Bogus "MSoft update" popups?

G

Guest

Hi there! A friend is getting some weird popup message windows on his
Windows 2000 system --here's the gist of it:

"Message fromUPDATE to NOW on (lists the current date/time)
Important Notice from MSOFT
Buffer Overflow inMessenger Service Allows Unexpected Computer Shutdown,
Virus Infection and Remote Code Execution
Affected Software:
Here's where it lists just about all the MSoftware on his system"
******
It has a link to an URL (my bad -- I didn't get it!) to "fix" this problem
and get updates -- sounds like this is an attempt to hijack his system or
install spyware on it, but I have used norton AV and Ad-Aware -- neither of
which have found anything...any ideas? Has anyone else seen this?

Thanks in advance...
 
D

Dave Patrick

Sounds like your friend doesn't have a properly configured firewall.

Messenger Service Window That Contains an Internet Advertisement Appears
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q330904

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi there! A friend is getting some weird popup message windows on his
| Windows 2000 system --here's the gist of it:
|
| "Message fromUPDATE to NOW on (lists the current date/time)
| Important Notice from MSOFT
| Buffer Overflow inMessenger Service Allows Unexpected Computer Shutdown,
| Virus Infection and Remote Code Execution
| Affected Software:
| Here's where it lists just about all the MSoftware on his system"
| ******
| It has a link to an URL (my bad -- I didn't get it!) to "fix" this problem
| and get updates -- sounds like this is an attempt to hijack his system or
| install spyware on it, but I have used norton AV and Ad-Aware -- neither
of
| which have found anything...any ideas? Has anyone else seen this?
|
| Thanks in advance...
| --
| Katrina
 
M

Matt Wagner [MSFT]

Katrina:

In addition to configuring your firewall, if you aren't using it you can
disable the Messenger Service. Follow the steps below to do this:

1. Go to Start->Control Panel->Administrative Tools
2. Go to Services
3. Open the "Messenger" service
4. Change the startup type to "Disabled"
5. Click "OK"

--
Matt Wagner
Enterprise Engineering Center
Microsoft Corporation

Legal Disclaimer:
This posting is provided "AS IS" with no warranties, and confers no
rights. Use of included script samples are subject to the terms
specified at http://www.microsoft.com/info/cpyright.htm Please do not
send e-mail directly to this alias. This alias is for newsgroup purposes
only.
 
B

Bruce Chambers

It's a scam, plain and simple. It's from a very unscrupulous
"business." They're trying to sell you patches that Microsoft
provides free-of-charge, and using a very intrusive means of
advertising. It's also demonstrating that your PC is very unsecure.

This type of spam has become quite common over the past couple of
years, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you most definitely open to other threats, such as the Blaster,
Welchia, and Sasser Worms that still haunt the Internet. Install and
use a decent, properly configured firewall. (Merely disabling the
messenger service, as some people recommend, only hides the symptom,
and does little or nothing to truly secure your machine.) And
ignoring or just "putting up with" the security gap represented by
these messages is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Whichever firewall you decide upon, be sure to ensure UDP ports 135,
137, and 138 and TCP ports 135, 139, and 445 are all blocked. You
may also disable Inbound NetBIOS over TCP/IP). You'll have
to follow the instructions from firewall's manufacturer for the
specific steps.

You can test your firewall at:

Symantec Security Check
http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT

Security Scan - Sygate Online Services
http://www.sygatetech.com/

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is not the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
 
G

Guest

Thanks -- I'll forward this to him!

Matt Wagner said:
Katrina:

In addition to configuring your firewall, if you aren't using it you can
disable the Messenger Service. Follow the steps below to do this:

1. Go to Start->Control Panel->Administrative Tools
2. Go to Services
3. Open the "Messenger" service
4. Change the startup type to "Disabled"
5. Click "OK"

--
Matt Wagner
Enterprise Engineering Center
Microsoft Corporation

Legal Disclaimer:
This posting is provided "AS IS" with no warranties, and confers no
rights. Use of included script samples are subject to the terms
specified at http://www.microsoft.com/info/cpyright.htm Please do not
send e-mail directly to this alias. This alias is for newsgroup purposes
only.
Click to expand...
 
G

Guest

Thanks for this info -- he was very fortunate in that a friend of his
upgraded his laptop, and gave him this one for free. He's only had it a
couple of weeks and when I was over there working on it, I saw those popups
and thought there was something wrong...but couldn't find a thing on the 'net
about them! Hence the reason I updated his virus def's (they were 1,615 days
old!!!) and installed Ad-Aware -- but Ad-Aware doesn't always seem to find
everything.

I appreciate everyone's input...I'll let Terry know what you'll have
suggested. If anyone has anything else they think he should do, please feel
free to post!

Thanks, Katrina
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Messenger Service and a Virus On WinXP.Thanks 1
How to get rid of messages from Messenger Service 2
windows security bulletin 4
errors from messenger service 3
"messenger service" error messages 0
Update patch for MSN Messenger 5
**Message from Security Monitor to Windows User** 3
Buffer Overrun in Messenger Service 1

Top