strange pop ups, system hacked???

[ryan]

my computer had been running slow for a while. and i
started to recieve strange pop up ads from endads.com,
messagedefeater.com, adbuster, etc, THey all had the same
appearance and i know for sure that some of the different
addresses were for the same thing. basically it warned you
that if you didnt pay for their software that u would be
at risk of hack through netmessenger or outlook express.
so i started to investigate and found that my system has
been breached , a secret hidden network was made from my
computer, my authorities have all been changed so i cant
make repairs, they have programmed it to operate in
backlogs and with hidden serial keys. i have tracked alot
down and have a basic understanding how they got in, but
now what can i do, anyone seen those ads, ( real generic
small pop up), also i continuosly have at least 40 +
processes running that i cannot end task, i sent the info
to microsoft on some of the items and the hacker has
changed the pids, and some of the logon and code.

thanks

 

[kyle]

luckily i haven't had the attack of the popups yet. ive
just enabled winXP's internet firewall after lots of
people have advised this but i still cant get rid of this
system32.exe popup. do you know which file in win XP i
can edit so as to get rid of the entry that makes ny
computer look for it everytime i log in?
i also have lots of processes running but am not sure
which ones should be continually running and/or which
ones may have been put there? any ideas?

kyle

 

[Darren]

Hi
I have recieved these popups too (although only from
endads.com), as has another PC in my household. This is
extremely concerning and I would like to do at least
something to remove this threat.

I have used symantec's tracing product to find
endads.com, I'm not sure if this is any help to anyone:

OrgName: Level 3 Communications, Inc.
OrgID: LVLT
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US

I also use McAfee's personal firewall and have recieved
several messages like this:

McAfee Firewall blocked an incoming TCP packet. The
remote address associated with the traffic was
212.23.32.8 (port 80). The local port on your PC was
1044. The template rule in effect for this traffic
was "Unknown traffic".

What can I do to fight off this attack, as I don't have
much experience with basic security?

thanks,

Darren

 

[l. moser]

I have the identical problem. If you get it solved let
me know. If I get it solved sooner than you I will
inform you how I obatined relief.

 

[Bruce Chambers]

Greetings --

Does the title bar of these pop-ups read "Messenger Service?"

This particular "sales method" is strikingly similar to the
"protection" rackets offered to small businesses by organized
criminals. Yes, it's a scam; no reputable business would need to
resort to extortion. Particularly since they're trying to sell you a
type of protection that is already available to you free of charge.

This type of spam has become quite common over the past few
months, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you may well be open to other threats. Install and use a decent,
properly configured firewall. (Disabling the messenger service, as
some people recommend, only hides the symptom, and does nothing to
secure your machine.) And ignoring or just "putting up with" these
messages and the problem they represent is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service is a "head in the sand" approach to computer security.

The real problem is _not_ the messenger service pop-ups; they're
actually providing a useful service by acting as a security alert. The
true problem is the unsecured computer, and you've been
advised to merely turn off the warnings. How is this helpful?

Equivalent Scenario 1: Somewhere in a house, a small fire starts,
and sets off the smoke alarm. You, not immediately seeing any
fire/smoke, complain about the noise of the smoke detector, and are
advised to remove the smoke detector's battery and go back to sleep.

Equivalent Scenario 2: You over-exert your shoulder at work or
play, causing bursitis. After weeks of annoying and sometimes
excruciating pain whenever you try to reach over your head, you go to
a doctor and say, while demonstrating the motion, "Doc, it hurts when
I do this." The doctor, being as helpful as some of your respondents,
replies, "Well, don't do that."

I'm beginning to think that the people deliberately posting such
bad advice are hacker-wannabes who have no true interest in helping
you secure your system, but would rather give you a false sense of
security while ensuring that your computer is still open to
exploitation.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Guest]

This does indeed sound like messanger advertising. It could also however be a virus, ensure u have up to date dats installed.
If its messanger advertising then the best option would be to disable the service or configure a firewall.