

boomer

Scooby Senior

Joined: Feb 2000

Posts: 5,763

Likes: 0

From: West Midlands

"Another thing worth noting, if you are using a Microsoft firewall, these messages will still be sent through the firewall."

Don't you just hate MicroShaft [img]images/smilies/mad.gif[/img]

mb

Nov 2, 2002 | 12:31 AM

#13

IWatkins

Scooby Regular

Joined: Mar 2000

Posts: 4,531

Likes: 0

From: Gloucestershire, home of the lawnmower.

Wow, that sucks.

We use it all the time internally, I.e. group sends to tell people donuts have arrived etc. or more importantly for automatic messages from servers etc. when they run low of disk space etc.

Spamming people using this stuff is just nasty.

Fairly easy to 'war' send through a list of IP addresses though.

Cheers

Ian

Nov 2, 2002 | 09:20 AM

#14

shunty

Scooby Regular

Joined: Aug 2001

Posts: 2,082

Likes: 0

From: wakefield

BuRR - I have a few nice software firewalls (tiny 3 I would recommend) for you that will stop sh1te like this. Mail me offline or ring me.
I have changed jobs now remember, so use my home number.

shunty

Nov 2, 2002 | 02:28 PM

#15

Foot_Tapper

Scooby Regular

Joined: Aug 2002

Posts: 1,977

Likes: 0

Pain in the arris these poxy spammers.
I cant wait for them to get to grips with all the
services for XP, home users will have a nitemare.

Nov 2, 2002 | 09:32 PM

#16

BuRR

Scooby Regular

Joined: Dec 2001

Posts: 5,210

Likes: 0

From: Was Wakefield, now London

ah, Shunty, that'll explain why you didn't reply to my text

The exhaust is now on, and sounding lovely, however needs some adjustment as its knocking a bit on the underside of the car on decelleration.

Nov 2, 2002 | 09:39 PM

#17

super_si

Scooby Regular

Joined: Feb 2002

Posts: 7,951

Likes: 0

From: Lurkin Somewhere

cant remember if i emailed you burr!

Si

Nov 2, 2002 | 10:30 PM

#18

ChrisB

Moderator

Joined: Dec 1998

Posts: 23,573

Likes: 0

From: Staffs

Ooo, I've seen this on a server today too.

Nov 2, 2002 | 11:58 PM

#19

BuRR

Scooby Regular

Joined: Dec 2001

Posts: 5,210

Likes: 0

From: Was Wakefield, now London

Weird thing is Norton found 6 virus-infected files on my PC when I switched on today

What worries me is that it didn't pick them up when they were put on the drive ????

Nov 3, 2002 | 12:29 PM

#20

Puff The Magic Wagon!

Moderator

iTrader: (2)

Joined: May 2000

Posts: 16,980

Likes: 15

From: From far, far away...

I run my home network via a Cisco router that dials on demand etc. It's all locked down nice & tight (thanks Deano

) but I had a problem with the ISP I was connecting to. So I rigged up a TA & dialed up Demon to get internet access. I forgot to run ZoneAlarm (don't with my router) & one of those messages popped up. I ran ZA after that until the problem with my ISP was sorted.

Therefore, it might be a good idea to find the port that message comes through. My guess is they just send messages to as many IPs as they can, knowing that some will get through. Is there a "message received" facility? In that way they don't have to re-spam & can target instead

Nov 3, 2002 | 10:04 PM

#21

BuRR

Scooby Regular

Joined: Dec 2001

Posts: 5,210

Likes: 0

From: Was Wakefield, now London

This was quite an unnerving sight tonight:.......

The file C:\Drivers\iserver.bat is infected with the IRC/Flood.bc virus.
The file was deleted.

The file D:\mirc\Polaris\mirc.ini is infected with the IRC/Flood.ao virus.
The file was deleted.

The file D:\mirc\Biatch-X\Bitch-X\tools\pager.exe is infected with the Spam-ICQ.PageBomb.14 virus.
The file was deleted.

The file F:\WINNT\system32\BACKUP.BAT is infected with the IRC/Flood.ba virus.
The file was deleted.

The file F:\WINNT\system32\DLL32NT.HLP is infected with the IRC/Flood.c virus.
The file was deleted.

The file F:\WINNT\system32\nt32.ini is infected with the IRC/Flood.ba virus.
The file was deleted.

The file F:\WINNT\system32\TASKMNGR.EXE is infected with the IRC/Flood.i virus.
The file was deleted.

The file F:\WINNT\system32\TFTP8675 is infected with the MovieWorld virus.
The file was deleted.

The file F:\WINNT\system32\WINHP32.EXE is infected with the IRC/Flood.e virus.
The file was deleted.

The file F:\WINNT\Temp\xf4yga\internet explorer\iserver.bat is infected with the IRC/Flood.bc virus.
The file was deleted.

The file F:\WINNT\Temp\xf4yga\internet explorer\ntcmd.exe is infected with the Fluxay.gen virus.
The file was deleted.

The file F:\WINNT\Temp\xf4yga\internet explorer\recv\share.bat is infected with the IRC/Flood.bc virus.
The file was deleted.

The file F:\WINNT\Temp\xf4yga\internet explorer\share.bat is infected with the IRC/Flood.bc virus.
The file was deleted.

The file F:\WINNT\Temp\xf4yga\internet explorer\sysd.exe is infected with the IRC/Flood.e virus.
The file was deleted.

Managed to get all these off my system. The thing that worried me more is that Norton Antivirus 2002 missed ALL these on a full-system scan this afternoon (with the latest virus defs, and inspecting ALL files, including compressed files)

McAfee found the above files. I'm now going to find it much harder indeed to ever trust Norton Antivirus again.