'official looking' m/s pop ups

A

Andy

Hi, can anyone help with the following please?
I keep getting the small grey pop ups that look like they are from
microsoft, indeed they may well be. One is for win anti virus and another
is about playing pacific poker. When i click on them to shut them down, the
win anti virus one opens in a small internet explorer window anyway and my
desktop sometimes turns white. After then shutting that window down, the
desktop returns to blue but when i open internet explorer afterwards it
opens in a very small window and i have to drag it to full screen size.
Any advice to get rid rid of this problem would be appreciated.
 
R

RobertVA

Andy said:
Hi, can anyone help with the following please?
I keep getting the small grey pop ups that look like they are from
microsoft, indeed they may well be. One is for win anti virus and another
is about playing pacific poker. When i click on them to shut them down, the
win anti virus one opens in a small internet explorer window anyway and my
desktop sometimes turns white. After then shutting that window down, the
desktop returns to blue but when i open internet explorer afterwards it
opens in a very small window and i have to drag it to full screen size.
Any advice to get rid rid of this problem would be appreciated.

It sounds like something malicious, possibly Messenger service SPAM.
Might be more serious though.

IMPORTANT NOTE: Microsoft Messenger Service is NOT the same thing as
either Windows Instant Messenger, Windows Live Instant Messenger OR MSN
Instant Messenger.

Make sure you are running a firewall. Some even recommend a software
firewall in addition to the firewalls commonly built into the network
routers many people use for their broadband Internet connections.

You need to scan your system with software like:

Gibson Research Corporation "Shields Up" security analysis:

https://www.grc.com/x/ne.dll?bh0bkyd2

The real Microsoft free PC safety scan (must be visited in IE):

http://safety.live.com/site/en-us/default.htm

AVG Anti-virus and Anti-Spyware:

http://free.grisoft.com/doc/1

Spybot Search and Destroy:

http://www.spybot.info/

Ad-Aware SE Personal:

http://www.lavasoft.com/products/ad-aware_se_personal.php
 
G

Galen

In Andy had this to say:

My reply is at the bottom of your sent message:
Hi, can anyone help with the following please?
I keep getting the small grey pop ups that look like they are from
microsoft, indeed they may well be. One is for win anti virus and another
is about playing pacific poker. When i click on them to shut them down,
the
win anti virus one opens in a small internet explorer window anyway and my
desktop sometimes turns white. After then shutting that window down, the
desktop returns to blue but when i open internet explorer afterwards it
opens in a very small window and i have to drag it to full screen size.
Any advice to get rid rid of this problem would be appreciated.

Make sure you're updated to SP2 after you're clean.

Malware Cleaners and Repair:
http://kgiii.info/windows/all/general/malwarefix.html

--
Galen - MS MVP - Windows (Shell/User & IE)
http://dts-l.org/ http://kgiii.info/

"Chance has put in our way a most singular and whimsical problem, and its
solution is its own
reward." - Sherlock Holmes
 
P

Pop`

Andy said:
Hi, can anyone help with the following please?
I keep getting the small grey pop ups that look like they are from
microsoft, indeed they may well be. One is for win anti virus and
another is about playing pacific poker. When i click on them to shut
them down, the win anti virus one opens in a small internet explorer
window anyway and my desktop sometimes turns white. After then
shutting that window down, the desktop returns to blue but when i
open internet explorer afterwards it opens in a very small window and
i have to drag it to full screen size. Any advice to get rid rid of this
problem would be appreciated.

No. those are not MS popups; which should tell you something about the
quality of all of them. You've been infected with malware.
 
B

Bruce Chambers

Andy said:
Hi, can anyone help with the following please?
I keep getting the small grey pop ups that look like they are from
microsoft, indeed they may well be. One is for win anti virus and another
is about playing pacific poker. When i click on them to shut them down, the
win anti virus one opens in a small internet explorer window anyway and my
desktop sometimes turns white. After then shutting that window down, the
desktop returns to blue but when i open internet explorer afterwards it
opens in a very small window and i have to drag it to full screen size.
Any advice to get rid rid of this problem would be appreciated.


It's most likely from a very unscrupulous "business." They're
trying to sell you patches that Microsoft provides free-of-charge, or a
useless "product" that will install adware/spyware, and using a very
intrusive means of advertising. It's also demonstrating that your PC is
very unsecure. The presence of that message on your desktop is proof
that your machine is still infested, as the message *is* malware.

What specific kind of pop-ups are you seeing? There are at least
three varieties of pop-ups, and the solutions vary accordingly.

1) Does the title bar of these pop-ups read "Messenger Service?"

This type of spam has become quite common over the past few years,
and unintentionally serves as a valid security "alert." It demonstrates
that the computer user hasn't been taking sufficient precautions while
connected to the Internet. The user's data probably hasn't been
compromised by these specific advertisements, but if he/she's open to
this exploit, he/she may well be open to other threats, such as the
Blaster Worm that swept across the Internet years ago and the Sasser
Worm that followed shortly thereafter, both of which can still be
contacted. Install and use a decent, properly configured firewall.
(Merely disabling the messenger service, as some people recommend, only
hides the symptom, and does little or nothing to truly secure the
machine.) And ignoring or just "putting up with" the security gap
represented by these messages is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Oh, and be especially wary of people who advise the user to do
nothing more than disable the messenger service. Disabling the
messenger service, by itself, is a "head in the sand" approach to
computer security. The real problem is not the messenger service
pop-ups; they're actually providing a useful, if annoying, service by
acting as a security alert. The true problem is the unsecured computer,
and the user's been advised to merely turn off the warnings. How is
this helpful?

