popup problems

[Vince]

Here is my problem, I know popups are going to occur I am
dont like it but understand it but I am having a different
kind of popup problem. I am getting them when my MIE
isn't even running. I will be playing online or even away
from computer with nothing running and game will switch to
desktop or I will return to computer and screen will be
filled with these little popup boxes. So I figured I
would delete the entire MIE program and am using a
different browser at moment, sorry, and yet I am still
recieving them. When I do I hit ctrl-alt-del to get that
box that shows which programs are active and it will list
IExplorer. Now how does that happen when A) I didn't have
the program running and B) I even deleted the program.
Someone please help

 

[Jim Byrd]

Hi Vince - If you get popups even when your browser is not connected to the
Internet with a title bar reading "Messenger Service", then these are most
likely due to open NetBios TCP ports 135, 139 and 445 and UDP ports 135,
137-138 and a UDP port in the range of 1026-1029.. You really need to block
these with a firewall as a general protection measure. You can stop the
popups by turning off Messenger Service; however, this still leaves you
vulnerable. If you have an NT-based OS such as XP or Win2k, you should
probably also specifically block TCP 593, 4444 and UDP 69, 139, 445, and
install the very important 823980 patch from MS03-026, here:
http://support.microsoft.com/?kbid=823980 to block the Blaster worm..


See: Messenger Service Window That Contains an Internet Advertisement
Appears http://support.microsoft.com/?id=330904 which identifies reasons to
keep this service and steps to take if you do.

You can test your system and follow the 'Prevention' link to get additional
information here:
http://www.mynetwatchman.com/winpopuptester.asp Unless you have very good
reasons to keep this active, it should be turned off in Win2k and XP. Go
here and do what it says:
http://www.itc.virginia.edu/desktop/docs/messagepopup/ or, even better, get
MessageSubtract, free, here, which will give you flexible control of the
service and viewing of these messages:
http://www.intermute.com/messagesubtract/help.html Recommended.

(FWIW, ZoneAlarm's default Internet Zone firewall configuration blocks the
necessary ports to prevent this use of Messenger Service. I don't know the
situation with regard to other firewalls.)

Messenger Service is not per se Spyware or something that MS did wrong - It
provides a messaging capability which is useful for local intranets and is
also sometimes (albeit nowdays infrequently) used by some applications to
provide popup messaages to users. However, it can also be (and now
frequently is) used to introduce spam via this open NetBios channel. For a
single user home computer, it normally isn't needed and can be turned off
which will eliminate the spam popups. This DOESN'T, however, remove the
vulnerability of having these ports open, when in fact they aren't needed,
since they can be perverted in other ways as well, some of which can be much
more damaging than just a spam popup.


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

 

[DarkRats]

Breaking in to ask a question about ports:

Running Windows 2003 Server -

Not counting a firewall like ZoneAlarm, how do you go about blocking/closing
specific ports?
Can you do it internally, or do you need a third party program? Can you
recommend a program that will "basically list the ports and allow you to
check/uncheck, open/close each port?


Thanks.


DarkRats

 

[Jim Byrd]

Hi Dark - Well, you've excluded a firewall (which in either hardware or
software is your first line of defense and what I would first and strongly
recommend for this purpose), so you'll probably want to fall back to IPSEC
conventions, which when used with care can do this, albeit in my view
awkwardly. See:

http://support.microsoft.com/default.aspx?scid=kb;en-us;313195 HOW TO: Use
IPSec Monitor in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;313190 HOW TO: Use
IPSec IP Filter Lists in Windows 2000

and, while they do refer to the XP ICF, you may find this info useful also:

http://support.microsoft.com/default.aspx?scid=kb;en-us;308127 How to
Manually Open Ports in Internet Connection Firewall in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;307554 Programs
Require Manual Port Configurations with Internet Connection Firewall

for some basic information.

I don't currently have a copy of 2003 installed (I happen to have it down at
the moment for some other reasons), so I can't check it for you, but I would
strongly recommend checking Help there about this subject - it's pretty good
on security issues, IIRC. 2003 comes pretty well buttoned down out of the
box, anyway.


I'm loth to recommend any particular third party program, since it's not
clear to me what you're really after here. By definition, ports are closed
until some program opens them. To close them is in effect to terminate the
program that has them open, and that can be a great deal more complicated
than you may imagine at first sight. It really makes more sense to talk
about blocking them - that is preventing or allowing them from opening in
the first place.

And that brings us to this: Get a good harware or software firewall and use
it for these purposes. There are a number of third party programs, both
paid/shareware and free which can do a good job of monitoring your ports and
reporting which are open. This can be invaluable in tracking down problems
or malware. I can recommend Active Ports, free, here:
http://www.devhood.com/tools/tool_details.aspx?tool_id=515, but there are
many others available. See a list here, for example:
http://www.labmice.net/Utilities/networkmonitor.htm or any of many other
lists, or Google: Network Utilities.


Sorry, I don't think this was really the answer you were looking for, but
there it is . . . . .

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In