Hi litllammy - There are currently two classes of things going on that are
causing people popup difficulties. If you get popups even when your browser
is not connected to the Internet with a title bar reading "Messenger
Service", then these are most likely due to open NetBios TCP ports 135, 139
and 445 and UDP ports 135, 137-138 and a UDP port in the range of
1026-1029.. You really need to block these with a firewall as a general
protection measure. You can stop the popups by turning off Messenger
Service; however, this still leaves you vulnerable. If you have an NT-based
OS such as XP or Win2k, you should probably also specifically block TCP
593, 4444 and UDP 69, 139, 445, and install the very important 824146 and
823980 patchs from MS03-026 and MS03-039, here:
http://support.microsoft.com/default.aspx?kbid=824146 to block the Blaster
worm as well as several other parasites. There is a tool available here to
check for these patches:
http://support.microsoft.com/default.aspx?scid=kb;en-us;827363
See: Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904 which identifies reasons to
keep this service and steps to take if you do.
You can test your system and follow the 'Prevention' link to get additional
information here:
http://www.mynetwatchman.com/winpopuptester.asp Unless you have very good
reasons to keep this active, it should be turned off in Win2k and XP. Go
here and do what it says:
http://www.itc.virginia.edu/desktop/docs/messagepopup/ or, even better, get
MessageSubtract, free, here, which will give you flexible control of the
service and viewing of these messages:
http://www.intermute.com/messagesubtract/help.html Recommended.
(FWIW, ZoneAlarm's default Internet Zone firewall configuration blocks the
necessary ports to prevent this use of Messenger Service. I don't know the
situation with regard to other firewalls.)
Messenger Service is not per se Spyware or something that MS did wrong - It
provides a messaging capability which is useful for local intranets and is
also sometimes (albeit nowadays infrequently) used by some applications to
provide popup messages to users. However, it can also be (and now frequently
is) used to introduce spam via this open NetBIOS channel. For a single user
home computer, it normally isn't needed and can be turned off which will
eliminate the spam popups. This DOESN'T, however, remove the vulnerability
of having these ports open, when in fact they aren't needed, since they can
be perverted in other ways as well, some of which can be much more damaging
than just a spam popup.
If you're getting a lot of popups while surfing, then take a look at my
Blog, Defending Your Machine, addy below in my Signature and follow the
steps outlined there.
The following is an older 'standard' post of mine relative to this. Some
links may no longer be valid:
There are a variety of third party "Popup Killers" available:
AdShield, if you maintain its Block List every now and then, almost totally
stops this. In addition, it stops a variety of ads/banners/etc.
(particularly spyware like doubleclick) on pages I access. This is probably
all you'll need; however, I've also investigated a program called webwasher
which appears to be very good. At the bottom of this post, you'll find a
list provided courtesy of bc_acadia of a number of free popup blockers with
links.
