What virus is this? How to remove?

[mothed-out]

Hi folks, can you help me ?

I have a virus-type problem which causes a pop-up box appears from time
to time.
This does not only happen when I'm online, or using a browser, it can
happen at any time on any screen while the computer is on, so I've
obviously taken something onboard.

The pop-up box claims to be a message conveyed by 'windows messenger'
(though it isn't since I uninstalled messenger),

It states that it is a -

'Message from SYTEM ALERT to (etc)

Microsoft Windows has encounted (sic) an Internal Error

Your windows registry is corrupted.
Microsoft recommends a complete system scan

Microsoft recommends

http://RepairWindows.net

To repair now with a free download'

Obviously I realize this message is a load of crap to try and get me
even more infected, it's totally unconvincing and they can't even
spell 'encountered'.

Question is, does anyone know how I can clean this annoying pop-up
syndrome out of my system?

Thanks if you can help

Mothed

 

[Colon Terminus]

Disable the Messenger service, its not a necessary service.

 

[mothed-out]

I have already uninstalled the messenger service, as I mention above.
The pop-ups are probaby made to look like MS Messenger messages.
This is something that's working inside my system.
As I say, it happens even if i'm not online.

 

[tdstr]

I have already uninstalled the messenger service, as I mention above.
The pop-ups are probaby made to look like MS Messenger messages.
This is something that's working inside my system.
As I say, it happens even if i'm not online.

No, not the MSN messenger, but try disabling the 'Messenger' service.
By default it is set to Automatic. The Messenger service allows a WinPC
to send a text pop-up to any other WinPC. You cannot uninstall the
Messenger service, only disable it. Spammers have been abusing the
Messenger service for years.

 

[David H. Lipman]

From: <[email protected]>

| I have already uninstalled the messenger service, as I mention above.
| The pop-ups are probaby made to look like MS Messenger messages.
| This is something that's working inside my system.
| As I say, it happens even if i'm not online.

Assuming it is the NT Messenger Service...

To disable the Windows Messenger Service, you can open a Command Prompt and type the
following commands...

sc stop Messenger
sc config Messenger start= disabled

 

[mothed-out]

No, not the MSN messenger, but try disabling the 'Messenger' service.
By default it is set to Automatic. The Messenger service allows a WinPC
to send a text pop-up to any other WinPC. You cannot uninstall the
Messenger service, only disable it. Spammers have been abusing the
Messenger service for years.

Thanks guys, i think you are right, all of you. I've got my messenger
programs mixed up and didn't realise you had to disable it and couldn't
uninstal that inherent messenger thing.

seems to have worked so far, phew, that was a real pain in ass

cheers

mothed

 

[John Coutts]

Thanks guys, i think you are right, all of you. I've got my messenger
programs mixed up and didn't realise you had to disable it and couldn't
uninstal that inherent messenger thing.

seems to have worked so far, phew, that was a real pain in ass

cheers

mothed

**************** REPLY SEPARATER *****************
You have disabled the service, but you have not resolved the underlying
problem. You are obviously not using a firewall, and port 445 is open to abuse.
You should disable the port by adding the following registry item:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Value: SmbDeviceEnabled
Type: DWORD value (REG_DWORD)
Content: 0 (to disable)

This port is an extra one added by Microsoft that performs the same function
(Server Message Block) as the netbios ports 137-139, and is open to other
abuses. Although Microsoft has theoretically patched the holes in this service,
there is nothing to say that new ones will not be found.

J.A. Coutts

 

[mothed-out]

**************** REPLY SEPARATER *****************
You have disabled the service, but you have not resolved the underlying
problem. You are obviously not using a firewall, and port 445 is open to abuse.
You should disable the port by adding the following registry item:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Value: SmbDeviceEnabled
Type: DWORD value (REG_DWORD)
Content: 0 (to disable)

This port is an extra one added by Microsoft that performs the same function
(Server Message Block) as the netbios ports 137-139, and is open to other
abuses. Although Microsoft has theoretically patched the holes in this service,
there is nothing to say that new ones will not be found.

J.A. Coutts

OK, i'm obviously not very knowledgeable about this stuff. I thought I
was behind a firewall as part of my norton package.
I'll have a go. I'm assuming you mean type this in in the command
prompt thing for windows.
Thanks.

 

[John Coutts]

OK, i'm obviously not very knowledgeable about this stuff. I thought I
was behind a firewall as part of my norton package.
I'll have a go. I'm assuming you mean type this in in the command
prompt thing for windows.
Thanks.

**************** REPLY SEPARATER *****************
A firewall prevents someone from the outside (internet) accessing a port
that your machine may have in the listening mode. Any port in the listening
mode has the potential to provide access to a hacker. Some services such as
Netbios are safer than other services (provided you have proper security
setup). Although some AV packages may provide a firewall service, the best
firewall is an external stand alone device such as a NAT router (it cannot be
defeated by a virus and is more reliable).

For more information on reducing the vulnerability of XP, see:

http://www.yellowhead.com/security2.htm

J.A. Coutts

 

[edgewalker]

Thanks guys, i think you are right, all of you. I've got my messenger
programs mixed up and didn't realise you had to disable it and couldn't
uninstal that inherent messenger thing.

seems to have worked so far, phew, that was a real pain in ass

Huh? The messenger thing even works when you're 'not online'?