Error or virus?

[Guest]

I keep getting several errors telling me to go to "regfixit.com" or
"patchupdate.com" because my registery has several fatal errors - I have
checked my computer and it's fine, I've run AVG Free virus scanner and it
can't detect a virus. I've also checked with Spybot.
I'm running Windows Proffesional.
What's wrong?!

 

[David H. Lipman]

From: "Josh" <[email protected]>

| I keep getting several errors telling me to go to "regfixit.com" or
| "patchupdate.com" because my registery has several fatal errors - I have
| checked my computer and it's fine, I've run AVG Free virus scanner and it
| can't detect a virus. I've also checked with Spybot.
| I'm running Windows Proffesional.
| What's wrong?!

The OS does NOT generate such errors.

Do error messages appear as Pop-Ups with the term "Messenger Service" ?

 

[Guest]

Yes, they do.

 

[philo]

Yes, they do.

It's malware of some sort...

try lavasoft adaware SE

it will prob. pick up stuff spybot missed

(but keep running spybot too)

 

[Guest]

Errm, Lalvasoft you ahve to pay. I was kinda lookign for something free.

 

[Bruce Chambers]

I keep getting several errors telling me to go to "regfixit.com" or
"patchupdate.com" because my registery has several fatal errors - I have
checked my computer and it's fine, I've run AVG Free virus scanner and it
can't detect a virus. I've also checked with Spybot.
I'm running Windows Proffesional.
What's wrong?!

"What's wrong" is that you're connecting to the Internet without having
a firewall enabled.

It's a scam, plain and simple. It's from a very unscrupulous
"business." They're trying to sell you patches that Microsoft provides
free-of-charge, and using a very intrusive means of advertising. It's
also demonstrating that your PC is very unsecure.

This type of spam has become quite common over the past few years,
and unintentionally serves as a valid security "alert." It demonstrates
that you haven't been taking sufficient precautions while connected to
the Internet. Your data probably hasn't been compromised by these
specific advertisements, but if you're open to this exploit, you most
definitely open to other threats, such as the Blaster, Welchia, and
Sasser Worms that still haunt the Internet. Install and use a decent,
properly configured firewall. (Merely disabling the messenger service,
as some people recommend, only hides the symptom, and does little or
nothing to truly secure your machine.) And ignoring or just "putting up
with" the security gap represented by these messages is particularly
foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Whichever firewall you decide upon, be sure to ensure UDP ports 135,
137, and 138 and TCP ports 135, 139, and 445 are all blocked. You may
also disable Inbound NetBIOS over TCP/IP). You'll have to follow the
instructions from firewall's manufacturer for the specific steps.

You can test your firewall at:

Symantec Security Check
http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT

Security Scan - Sygate Online Services
http://www.sygatetech.com/

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is not the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as a
security alert. The true problem is the unsecured computer, and you've
been advised to merely turn off the warnings. How is this helpful?

There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.

The weakest link in this "equation" is, of course, the computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer. All
too few people keep their antivirus software current, install patches
in a timely manner, or stop to really think about that cutesy link
they're about to click.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.

To learn more about practicing "safe hex," start with these links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

List of Antivirus Software Vendors
http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

Home PC Firewall Guide
http://www.firewallguide.com/

Scumware.com
http://www.scumware.com/



--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell

 

[Guest]

It's malware of some sort...

try lavasoft adaware SE

it will prob. pick up stuff spybot missed

(but keep running spybot too)

That's true Philio, and it depend on what his hoem page set to, it is
pop-ups from a Banner on the Home page, or the Op Home page is hijacked and
he's been redirected for these websites to neck his money clean.
Josh what your home page set to?.
Try to open the HOSTS file from windows Explorer, the path will looks like
this:
C:\Windows\System32\drivers\etc (if you can't see it try to show Hidden
file/folder on the System by click on tools = Folder Options and check the
radio button for this choice) look in the Right pane and see if you could see
the Hosts File there,but be aware there is another Hosts file with the
Extension .SAM leave this don't edit just the Hosts file without the
extension .SAM please.
Select open with Notepad and open the file, there remove any references for
the pre-mentioned website (s) and save the file * as is*.
Reboot your machine and see if you will get the po-ups.
Is your Firewall is On, if you don't have one I recommend to install one
with AVG to protect you from Intruders, Hijacker, pop-ups.etc....
for lavasoft free go here and cshreder:
http://www.aumha.org/free.htm
HTH.
Please let us know if you need further help.
Regards,
nass

 

[Joel]

www.lavasoft.com go to website, upper right hand corner Free version of SE
personal. It does the trick.

