false messenger service problem traced back to csrss.exe

[Guest]

ok every time i logon to the net ( currently using aol 9.0 ) i get this "messanger service " thing that pops up not in a new window like a pop up ad but in a 3d box like an error message would it advertises everything from widows updates to ascii porn. i have tried every spyware detector i know of and both norton and mccaffe but they do not detect anyone i called support and they told me to post here any help while this mssg was up i ctrl+alt+dl to pull up the task manager and went to the process and it told me it was csrss.exe and that it was a crittical system operation and i could not end the processes hit sounds to me like a Heavily embeded spyware/trojan and i want to get rid of it is there anyway that yall know of short of doing a stem restore? please this is driving me insane thanks and i hope to see a reply soon either here or via email

 

[Carey Frisch [MVP]]

You need to install a good Firewall.

America Online installs its own connection settings that override
the ones that come with Windows XP. America Online's
connection settings don't include a way to turn on Windows XP's
built-in firewall.

Visit the following web site for instructions on downloading
a FREE firewall program for your computer.

Ref: http://www.updatexp.com/free.html

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

--------------------------------------------------------------------------------------------------


| ok every time i logon to the net ( currently using aol 9.0 ) i get this "messanger service " thing that pops
up not in a new window like a pop up ad but in a 3d box like an error message would it advertises everything
from widows updates to ascii porn. i have tried every spyware detector i know of and both norton and mccaffe
but they do not detect anyone i called support and they told me to post here any help while this mssg was up i
ctrl+alt+dl to pull up the task manager and went to the process and it told me it was csrss.exe and that it
was a crittical system operation and i could not end the processes hit sounds to me like a Heavily embeded
spyware/trojan and i want to get rid of it is there anyway that yall know of short of doing a stem restore?
please this is driving me insane thanks and i hope to see a reply soon either here or via email

 

[Bruce Chambers]

Greetings --

Does the title bar of these pop-ups read "Messenger Service?"

This type of spam has become quite common over the past several
months, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you may well be open to other threats, such as the Blaster Worm that
recently swept cross the Internet. Install and use a decent,
properly configured firewall. (Merely disabling the messenger
service, as some people recommend, only hides the symptom, and does
little or nothing to truly secure your machine.) And ignoring or just
"putting up with" the security gap represented by these messages is
particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Whichever firewall you decide upon, be sure to ensure
UDP ports 135, 137, and 138 and TCP ports 135, 139, and 445 are _all_
blocked. You may also disable Inbound NetBIOS (NetBIOS over TCP/IP).
You'll have to follow the instructions from firewall's manufacturer
for the specific steps.

You can test your firewall at:

Symantec Security Check
http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT

Security Scan - Sygate Online Services
http://www.sygatetech.com/

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Guest]

Hey, that same thing is happening to me, except i am
getting it as e-mail aswell, the message unavailable
keeps coming up when i click to read the replys in the
post, so if someone has told you how to get rid of them,
can you tell me at (e-mail address removed)

 

[Lanwench [MVP - Exchange]]

Hi - you might want to consider using a newsreader like Outlook Express or
Forte Agent rather than the web interface to the newsgroups - it's a lot
easier to do nearly everything there, including searching, which is always a
good idea to do before you post, as well as mark messages to be watched, and
filter based on replies to your posts.

The Microsoft public news server is msnews.microsoft.com and you can
subscribe to as many groups as you like.