UnderAttack? said:
I keep seeing the following dialog pop up on my screen:
Messager Service
Message from WINDOWS to ALERT on 6/15/2005 9:37:42 AM
STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.
Windows has found Critical System Errors.
To fix the errors please do the following:
1. Download Repair Registry Pro from:
www.regprofix.com
2. Install Repair Registry Pro
3. Run Repair Registry Pro
4. Reboot your computer
FAILURE TO ACT NOW MAY LEAD TO SYSTEM FAILURE!
However, I can find no reference to regprofix.com with a Google search.
Other similar dialogs appear directing me to
www.updatepatch.info,
e-regpatch.com and SwipeSpy.com for repair utilities. However, I can find no
reference to any of those sites on Google! Regprofix.com indicates no
affiliation with Microsoft.
I'm concerned that this is a deceptive internet attack of some sort. What
should I do? Can anyone offer a suggestion? Asking good ole Microsoft costs
$100 up front.
It's a scam, plain and simple. It's from a very unscrupulous
"business." They're trying to sell you patches that Microsoft provides
free-of-charge, and using a very intrusive means of advertising. It's
also demonstrating that your PC is very unsecured.
This type of spam has become quite common over the past couple of
years, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you most definitely open to other threats, such as the Blaster,
Welchia, and Sasser Worms that still haunt the Internet. Install and
use a decent, properly configured firewall. (Merely disabling the
messenger service, as some people recommend, only hides the symptom,
and does little or nothing to truly secure your machine.) And
ignoring or just "putting up with" the security gap represented by
these messages is particularly foolish.
Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893
Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904
Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp
Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm
Whichever firewall you decide upon, be sure to ensure UP ports 135,
137, and 138 and TCP ports 135, 139, and 445 are all blocked. You
may also disable Inbound NetBIOS over TCP/IP). You'll have
to follow the instructions from firewall's manufacturer for the
specific steps.
You can test your firewall at:
Symantec Security Check
http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT
Security Scan - Sygate Online Services
http://www.sygatetech.com/
Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is not the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?
There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.
The weakest link in this "equation" is, of course, the computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer. All
too few people keep their antivirus software current, install patches
in a timely manner, or stop to really think about that cutesy link
they're about to click.
Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.
To learn more about practicing "safe hex," start with these links:
Protect Your PC
http://www.microsoft.com/security/protect/default.asp
Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/
List of Antivirus Software Vendors
http://support.microsoft.com/default.aspx?scid=kb;en-us;49500
Home PC Firewall Guide
http://www.firewallguide.com/
Scumware.com
http://www.scumware.com/
--
Bruce Chambers
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
