pop ups

  • Thread starter Thread starter peter mcwalter
  • Start date Start date
P

peter mcwalter

why do I get pop ups when internet explorer is not in
use? I was getting them today when I was writing an
email. I run windows xp home edition, and have a
broadband connecion. I have recieved 5 popups writing
this note!!
 
peter mcwalter said:
why do I get pop ups when internet explorer is not in
use? I was getting them today when I was writing an
email. I run windows xp home edition, and have a
broadband connecion. I have recieved 5 popups writing
this note!!
Click to expand...

Get and run these four programs:
Ad-Aware:
http://lavasoft.element5.com/support/download/
and
Spybot - Search & Destroy -
http://security.kolla.de/index.php?lang=en&page=download
http://spybot.eon.net.au/
http://www.tomcoyote.org/SPYBOT/
and
BHO Demon: http://www.spywareinfo.com/downloads/bhod/
and
SpywareBlaster:
http://www.wilderssecurity.net/spywareblaster.html
 
Hi Peter - These are most likely due to open NetBios ports 135, 137-139 and
445. You really need to block these with a firewall as a general protection
measure. You can stop the popups by turning off Messenger Service; however,
this still leaves you vulnerable. If you have an NT-based OS such as XP or
Win2k, you should probably also specifically block the following additional
ports as well: UDP 135, and TCP 593, and install the very important 823980
patch from MS03-026, here: http://support.microsoft.com/?kbid=823980.


See: Messenger Service Window That Contains an Internet Advertisement
Appears http://support.microsoft.com/?id=330904 which identifies reasons to
keep this service and steps to take if you do.

You can test your system and follow the 'Prevention' link to get additional
information here:
http://www.mynetwatchman.com/winpopuptester.asp Unless you have very good
reasons to keep this active, it should be turned off in Win2k and XP. Go
here and do what it says:
http://www.itc.virginia.edu/desktop/docs/messagepopup/ or, even better, get
MessageSubtract, free, here, which will give you flexible control of the
service and viewing of these messages:
http://www.intermute.com/messagesubtract/help.html Recommended.

(FWIW, ZoneAlarm's default Internet Zone firewall configuration blocks the
necessary ports to prevent this use of Messenger Service. I don't know the
situation with regard to other firewalls.)

Messenger Service is not per se Spyware or something that MS did wrong - It
provides a messaging capability which is useful for local intranets and is
also sometimes (albeit nowdays infrequently) used by some applications to
provide popup messaages to users. However, it can also be (and now
frequently is) used to introduce spam via this open NetBios channel. For a
single user home computer, it normally isn't needed and can be turned off
which will eliminate the spam popups. This DOESN'T, however, remove the
vulnerability of having these ports open, when in fact they aren't needed,
since they can be perverted in other ways as well, some of which can be much
more damaging than just a spam popup.


--
Regards, Jim Byrd, MS-MVP
Please respond in original thread in Newsgroup.


In
 
Back
Top