Visit the Ironworks Gaming Website Email the Webmaster Graphics Library Rules and Regulations Help Support Ironworks Forum with a Donation to Keep us Online - We rely totally on Donations from members Donation goal Meter

Ironworks Gaming Radio

Ironworks Gaming Forum

Go Back   Ironworks Gaming Forum > Ironworks Gaming Forums > General Discussion > General Conversation Archives (11/2000 - 01/2005)

 
 
Thread Tools Search this Thread
Old 10-26-2004, 11:52 AM   #21
Bungleau
40th Level Warrior
 

Join Date: October 29, 2001
Location: Western Wilds of Michigan
Posts: 11,752
Guys, guys, guys.... it is NOT spyware. It is NOT malware. It is something that Microsoft added in to later editions of Windows called the Messenger Service. I believe it only affects Win2k and higher. 95, 98, and ME are free of it. I'm not sure if NT is or not...

What's it used for? For the network administrator to be able to send messages to all computers on the network. Think "System going down in five minutes" and that sort.

How is it being used against me? It's just a broadcast call to any computer that's open and available. You probably don't have a firewall up, do you? *tsk tsk* Time to get one... and remember rule #1: Don't click on it! There will be nothing good waiting on the other side, guaranteed.

Does anyone use it? Well, in the many companies I work with (over 300, from small to Fortune 500) and IT professionals I deal with (thousands), I have yet to find someone who uses it. That should tell you something...

How do I get rid of it? You can use Net Stop (a way I hadn't considered), but I prefer to simply disable the Messenger service entirely.

Fine. How do I DO that? Go to Control Panel, Administrative Options, Services. Find Messenger in the service list. Right-click on it and set it to disabled. Stop it if it's currently alive.

And that's it. Forever (or at least until you load a service pack).
__________________
*B*
Save Early, Save Often Save Before, Save After
Two-Star General, Spelling Soldiers
-+-+-+
Give 'em a hug one more time. It might be the last.
Bungleau is offline  
Old 10-26-2004, 02:38 PM   #22
Ilander
20th Level Warrior
 

Join Date: December 28, 2003
Location: Kentucky
Age: 38
Posts: 2,820
....I hate to add my illustrious tech advice...as I don't consider myself an expert at anything involving computers, but Bungleau is right.

Of course, I do wonder how they managed to get your IP address...but heck, they probably save those things...you haven't had your IP blocking software forever, have you?

Sure, you probably have spyware...but this is unrelated...this is just a major pain in the arse that Microshaft built into its OS...nothing more.

I say that you probably have spyware because it's incredibly difficult to NOT have spyware...if your scan doesn't show up anything at all, it's probably just because your programs for scanning aren't updated...
__________________

Is that what you really want to say?
Ilander is offline  
Old 10-26-2004, 05:08 PM   #23
Bungleau
40th Level Warrior
 

Join Date: October 29, 2001
Location: Western Wilds of Michigan
Posts: 11,752
Thanks for the vote of confidence [img]smile.gif[/img]

As for how they get your IP address... it's easy. Start at 0.0.0.0 and kick off a program that cycles each number from 0 through 255. Stop when you get to 255.255.255.255, see how many nibbles you got (like emails asking if it's legit [img]smile.gif[/img] ), and start over.

It's nothing personal. It's an open port / IP address thing.

And I agree -- there's probably spyware in there as well. But that's unrelated to the Messenger stuff (unless the Messenger link was clicked on).
__________________
*B*
Save Early, Save Often Save Before, Save After
Two-Star General, Spelling Soldiers
-+-+-+
Give 'em a hug one more time. It might be the last.
Bungleau is offline  
Old 10-26-2004, 06:46 PM   #24
Hivetyrant
Jack Burton
 

Join Date: August 24, 2002
Location: Aussie now in the US of A!
Age: 37
Posts: 5,403
Ok, as I have said earlier, I have run 3 scans for spyware with both fully updated Adaware SE, and Spybot S&D, I also Have a fully updated ZoneAlarm Pro, which has been there since the beginning.
So this doesnt make any sense.
Both scans came up with maybe 5 Alexa registry finds but thats it.
Hivetyrant is offline  
Old 10-26-2004, 07:09 PM   #25
Hivetyrant
Jack Burton
 

Join Date: August 24, 2002
Location: Aussie now in the US of A!
Age: 37
Posts: 5,403
Hmmm, ok it seems that I have fixed the problem.....
I went into a command prompt and typed "net stop messenger", and it worked, I guess I mispelled it when I tried that last time.
Bunglau, I have used IP scanners before, but still dont see how my IP was found, considering I have Zonealarm Pro, which would not allow an IP scanner to ping me, or do anything else to know I am currently active.
Hivetyrant is offline  
Old 10-27-2004, 12:24 AM   #26
Intrepid
Symbol of Cyric
 

Join Date: March 28, 2003
Location: Australia
Age: 36
Posts: 1,124
Quote:
Originally posted by Hivetyrant:
Hmmm, ok it seems that I have fixed the problem.....
I went into a command prompt and typed "net stop messenger", and it worked, I guess I mispelled it when I tried that last time.
Damn Straight!
i told you!
i argued with lennon about it
i said that would fix the problem, and yeah!
good, i'm now happy i was right, now just add that to autoexec.bat or to a bat file in your startup directory and it'll remove the problem, you could possibly also find it in msconfig, under the services tab, but i haven't tried, i guess it could work also.
Intrepid is offline  
Old 10-27-2004, 01:06 AM   #27
Bungleau
40th Level Warrior
 

Join Date: October 29, 2001
Location: Western Wilds of Michigan
Posts: 11,752
Net stop will work, but you're susceptible to a net start command being issued. Disabling the messenger service in the control panel will prevent it from ever being started. IOW, do you lock the door so no one can come through, or do you wall it up so there's no door any more?

And if you were getting the message with ZAPro in place, HiveTyrant, then perhaps someone in your trusted zone is infected. If you've got a router that does logging, you could see where that traffic was coming from (what IP address) and see if you know who that is...

In any case, it appears to be dead now, so good riddance...
__________________
*B*
Save Early, Save Often Save Before, Save After
Two-Star General, Spelling Soldiers
-+-+-+
Give 'em a hug one more time. It might be the last.
Bungleau is offline  
Old 10-27-2004, 02:05 AM   #28
Intrepid
Symbol of Cyric
 

Join Date: March 28, 2003
Location: Australia
Age: 36
Posts: 1,124
how do you issue net start again other than being at the computer itself?
and that computer is at home so there is no trusted zone connected to it.
Intrepid is offline  
Old 10-27-2004, 11:18 AM   #29
Bungleau
40th Level Warrior
 

Join Date: October 29, 2001
Location: Western Wilds of Michigan
Posts: 11,752
All you need is a batch file that contains "net start messenger". If that gets run, the messenger service will be started back up. If someone manages to place some malware on your system, they could create such a file, run it, and have access again.

As for the trusted zone, see what zones have been defined. There *is* a trusted zone, but you may not have any one in it. Without seeing your actual machine, there's only so much I can remotely diagnose [img]smile.gif[/img] My suggestion is to poke around in ZAPro, see who's being allowed to do what, and see if you agree.
__________________
*B*
Save Early, Save Often Save Before, Save After
Two-Star General, Spelling Soldiers
-+-+-+
Give 'em a hug one more time. It might be the last.
Bungleau is offline  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


All times are GMT -4. The time now is 11:50 AM.


Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
©2024 Ironworks Gaming & ©2024 The Great Escape Studios TM - All Rights Reserved