****** NOTE: As of 28 Apr 03 AdShield appears to have partnered with a new
reseller, and AdShield is no longer free. There is a trial version of
AdShield3; however, IMO it is seriously crippled in not being able to import
or export block lists and I think for reasonable utility one would have to
go to the full version. While I don't normally recommend non-free software,
I personally will continue to use AdShield3, since I think it is the best
currently available combined Popup/Ad/Malware blocker, but you should be
aware of the fact that it now costs, ($29.95 at this writing), whereas the
earlier versions upon which I based my original recommendation were free,
although not nearly as capable as the AdShield3 release. I've included below
links to both the older free version and the new paid version. You'll have
to investigate and make your own choice in the matter. *******
Here are a number of AdShield-related links:
http://www.fsd1.org/technology/Files/AdShield.exe - AdShield1.2 (free)
http://www.internettechs.net/utilities/AdShield.exe - AdShield1.2 (free)
http://ftp.ural.ru/home/index/windows/networking/utils/AdShield -
AdShield1.2 (free)
http://www.megalog.ru/info/utilz/AdShield.zip - AdShield1.2 (free)
http://www.allstarss.com/store/adshield.html - AdShield3
http://www.ad-shield.com/ AdShield3 Info/Purchase/Block List
http://www.mvps.org/winhelp2002/block.txt - (Mike Burgess' .txt Block List
for AdShield - Recommended)
http://www.mvps.org/winhelp2002/block.zip - Mike Burgess' Zipped Block List
for AdShield - Recommended)
http://www.songwave.com/software/adshield_blocklist.txt (40,000 pornsites
blocked - *VERY* large list - use at your own risk)
http://www.chrismyden.com/temp/block.abl (chrismyden's blocklist in .abl
format - Recommended)
http://www.staff.uiuc.edu/~ehowes/resource.htm#AdShield (Eric Howes AGNIS
for AdShield block list - Recommended) (BTW, Eric's site contains a wealth
of very valuable information about all aspects of net security - Very Highly
Recommended)
There is additional information about setting up and using AdShield, and
about using the Restricted Zone (and an additional list) here:
http://www.mvps.org/winhelp2002/hosts.htm
Here's a good AdShield test site, courtesy of siljaline: "Make ***SURE***
you have your 'block scripted popups' enabled
http://www.mediaboy.net/1010100-1100001-1111010/gahk/>>>> [Warning this URL
opens a multitude of Browser windows almost instantly - YOU'VE BEEN
WARNED!]"
http://www.webwasher.com - Webwasher
For WinXP users, Service Pack 2 has a built-in popup stopper which is fairly
effective.
Additionally, some people have recommended Popup Stopper and PopupBuster,
but they have also been reported or experienced to cause perceived problems
for some people with "normal" links in IE6 such as Google search results and
links from OE. Some proponents of PopupBuster assert, however, that this is
normal operation for this program under certain circumstances which can be
overridden if necessary. YMMV Another "Proxy" type blocker similar to
Webwasher and Proxomitron but supposedly a bit easier to configure is
Privoxy here:
http://www.privoxy.org/
Also, the free Google Tool Bar has a builtin popup blocker which is pretty
effective.
A very clever alternative approach to general ad (vice Popup) blocking is
outlined here:
http://www.sherylcanter.com/articles/oreilly_20040330_HostsPac.php
and here:
http://s91363763.onlinehome.us/BlackHoleProxy/index.html
The approach is similar to that used in eDexter, but improved. I've tried
it, and it does work as advertised. (<groan> - sorry 'bout that!)
Probably should only be considered by more knowledgeable users, as it's a
little complicated to set up using the directions given if you don't already
know a bit. (It also has some tendency to block some things you'd rather it
didn't at times if PAC files are used instead of the HOSTS file due to its
use of regular expressions for blocking definitions without some tuning.)
Lastly, ZoneAlarmPro has added provisions for stopping adds/popups, handling
cookies, web bugs, and scripting/ActiveX components in addition to it's
firewall functionality. Not free, but I have used it in the past with my
other AdBlocking stuff (AdShield, etc.) turned off as a test, and it appears
to be very good indeed. So far I've experienced no problems at all with it
set in its High Security modes for Ads although others have reported the
need to temporarily turn it off to reach some sites. Also, Agnitum's Outpost
Firewall supports a plug-in for this: "Pre-configured to block most banner
advertisement. Can be configured manually or by simply dragging and dropping
unwanted banners into the Ad Trashcan." I have no experience as to how
effective it is, but I have received a favorable report.
There's good information about hijacking in general and fixes available for
specific hijackers here:
http://spywareinfo.com/articles/hijacked/
http://gmpservicesinc.com/Articles/hijack.asp
http://www.mvps.org/inetexplorer/Darnit.htm#pop_up
http://www.doxdesk.com/parasite/
bc_acadia's list:
"Some popup blockers. All of these are 100% pure freeware, no trial
periods. Some of these do more than just handle popups.
