PDA

View Full Version : Messenger Spam - fucking scary


protein
04-02-2005, 20:36:34
I just got a box pop up seemingly from windows asking me to go to a website and download their software.

So I immediately assumed it was a virus or spyware, blitzed everything I could - internet files - temp files - did two virus scans, two spybot scans. Nothing there.

Then I looked it up on the internet and it's aparently a new kind of spam that uses windows to make a windows box to appear.

Totally fucking underhanded evil cunts.

Anyone else had one of these boxes?

protein
04-02-2005, 20:37:50
http://www.wired.com/news/technology/0,1282,55795,00.html

Asher
04-02-2005, 20:50:07
Err...if by "new" you mean very old, then yes.

Which Windows are you using?

Windows XP SP1 and later disable that service by default.

If you're using win2K, go into Administrative Tools/Services and disable the "Messenger" service.

protein
04-02-2005, 21:31:32
By new as in "I've never seen it before". New as in "this is completely new to me".

I can't use the later SPs because they aren't qualified by Digidesign (Pro Tools).

I've fixed it now anyway.

fp
04-02-2005, 22:27:53
It really is rather amazing you haven't encountered this before - you were just lucky up until now I guess. At least it's really easy to stop.

protein
04-02-2005, 22:38:07
I was convinced it was a virus.

Considering how much I'm on the internet it's surprising if it's old. All the websites I looked at called it a "new" problem.

zmama
04-02-2005, 22:42:19
Its about two to three years old

fp
05-02-2005, 14:14:04
Thread from September 2003 where Beta had the same problem: http://www.counterglow.com/forum/showthread.php?s=&threadid=15676&highlight=Messenger
It wasn't all that new a problem back then, as you can see from our responses.

Like I said, you were very lucky to have avoided the problem up until now.

If you vitisted the TechnoGeek forum more often you may never have had it in the first place. :D

Darkstar
07-02-2005, 20:25:21
Messenger ports are generally blocked by most ISPs at their firewall. No point letting that in. You probably started to see them because someone changed something at your providers firewall. Or it got cracked, and the cracker changed its settings to let through some other ports they wanted to use.

Protein, good job freaking out, running your cleaners, and then going out hunting info on it! Good little netizen you've become. ;)

protein
07-02-2005, 23:04:20
Actually, there was a trojan horse that started becoming active yesterday. It kept trying to upload the peybot worm - or at least my AVguard kept finding the worm everywhere.

After so many scans that found the peybot virus, the mediket virus and downloader.agent and deleting new and dodgy system files I ended up downloading a-squared and it found the Killreg.d trojan and all seems to be well.

I think the weird messages and the trojan appearing/becoming active must somehow be connected to my service provider doubling the speed of the service at that exact time. Don't ask me how though.

zmama
07-02-2005, 23:27:58
You became ever so more alluring

MDA
09-02-2005, 12:15:10
Originally posted by Asher
Err...if by "new" you mean very old, then yes.


The Wired article is from Oct 2002. :p