 

[David H. Lipman]

From: "philo" <[email protected]>


| It's malware of some sort...
|
| try lavasoft adaware SE
|
| it will prob. pick up stuff spybot missed
|
| (but keep running spybot too)
|

No it is NOT !
Anti malware software will NOT help !!

 

[David H. Lipman]

From: "Josh" <[email protected]>

| Yes, they do.
|

It is a con job !

To disable the Windows Messenger Service, you can open a Command Prompt and type the
following commands...

sc stop Messenger
sc config Messenger start= disabled

A Router such as the Linksys BEFSR41 will also block this at the WAN/LAN interface and such
messages won't be seen on a LAN PC.

It also means two things...

You do NOT have WinXP SP2 installed
Your PC has NetBNIOS over IP exposed to the Internet.

If you had installed WinXP SP2 it would have done two things. Disabled the NT Messenger
Service and enabled the WinXP FireWall.

 

[David H. Lipman]

From: "nass" <[email protected]>


| That's true Philio, and it depend on what his hoem page set to, it is


That's false !

 

[Guest]

From: "nass" <[email protected]>


| That's true Philio, and it depend on what his home page set to, it is


That's false !

So are you saying that the OP Home Page not Hijacked by malware !
nass

 

[philo]

Errm, Lalvasoft you ahve to pay. I was kinda lookign for something free.

Lavasoft Adaware SE personal is FREE~!!!

 

[David H. Lipman]

From: "nass" <[email protected]>

!
|
| So are you saying that the OP Home Page not Hijacked by malware !
| nass


No I am saying getting Pop-Ups with the following content.. "...telling me to go to
"regfixit.com" or
"patchupdate.com" because my registery has several fatal errors" is NOT malware and is not
generated from the POV of the PC. It is a NetBIOS Pop-Up scam and can be mitigated in
several ways NOT related to anti malware software.

1. Install WinXP SP2. This will enable the WinXP FireWall and disable the NT Messenger
Seervice
2. Install any FireWall application
3. Manually disable the NT Messenger Service
4. Install a Cable/DSL Router such as the Linksys BEFSR41

I saw NOTHING about a Browser home-page HiJack in Josh's post and subsequent replies.

 

[Bruce Chambers]

Lavasoft Adaware SE personal is FREE~!!!

True, but it won't do a thing to help with the OP's problem.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell

 

[David H. Lipman]

From: "Bruce Chambers" <[email protected]>

| True, but it won't do a thing to help with the OP's problem.
|

I was going to write something like that but I figured he read the rest of the thread.

 

[Enkidu]

There's a free version.

http://www.lavasoft.com/download_and_buy/product_comparison_chart.php

Cheers,

Cliff

 

[Guest]

From: "nass" <[email protected]>

!
|
| So are you saying that the OP Home Page not Hijacked by malware !
| nass


No I am saying getting Pop-Ups with the following content.. "...telling me to go to
"regfixit.com" or
"patchupdate.com" because my registery has several fatal errors" is NOT malware and is not
generated from the POV of the PC. It is a NetBIOS Pop-Up scam and can be mitigated in
several ways NOT related to anti malware software.

1. Install WinXP SP2. This will enable the WinXP FireWall and disable the NT Messenger
Seervice
2. Install any FireWall application
3. Manually disable the NT Messenger Service
4. Install a Cable/DSL Router such as the Linksys BEFSR41

I saw NOTHING about a Browser home-page HiJack in Josh's post and subsequent replies.

That's true reading the OP other thread he changed now to * Messanger
service* Alert.
But I wonder if the OP already have SP2,he/her should look at and consider
what been mentioned in his/her thread to protect his/Her PC by cleaning up
and install a Firewall as I mentioned and Bruce in the relpy to the OP.
Messenger service is one of many the OP Security can be compromised from
other attacks/threats on the Internet.
Regards,
nass

 

[David H. Lipman]

From: "nass" <[email protected]>


|
| That's true reading the OP other thread he changed now to * Messanger
| service* Alert.
| But I wonder if the OP already have SP2,he/her should look at and consider
| what been mentioned in his/her thread to protect his/Her PC by cleaning up
| and install a Firewall as I mentioned and Bruce in the relpy to the OP.
| Messenger service is one of many the OP Security can be compromised from
| other attacks/threats on the Internet.
| Regards,
| nass
| ------------------------
| www.nasstec.co.uk

There is NO threat in having the messenger Service enabled, only annoyances and scan
Pop_Ups.

The threat comes in form haveing TCP/UDP ports 134 ~ 139 and 445 open to the Internet.
Especially when not using a password or using a weak password. The fact that one can
receive a NetBIOS Pop-Up is indicative of this exposure.