2) For regular Internet pop-ups, you might try the free 12Ghosts
Popup-killer from http://12ghosts.com/ghosts/popup.htm, Pop-Up Stopper
from http://www.panicware.com/, or the Google Toolbar from
http://toolbar.google.com/. Alternatively, you can upgrade your WinXP
to SP2, to install IE's pop-up blocker. Another alternative would be
to use another browser, such as Mozilla or Firefox, which has pop-up
blocking capabilities. (But I'd avoid Netscape; it carries too much
extraneous AOL garbage.)

3) To deal with pop-ups caused by any sort of "adware" and/or
"spyware,"such as Gator, Comet Cursors, Xupiter, Bonzai Buddy, or
KaZaA, and their remnants, that you've deliberately (but without
understanding the consequences) installed, two products that are
quite effective (at finding and removing this type of scumware) are
Ad-Aware from www.lavasoft.de and SpyBot Search & Destroy from
www.safer-networking.org/. Both have free versions. It's even
possible to use SpyBot Search & Destroy to "immunize" your system
against most future intrusions. I use both and generally perform
manual scans every week or so to clean out cookies, etc.

Additionally, manual removal instructions for the most common
varieties of scumware are available here:

PC Hell Spyware and Adware Removal Help
http://www.pchell.com/support/spyware.shtml

More information and assistance is available at these sites:

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

The Parasite Fight
http://www.aumha.org/a/parasite.htm

Neither adware nor spyware, collectively known as scumware,
magically install themselves on anyone's computer. They are almost
always deliberately installed by the computer's user, as part of some
allegedly "free" service or product.

While there are some unscrupulous malware distributors out there,
who do attempt to install and exploit malware without consent, the
majority of them simply rely upon the intellectual laziness and
gullibility of the average consumer, counting on them to quickly click
past the EULA in his/her haste to get the latest in "free" cutesy
cursors, screensavers, "utilities," and/or wallpapers.

If you were to read the EULAs that accompany, and to which the
computer user must agree before the download/installation of the
"screensaver" continues, most adware and spyware, you'll find that
they _do_ have the consumer's permission to do exactly what they're
doing. In the overwhelming majority of cases, computer users have no
one to blame but themselves.

There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.

The weakest link in this "equation" is, of course, the computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer. All
too few people keep their antivirus software current, install patches
in a timely manner, or stop to really think about that cutesy link
they're about to click.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.

To learn more about practicing "safe hex," start with these links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

List of Antivirus Software Vendors
http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

Home PC Firewall Guide
http://www.firewallguide.com/

Scumware.com
http://www.scumware.com/



--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell
 
G

Guest

Andy said:
Hi, can anyone help with the following please?
I keep getting the small grey pop ups that look like they are from
microsoft, indeed they may well be. One is for win anti virus and another
is about playing pacific poker. When i click on them to shut them down, the
win anti virus one opens in a small internet explorer window anyway and my
desktop sometimes turns white. After then shutting that window down, the
desktop returns to blue but when i open internet explorer afterwards it
opens in a very small window and i have to drag it to full screen size.
Any advice to get rid rid of this problem would be appreciated.
Nether of them are from microsoft the first one is related to a fake
anti-virus programme that installs spyware and is also related to winfixer,
errorsafe, drivecleaner and a few others I can't list at this moment but I'm
not sure about the other but they may be related to one another or they may
have crept in from different sites but the best suggestion as had already
been stated here is to scan your computer for spyware as some of these things
can dump some in your computer without your knowing (as I found out as I had
an unexpected alert for errorsafe come up and I then found out a few day's
later that hotsearchbar spyware had gotten into my computer but it was only 2
temp files)
Just on a side note I do know that some of these so called popups for things
like winantivirus and it's counterparts are embedded in flash based adverts
and they execute themselves in a new browser window to avoid any kind of
popup blocker and sometimes even if you try and close them (and this does
include closing them down directly and not pressing any other buttons) they
will still go about their evil ways and worm their way into your computer.
The only probable way (I say probable because I haven't tried this myself)
is to use firefox combined with several extentions like adblock and
flashblock (to name two)
 
D

Damian

Andy said:
Hi, can anyone help with the following please?
I keep getting the small grey pop ups that look like they are from
microsoft, indeed they may well be. One is for win anti virus and
another is about playing pacific poker. When i click on them to shut
them down, the win anti virus one opens in a small internet explorer
window anyway and my desktop sometimes turns white. After then
shutting that window down, the desktop returns to blue but when i
open internet explorer afterwards it opens in a very small window and
i have to drag it to full screen size. Any advice to get rid rid of this
problem would be appreciated.

Fix your Firewall. You are either running without one, or you are allowing
port access that should be blocked by default.
 
D

Damian

Andy said:
I have the windows firewall up but which ports do i need to block?

It should block by default. But, it's Port 135 that most of your popups come
in on. You can also disable the messenger service (NOT Windows Messenger,
MSN Messenger, etc. applications).
 
A

Andy

I cant see how it lets you block ports on the firewall. Also it lets you
open ports and not close them for some reason. Can anyone help me any
further please?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top