Phony patch and spyware sites

[Trio]

Have been using Wme for 1 yr now and have recently
changed to Wxp pro on different PC (about 1 week). Am now
noticing messenger popup windows detecting spyware on my
PC. "To fix go to"... site doesn't exist. Also there is
a "patch windows" site that looks phony. Have used Spybot
search and destroy, but each time I logon problem starts
again. Any ideas how to stop or what's going on?
I don't have this problem on the Wme machine.
Thanks
Trio

 

[Tumbleweed]

Have been using Wme for 1 yr now and have recently
changed to Wxp pro on different PC (about 1 week). Am now
noticing messenger popup windows detecting spyware on my
PC. "To fix go to"... site doesn't exist. Also there is
a "patch windows" site that looks phony. Have used Spybot
search and destroy, but each time I logon problem starts
again. Any ideas how to stop or what's going on?
I don't have this problem on the Wme machine.
Thanks
Trio

Search for "instant messenger spam".

 

[Phil]

Secure your hacker prone computer:

If they say messenger service in the title bar, these pop ups have nothing
to do with MSN messenger or Windows messenger. What this is a new way for
spammers to attack your computer and send you pop-up ads. If you receive
these ads it means that your computers netbios ports are wide open to the
internet and this could be a real security problem. What you should do is
install a good firewall that will block the ports the spammers use and stop
the ads. A good place to start is Zone Alarm ( www.zonelabs.com ) for an
inbound/outbound blocking firewall or use the inbound blocking only firewall
built in to XP. If needed configure the firewall to block ports 135, 137-139
and 445. Zone Alarm will block these ports by default.

Use this site to test some of your ports security:
https://grc.com/x/ne.dll?bh0bkyd2

You can/should also disable the messenger service, which is the service the
spammers exploit, but it isn't needed to stop the ads and disabling the
service will not block the open netbios ports.

Note: If the Messenger service is stopped, messages from the Alerter
service (notifications from your antivirus software, for example) are
not transmitted. If the Messenger service is turned off, any services
that explicitly depend on the Messenger service do not start, and an
error message is logged in the System event log. For this reason,
Microsoft recommends that you install a firewall and configure it to
block NetBIOS and RPC traffic instead of turning off the Messenger
service. To turn off the service goto, control panel, administrative tools,
services, find messenger, right click, properties, hit the stop button, set
startup type to manual or disabled. (be sure to stay patched at windows
update as well)

If the pop-ups appear while surfing web pages then download and install one
of the many pop-up blocker programs. Search www.download.com for popup
blocker, you'll find many free ones.

Also get a good spyware cleaner:

Spybot - http://www.safer-networking.org/

Ad-aware - http://www.lavasoft.com

 

[Bruce Chambers]

Greetings --

There are at least three varieties of pop-ups, and the solutions
vary accordingly. Which specific type(s) is troubling you?

1) Does the title bar of these pop-ups read "Messenger Service?"

This type of spam has become quite common over the couple of
years, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you may well be open to other threats, such as the Blaster Worm that
swept across the Internet last year and the currently active Sasser
Worm. Install and use a decent, properly configured firewall.
(Merely disabling the messenger service, as some people recommend,
only hides the symptom, and does little or nothing to truly secure
your machine.) And ignoring or just "putting up with" the security
gap represented by these messages is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?

2) For regular Internet pop-ups, you might try the free 12Ghosts
Popup-killer from http://12ghosts.com/ghosts/popup.htm, Pop-Up Stopper
from http://www.panicware.com/, or the Google Toolbar from
http://toolbar.google.com/, which is what I use.

3) To deal with pop-ups caused by any sort of "adware" and/or
"spyware,"such as Gator, Comet Cursors, Xupiter, Bonzai Buddy, or
KaZaA, and their remnants, that you've deliberately (but without
understanding the consequences) installed, two products that are
quite effective (at finding and removing this type of scumware) are
Ad-Aware from www.lavasoft.de and SpyBot Search & Destroy from
www.safer-networking.org/. Both have free versions. It's even
possible to use SpyBot Search & Destroy to "immunize" your system
against most future intrusions. I use both and generally perform
manual scans every week or so to clean out cookies, etc.

Additionally, manual removal instructions for the most common
varieties of scumware are available here:

PC Hell Spyware and Adware Removal Help
http://www.pchell.com/support/spyware.shtml

More information and assistance is available at these sites:

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

The Parasite Fight
http://www.aumha.org/a/parasite.htm


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH