Visit the Ironworks Gaming Website Email the Webmaster Graphics Library Rules and Regulations Help Support Ironworks Forum with a Donation to Keep us Online - We rely totally on Donations from members Donation goal Meter

Ironworks Gaming Radio

Ironworks Gaming Forum

Go Back   Ironworks Gaming Forum > Ironworks Gaming Forums > General Discussion > General Conversation Archives (11/2000 - 01/2005)

 
 
Thread Tools Search this Thread
Old 10-26-2004, 12:55 AM   #1
Hivetyrant
Jack Burton
 

Join Date: August 24, 2002
Location: Aussie now in the US of A!
Age: 37
Posts: 5,403
Well, I dont think im in trouble, but can anyone explain this???

Messanger keeps sending me messages like this..Is anyone else getting them??
There are a few that I get which say something about Spyware, and its really starting to get anoying.
Hivetyrant is offline  
Old 10-26-2004, 01:02 AM   #2
Albromor
Mephistopheles
 

Join Date: June 13, 2001
Location: Northfield, NJ USA
Posts: 1,417
Whatever you do, H, DON'T type that URL into anything! I highly, highly doubt this is anything from the official Microsoft center. Do you have a Firewall? Go to www.trendmicro.com and they do a free and very excellent online virus scan. But whatever you do avoid this "message" at all cost.
Albromor is offline  
Old 10-26-2004, 01:05 AM   #3
Hivetyrant
Jack Burton
 

Join Date: August 24, 2002
Location: Aussie now in the US of A!
Age: 37
Posts: 5,403
Hehe, yeh, I had no intention of going to the site, I figure if "MSOFT" arnt going to use their real name, then it isnt them. Thing is, as some of you can tell, I have Zonealarm pro installed which normally blocks these sorts of thing.

Hmm, and why would Microsoft use "WWW.UPDATENOW.ORG"??? [img]tongue.gif[/img]

Thanks Albromor
Hivetyrant is offline  
Old 10-26-2004, 01:11 AM   #4
Intrepid
Symbol of Cyric
 

Join Date: March 28, 2003
Location: Australia
Age: 36
Posts: 1,124
i added a line to my "autoexec.bat"
the line is:
"net stop messenger"

this stops the net messenger service, which allows these popups to be sent/recieved.
you can just as easily do it through command prompt by typing it in as written above, and restart it by typing "net start messenger".

That should remove the problem, and yes sometimes zone alamr does let them through, because although za may by hiding your ip, some of these sending programs send to random ips without checking if the computer is online, as this one appears to do.
Intrepid is offline  
Old 10-26-2004, 01:13 AM   #5
T-D-C
Ironworks Moderator
 

Join Date: October 26, 2003
Location: Sydney, Australia
Age: 43
Posts: 4,415
Its not MSN messenger that is sending these to you. Looks like some type of Phishing or Spyware/PopUp advertising. The website wants you to pay for a patch that you don't need.

Steps to take

1) update your virus defiantions and run a scan

2) Download Adaware and Spybot, update the definations and run a scan.

Adaware
http://www.download.com/Ad-Aware-SE-...ml?tag=lst-0-1

Spybot

http://www.safer-networking.org/en/home/index.html

These days you really need both as they both detect different things.

Let me know if you require further assistance.
__________________
T-D-C is offline  
Old 10-26-2004, 01:21 AM   #6
Hivetyrant
Jack Burton
 

Join Date: August 24, 2002
Location: Aussie now in the US of A!
Age: 37
Posts: 5,403
Quote:
Originally posted by T-D-C:
Its not MSN messenger that is sending these to you. Looks like some type of Phishing or Spyware/PopUp advertising. The website wants you to pay for a patch that you don't need.

Steps to take

1) update your virus defiantions and run a scan

2) Download Adaware and Spybot, update the definations and run a scan.

Adaware
http://www.download.com/Ad-Aware-SE-...ml?tag=lst-0-1

Spybot

http://www.safer-networking.org/en/home/index.html

These days you really need both as they both detect different things.

Let me know if you require further assistance.
Thanks T-D-C, I have dealt with spyware many, many, many, many a time and think I know how to get rid of this little annoying spyware, if thats what it is.
But thanks for saving me the trouble of finding those links, I thought I had Adaware and Spybot backed up, but obviously not...
Hivetyrant is offline  
Old 10-26-2004, 01:50 AM   #7
Hivetyrant
Jack Burton
 

Join Date: August 24, 2002
Location: Aussie now in the US of A!
Age: 37
Posts: 5,403
Hmmm, just did a scan with adaware, and the second it finished, I got another...

Sorry about the size of the images, cant be bothered re-sizing them [img]tongue.gif[/img]
Hivetyrant is offline  
Old 10-26-2004, 03:12 AM   #8
philip
Galvatron
 

Join Date: June 24, 2002
Location: aa
Posts: 2,101
Looks like it's time to scam for spyware. I got those messages when my PC was full with it. And don't visit the site in the message
philip is offline  
Old 10-26-2004, 03:27 AM   #9
Intrepid
Symbol of Cyric
 

Join Date: March 28, 2003
Location: Australia
Age: 36
Posts: 1,124
I'm telling you it's not spyware, it's a remote system that's sending you the messages, and if you stop the messenger service it'll stop the problem.

hehehhe hivie, i like your desktop, i also noticed you have a picture with the title botd......, hahahah.
Intrepid is offline  
Old 10-26-2004, 04:39 AM   #10
LennonCook
Jack Burton
 

Join Date: November 10, 2001
Location: Bathurst & Orange, in constant flux
Age: 37
Posts: 5,452
And tell me, Luke, how would a remote system be able to find Jarrad? To use the messenger service, you have to be able to identify a computer to send it to - sending it to * doesn't look up ISP DNS. Windows might be insecure enough to make IPs publically available by default, and moreso if you use it's inbuilt firewall (the pre-SP2 one, atleast - not sure about the new one), but Jarrad has ZoneAlarm running.
Yes, it is coming through the messenger service, which is on by default (stupid as that is, since it is basically useless for anyone but a corporate userbase), and it allows these messages to come through past any firewall. Turning it off is a good idea, but it only solves the symptom, not the problem. The problem being, that something is broadcasting an IP address. Which points pretty much to spyware or a virus.

And, yes, this is phishing scams most definately. If you go to the address in the first one, it gives you a Microsoft security bulletin. It sounds semi-legit, in that it is worded kindof like an MS security bulletin, and it is an issue that could well be real. But, it has a few major doubting points - the colour scheme is like nothing from the Microsoft site, there is not Microsoft branding or logos about, and says you need to pay them to get the update. It also says to email support@msoftware.org about any questions.
And it gave me a price in AUD, even though the account I'm using is meant to be in Maryland, USA.

I am waiting now for an email from them with this patch, and I'll be able to see just how legitimate it is - although it definately reeks of either "pay us to give you a virus", or possibly another "let's pick on Microsoft" thing.
LennonCook is offline  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


All times are GMT -4. The time now is 02:20 PM.


Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
©2024 Ironworks Gaming & ©2024 The Great Escape Studios TM - All Rights Reserved