Iffy pop-up

DMC · 01-08-2003 12:44am #1

Here's one I've never see before. I left my ADSL connection on today, and I got this popup when I arrived home. Only internet apps open were IE, OE, AVG, Sygate firewall and the little webcam publisher, visionGS PE.

A good scan with Ad-aware didnt spot what might have caused this. Any ideas?

sceptre · 01-08-2003 1:22am

Ah, yes, it's the new spam of the future.

You need to stop the Windows Messenger service to stop these little babies
(unless you're on a network, and probably not even then, you won't miss a thing)

Control Panel - Administrative Tools - Services - Messenger (double-click) - change "startup type" to Manual or Disabled (preferably disabled, though I've set mine to manual). Either reboot or just click stop. Ignore any "OMFG, you'll lose X Y and Z too" messages that may pop up (there probably won't be any).

All set, never see it again.

DMC · 01-08-2003 1:43am

A standalone Win2k pro machine here, sceptre, and that worked exactly like you said, no whinge "why" remarks popped up.
Many thanks for that.

sceptre · 01-08-2003 2:15am

Glad I could help.

Jaden · 01-08-2003 10:10am

Other than disabling Messenger, is there a way to restrict these pop-ups so that if they come from LAN they are allowed, and if they don't, they are ignored.

I'm getting these things, and belive it or not, they appear to be coming through the firewall. I don't know how this is possible. I've done some reading, on the subject:

About Messenger Spam

Anyone else have any insights on what we can do to stop unwanted pop-ups, but allow legitamite ones?

dahamsta · 01-08-2003 10:22am

Messenger service spam comes through port 135, so simply block that at the firewall. It should have been blocked already though, so you should find out why it has't. If there isn't a reason, sack the sysop.

adam

kernel32.dll · 01-08-2003 11:45am

I'd block the port, rather than stoping the service - there are useful uses for this service too - so stopping the service may cause a dependency to fail.

DMC · 01-08-2003 3:48pm

Cheers for that guys, as its a stand alone PC, I wont need to worry about it working across a LAN, I just knocked it off like sceptre suggested.

seamus · 01-08-2003 3:56pm

There's also the possibility, that if someone has installed some spyware on a machine in your LAN, that could be broadcasting the messages, thereby avoiding your firewall.

I would like to castrate all spammers.......

sceptre · 01-08-2003 6:44pm

Originally posted by dahamsta
Messenger service spam comes through port 135, so simply block that at the firewall.

I've snipped the "sack the sysop" part though that's probably the desirable option.

The above is the easiest and best solution if you're on a network and actually use netsend. if you're on a standalone machine just kicking messenger is handier (particularly if like me you sometimes turn the firewall off)

Capt'n Midnight · 01-08-2003 7:14pm

If you have windows NT/2k/xp/2003 machines that are not patched then there is another wopping great big hole on port 135

http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

more or less allows remote control of affected PC......

Iffy pop-up

Comments