Spyware reported by Windows?

  • Thread starter Thread starter Frankster
  • Start date Start date
F

Frankster

I tried this in a spyware group with no response. Can someone here comment?

A friend running XP is getting a "Windows has detected 15 spyware programs
on this
computer, download xyz now to remove them"... or similar. I'm sure this is
not the exact quote, but it is close.

I was not aware that "Windows" had any spyware detection built-in. So...
where are these coming from, really! Could is be spyware itself doing this?
Has anyone else seen this?

Thanks,

-Frank
 
Frankster said:
I tried this in a spyware group with no response. Can someone here comment?

A friend running XP is getting a "Windows has detected 15 spyware programs
on this
computer, download xyz now to remove them"... or similar. I'm sure this is
not the exact quote, but it is close.

I was not aware that "Windows" had any spyware detection built-in. So...
where are these coming from, really! Could is be spyware itself doing this?
Has anyone else seen this?

Thanks,

-Frank
Click to expand...


It's a scam, plain and simple. It's from a very unscrupulous
"business." They're trying to sell you patches that Microsoft provides
free-of-charge, and using a very intrusive means of advertising. It's
also demonstrating that your PC is very unsecure.

This type of spam has become quite common over the past couple of
years, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you most definitely open to other threats, such as the Blaster,
Welchia, and Sasser Worms that still haunt the Internet. Install and
use a decent, properly configured firewall. (Merely disabling the
messenger service, as some people recommend, only hides the symptom,
and does little or nothing to truly secure your machine.) And
ignoring or just "putting up with" the security gap represented by
these messages is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Whichever firewall you decide upon, be sure to ensure UDP ports 135,
137, and 138 and TCP ports 135, 139, and 445 are all blocked. You
may also disable Inbound NetBIOS over TCP/IP). You'll have
to follow the instructions from firewall's manufacturer for the
specific steps.

You can test your firewall at:

Symantec Security Check
http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT

Security Scan - Sygate Online Services
http://www.sygatetech.com/

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is not the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?



--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
Steven said:
1. Disable the Messenger service (Start > Run, type: net stop messenger)
Click to expand...


I realize that you're trying to help, and that such an intent is
commendable, but please don't post potentially harmful advice.

Merely disabling the messenger service, as you suggest, is a
dangerous "head in the sand" approach to computer security that leaves
the PC vulnerable to threats such as the W32.Blaster.Worm.

The real problem is _not_ the messenger service pop-ups; they're
actually providing a useful service by acting as a security alert. The
true problem is the unsecured computer, and your only advice, however
well-intended, was to turn off the warnings. Was this truly helpful?

Equivalent Scenario: You over-exert your shoulder at work or play,
causing bursitis. After weeks of annoying and sometimes excruciating
pain whenever you try to reach over your head, you go to a doctor and
say, while demonstrating the motion, "Doc, it hurts when I do this." The
doctor, being as helpful as you've been, replies, "Well, don't do that."

The only true way to secure the PC, short of disconnecting it from
the Internet, is to install and *properly* configure a firewall; just
installing one and letting it's default settings handle things is no
good. Unfortunately, this does require one to learn a little bit more
about using a computer than used to be necessary.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
Would you say that Linux users (I realize there's so many versions of Linux out there) in general get
much less spyware/adware/virus problems than Windows users? Are their problems as few as Mac users?
 
It's a scam, plain and simple. It's from a very unscrupulous
"business." They're trying to sell you patches that Microsoft provides
free-of-charge, and using a very intrusive means of advertising. It's also
demonstrating that your PC is very unsecure.
Click to expand...

Thanks for your extensive advice. Funny, I run a network of 8 computers at
home (3 W2k3 and 1 W2k servers and 4 XP workstations). One is directly
connected to the internet. I have never seen this before. Admittedly, my
system is well protected with up to date MS patches, a network firewall, and
up to date anti-virus signatures, all the time. I allow open access to
mail, web and anti-virus servers. And even considering all that, I have
never seen this pop-up ad for spyware crap.

Anyway, the circumstances are that I have very limited time to help a friend
get a computer up and running at their home (long way from my home). On one
trip I installed XP for them and left. Basic functionality, no modem, no
Internet connect, no SP2, no patches. Months later, they want the Internet.
I go over and obtain a provider for them, install a modem, and hang their
system off of mine for anti-virus signature auto-updates (I run an
anti-virus server to my clients)... then I leave. So at least I know they
are protected from viruses. Haven't got time to download tons of patches
and/or SP2 over a MODEM!!! Then, next trip, I see these pop-ups. Damn.