Pow!:
http://www.analogx.com/contents/download/network/pow.htm
NoAds:
http://www.southbaypc.com/NoAds/
PopupEraser:
http://www.webknacks.com/popuperaser.htm
Stop-the-Pop:
http://www.bysoft.se/sureshot/stopthepop/index.html
Internet Organizer:
http://www.sf.yucom.be/wdprojects/
PopKi:
http://ranfo.com/popki.html
PopUpKiller:
http://sourceforge.net/projects/puk/
AdCruncher Proxy:
http://mysite.verizon.net/~mr_fish/AdCruncher/ReadMe.html
KillAd:
http://www.iomagic.org/fsc/
ClickOff:
http://www.johanneshuebner.com/en/download.html
PopupBuster:
http://www.popupbuster.com/PopUpBuster/
Free Surfer:
http://www.kolumbus.fi/eero.muhonen/FS/
Window Shades:
http://www.g-m-m.com/Software/WindowShades/index.php
AdShield (my personal favorite):
http://www.ad-shield.com/
PopupStopper:
http://www.panicware.com/popupstopper.html
Proxomitron (Is no longer supported and has a learning curve):
http://www.proxomitron.org/
For those who don't want third party stuff, your own pc's built-in
host file:
http://www.mvps.org/winhelp2002/hosts.htm and
http://www.accs-net.com/hosts/
Here is a review of 61 popup killers. Not all of them are free:
http://www.popup-killer-review.com/index.htm"
NOTE that this site also contains a good, comprehensive series of popup
killer tests. Some good additional tests are also available here:
http://www.webknacks.com/aptest.htm
There's another popup test page here:
http://www.kephyr.com/popupkillertest/index.html
Another good test page and lists of both free and cost popup blockers is
here:
http://www.popuptest.com/ Recommended
An excellent test site here:
http://www.popupcheck.com/ Highly
Recommended.
Another list of some popup blockers:
http://www.messaging-software.net/popup-killer-software.htm
If you install and keep UPDATED a good HOSTS file, it can help you avoid
most adware/malware. See here: <
http://www.mvps.org/winhelp2002/hosts.htm>
(Be sure it's named/renamed HOSTS - all caps, no extension)
You might want to consider installing Eric Howes' IESpyAds, SpywareBlaster
and SpywareGuard here to help prevent getting this kind of adware/malware in
the future:
IESpyads -
https://netfiles.uiuc.edu/ehowes/www/resource.htm "IE-SPYAD adds
a long list of sites and domains associated with known advertisers,
marketers, and crapware pushers to the Restricted sites zone of Internet
Explorer. Once you merge this list of sites and domains into the Registry,
the web sites for these companies will not be able to use cookies, ActiveX
controls, Java applets, or scripting to compromise your privacy or your PC
while you surf the Net. Nor will they be able to use your browser to push
unwanted pop-ups, cookies, or auto-installing programs on your PC." Read
carefully.
http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWareBlaster is not memory resident ... no CPU or memory
load - but keep it UPDATED) The latest version as of this writing will
prevent installation or prevent the malware from running if it is already
installed, and it provides information and fixit-links for a variety of
parasites.
http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
install malware) Keep it UPDATED. All three Very Highly Recommended
Perhaps these will help.
--
Regards, Jim Byrd,
My Blog, Defending Your Machine,
http://defendingyourmachine2.blogspot.com/
In litllammy <
[email protected]> typed:
|| When I sign on computer a window comes up in the center from
|| "messenger service" saying it is a message from System To Alert.
|| Stop!! Immediate attention required!! Windows has found critical
|| system errors. Download registry cleaner from
www.clean32.com.
|| Failure to act now may lead to data loss and corruption.
||
|| There are a couple of other boxes that also come up saying the same
|| thing with other site addresses.
||
|| How do I get these to stop and is it a genuine message from windows
|| or just a scam??? I have uninstalled everything on my computer and
|| then reinstalled windows xp, and this still comes up. Any idea what
|| I need to do to stop this from happening???
