Where's the WORM ?

  • Thread starter Thread starter dieselmb
  • Start date Start date
D

dieselmb

A very strange situation developed a few days ago: IE and OE would not
download anything. e-mails and browser page would not download.
Pinging and tracing worked flawlessly and the ISP server was ok.
After all my and the ISP tech's fruitless digging, I decided to
completely wipe my HDD clean (write zeros to the entire drive), re-
format it and do a clean install of the OS.
Imedeately after the installation I started to get persistent pop-ups:
""""""""""""""""""""""""""""""
MESSENGER SERVICE
message from local system to user on [date, time]
CRITICAL ERROR MESSAGE! - REGISTRY DAMAGED AND CORRUPTED
To FIX the problem:
Open IE and type: www.registrycleanerxp.com
Once you load the page, close this window
After youninstall the cleaner program you will not receive any more
reminders or popups like this.
VISIT www.registrycleanerxp.com IMMEDEATELY!
""""""""""""""""""""""""""""""
Adaware and Spybot do not find any trojans or malware.
When I lookat TaskManager it shows the popup comes from the process
CSRSS.exe. The only files of this name I can find are in WINNT\sytem32
and Servicepack\system32, both legit system files.
 
That tells us that your messenger service is running and more
importantly that your computer is not properly protected by a firewall.
On a properly protected network the messenger service can have some
use, for any other scenario the messenger service should be disabled.
Disabling the messenger service will stop the pop-ups, however that will
only cover up the symptoms caused by the lack of a properly configured
firewall. Running Windows NT/2000/XP/Vista without a firewall leaves a
security hole the size of Texas on your computer!

John
 
PS: This may help: http://www.re-quest.net/computers/messenger-spam/

John said:
That tells us that your messenger service is running and more
importantly that your computer is not properly protected by a firewall.
On a properly protected network the messenger service can have some
use, for any other scenario the messenger service should be disabled.
Disabling the messenger service will stop the pop-ups, however that will
only cover up the symptoms caused by the lack of a properly configured
firewall. Running Windows NT/2000/XP/Vista without a firewall leaves a
security hole the size of Texas on your computer!

John

A very strange situation developed a few days ago: IE and OE would not
download anything. e-mails and browser page would not download.
Pinging and tracing worked flawlessly and the ISP server was ok.
After all my and the ISP tech's fruitless digging, I decided to
completely wipe my HDD clean (write zeros to the entire drive), re-
format it and do a clean install of the OS.
Imedeately after the installation I started to get persistent pop-ups:
""""""""""""""""""""""""""""""
MESSENGER SERVICE
message from local system to user on [date, time]
CRITICAL ERROR MESSAGE! - REGISTRY DAMAGED AND CORRUPTED
To FIX the problem:
Open IE and type: www.registrycleanerxp.com
Once you load the page, close this window
After youninstall the cleaner program you will not receive any more
reminders or popups like this.
VISIT www.registrycleanerxp.com IMMEDEATELY!
""""""""""""""""""""""""""""""
Adaware and Spybot do not find any trojans or malware.
When I lookat TaskManager it shows the popup comes from the process
CSRSS.exe. The only files of this name I can find are in WINNT\sytem32
and Servicepack\system32, both legit system files.
Click to expand...
Click to expand...
 
From: <[email protected]>

< snip >


| MESSENGER SERVICE

< snip >


| Adaware and Spybot do not find any trojans or malware.
| When I lookat TaskManager it shows the popup comes from the process
| CSRSS.exe. The only files of this name I can find are in WINNT\sytem32
| and Servicepack\system32, both legit system files.

Yeah... Of COURSE they didn't find malware as the cause. It isn't caused by malware!

It is a plain and simple con job in a NetBIOS Pop-Up form !

To disable the Windows Messenger Service, go to Start --> Run
type; services.msc
Find "Messenger"

Stop it.
Disable it.

A Router such as the Linksys BEFSR41 will also block this at the WAN/LAN interface and such
messages won't be seen on a LAN PC.

It also means...

Your PC has NetBIOS over IP exposed to the Internet and you are at risk of Internet worms
and hackers. Disabling the Messenger Service only stops the Pop-Ups. It will NOT protect
against
Internet worms and hackers.

A Router such as the Linksys BEFSR41 will protect against Internet worms and hackers. As
always I suggest specificaklly blocking both TCP and UDP ports 135 ~ 139 and 445 on *any*
SOHO Router like the BEFSR41.
 
START | SETTINGS | CONTROL PANEL | ADMINISTRATIVE TOOLS | SERVICES

Double-click the MESSENGER service

Stop it then disable it

Job done
 
Back
Top