I guess I'll have to burn a CD with SP 2, take that over and install it.
That' should stop a lot of these I guess. These folks are very very NOT
computer literate. They aren't even aware of what the pop-ups are saying
(English is not their 1st language!). What a pain.

Appreciate your response. At least I know they are not in real danger,
considering the up to date virus signatures (I did a full scan immediately
so I know they were good before installing the anti-virus stuff). That was
also before the modem.

-Frank
 
Frankster said:
Thanks for your extensive advice. Funny, I run a network of 8 computers at
home (3 W2k3 and 1 W2k servers and 4 XP workstations). One is directly
connected to the internet. I have never seen this before. Admittedly, my
system is well protected with up to date MS patches, a network firewall, and
up to date anti-virus signatures, all the time. I allow open access to
mail, web and anti-virus servers. And even considering all that, I have
never seen this pop-up ad for spyware crap.
Click to expand...


Your wise precautions (firewall, up-to-date patches, etc.) are the
reason you've never seen the messenger service spams.


I guess I'll have to burn a CD with SP 2, take that over and install it.
That' should stop a lot of these I guess.
Click to expand...



SP2 is certainly a step in the right direction. It's built-in firewall
provides some basic protection.

These folks are very very NOT
computer literate. They aren't even aware of what the pop-ups are saying
(English is not their 1st language!)....
Click to expand...


And here, sadly, lies the true problem: user education. As you're
aware, there are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.

The weakest link in this "equation" is, sadly, the computer user.
No software manufacturer can -- nor should they be expected to --
protect the computer user from him/herself. All too many people have
bought into the various PC/software manufacturers marketing claims of
easy computing. They believe that their computer should be no harder to
use than a toaster oven; they have neither the inclination or desire to
learn how to safely use their computer. All too few people keep their
antivirus software current, install patches in a timely manner, or stop
to really think about that cutesy link they're about to click.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and every
computer user to learn how to secure his/her own computer.

To learn help teach your clients more about practicing "safe hex,"
start with these links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

List of Antivirus Software Vendors
http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

Home PC Firewall Guide
http://www.firewallguide.com/

The Parasite Fight
http://www.aumha.org/a/parasite.htm


Appreciate your response.
Click to expand...


You're welcome.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
| Frankster wrote:
| > I tried this in a spyware group with no response. Can someone
here comment?
| >
| > A friend running XP is getting a "Windows has detected 15 spyware
programs
| > on this
| > computer, download xyz now to remove them"... or similar. I'm
sure this is
| > not the exact quote, but it is close.
| >
| > I was not aware that "Windows" had any spyware detection built-in.
So...
| > where are these coming from, really! Could is be spyware itself
doing this?
| > Has anyone else seen this?
| >
| > Thanks,
| >
| > -Frank
| >
| >
|
|
<snip>
|
| Oh, and be especially wary of people who advise you to do
nothing
| more than disable the messenger service. Disabling the messenger
| service, by itself, is a "head in the sand" approach to computer
| security. The real problem is not the messenger service pop-ups;
| they're actually providing a useful, if annoying, service by acting
as
| a security alert. The true problem is the unsecured computer, and
| you've been advised to merely turn off the warnings. How is this
| helpful?
|


I find it odd you suggest the messenger service is providing a valid
or reliable security alert. I would not believe any information
received through this service, and agree that disabling the service is
proper. Of course, this is not the end of "securing" a machine, but
it's a start in eliminating a most useless annoying service for most
users. Web links found in a messenger service popups may be harmful
if clicked on by the user and should be ignored. Do NOT believe
anything you read in such popups. I DO agree that many additional
steps are required to secure a machine from attack.

The fact of the matter is I did not see a single post where it was
suggested that the only step required in securing a machine is to
disable the messenger service. Or maybe I missed a posting in this
thread.
 
Kylesb said:
I find it odd you suggest the messenger service is providing a valid
or reliable security alert. I would not believe any information
received through this service, and agree that disabling the service is
proper. Of course, this is not the end of "securing" a machine, but
Click to expand...

I think the point that the poster is making is if your machine is exposed
enough that you can /get/ messenger spam, you have larger problems than the
messenger spam.
 
Kylesb said:
I find it odd you suggest the messenger service is providing a valid
or reliable security alert. I would not believe any information
received through this service, and agree that disabling the service is
proper. Of course, this is not the end of "securing" a machine, but
it's a start in eliminating a most useless annoying service for most
users. Web links found in a messenger service popups may be harmful
if clicked on by the user and should be ignored. Do NOT believe
anything you read in such popups. I DO agree that many additional
steps are required to secure a machine from attack.
Click to expand...


The problem is that turning off the Messenger Service does _not_
block the wide open TCP and UDP ports that the spammers used to
deliver the spam to the Messenger Service for display. With the
Messenger Service disabled, those spam deliveries are still
continuing, but they're simply not being displayed. It's like pulling
the battery out of a noisy smoke detector to silence it, rather than
looking for and eliminating the source of the smoke that set it off.

The danger of this "treat the symptoms" approach has been more
than aptly demonstrated by the advent of the W32.Blaster.Worm, the
W32.Welchia.Worm, The W32.Sasser. Worm, and their variants. These
worms attack PCs via some of the very same open ports that the
Messenger Service uses. Need I mention how many hundreds of thousands
of PCs have been infected by these worms since August of 2003? To date,
according to my records, I have personally responded to over 1000
Usenet posts concerning Blaster/Welchia/Sasser infections since last
then, and I can't possibly have seen and replied to every one that
there's been posted in this period.

Now, how many of those infected with Blaster/Welchia had turned
off the Messenger Service to hide spam? I can't say, and I don't
think anyone can. What I can say with absolutely certainty is that if
they'd all had a properly configured firewall in place, they would
have blocked the annoying spam _and_ been safe from a great many other
dangers, particularly Blaster/Welchia/Sasser.

Of course, like the Messenger Service Buffer Overrun threat, there
is also a patch available to fix a PC's vulnerability to
Blaster/Welchia, which was available to the general public a full
month before the first instances of Blaster/Welchia "in the wild." If
people learned to stay aware of computer security issues and updated
their systems as needed, a whole lot of grief could have been avoided.
The problem with relying upon patches, however, is that they're
sometimes not available until _after_ the exploit has become
wide-spread. Antivirus software suffers from this same weakness; it's
simply not always possible to provide protection from threats that
have not yet been developed and/or discovered. Both approaches, while
important, are re-active in nature.

There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.
The weak link in this "equation" is, of course, the computer user.
All too many people have bought into the various PC/software
manufacturers marketing claims of easy computing. They believe that
their computer should be no harder to use than a toaster oven; they
have neither the inclination or desire to learn how to safely use
their computer. All to few people keep their antivirus software
current, install patches in a timely manner, or stop to really think
about that cutesy link they're about to click. Therefore, I (and
anyone who's thought about the matter) always recommend the use of a
firewall. Naturally, properly configuring a firewall requires an
investment of time and effort that most people won't give, but even
the default settings of the firewall will offer more automatic
protection than is currently present.

Now, as for the Messenger Service itself, it generally doesn't
hurt any thing to turn it off, although I never recommend doing so.
Granted, the service is of little or no use to most home PC users
(Although I've had uses it on my home LAN.), and turning off
unnecessary services is part of any standard computer security
protocol. However, I feel that the potential benefits of leaving the
Messenger Service enabled out-weigh any as-yet-theoretical risks that
it presents. It will indirectly let the computer user know that
his/her firewall has failed by displaying the Messenger Service spam.
Think of it as the canary that miners used to take down into the
mineshafts with them. There are others, of course, who disagree with
me on this point and advise turning off the service because it isn't
needed; you'll have to make up your own mind here.


The fact of the matter is I did not see a single post where it was
suggested that the only step required in securing a machine is to
disable the messenger service. Or maybe I missed a posting in this
thread.
Click to expand...


There was one reply that offered disabling the messenger service as
it's sole applicable solution.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
Oh dear, what have I started.....? <vbg>

Kylesb, I screwed up in my reply and should have suggested more (as Bruce
mentioned). Unfortunately, being half asleep at the time, I wasn't exactly
errr, thinking.

On a side note, thanks for correcting me Bruce ;o)

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!
 
Steven said:
Kylesb, I screwed up in my reply and should have suggested more (as Bruce
mentioned). Unfortunately, being half asleep at the time, I wasn't exactly
errr, thinking.
Click to expand...


Don't worry about. You're not the first person to hit "Send"
accidentally before finishing a post. I've don't it myself a few times.
My main concern was that someone else, seeing the thread, might
mistakenly take the disabling of the service as a complete solution.
I'm glad to hear that you don't.

On a side note, thanks for correcting me Bruce ;o)
Click to expand...


You're welcome.

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

....generated an error and will be closed by windows...... 4
Windows Spyware Message! 4
Anti-spyware Beta 8
Anti-Spyware program attack 6
MS Anti-spyware vs. Ad-Aware SE Personal, Spyware Detection) 2
Windows Defender Doesn't Block or Detect Spyware 3
sheriff spyware 1
Hit by spyware 9

Back
Top