Pop up spam at log-in, no browser is running
Hello all,<br>
This is not an ASP question and I apologize for posting it here, but this
is the most active board that I've found, and I have a feeling from the quality
of the content on this site that the people who post here know as much or
more about the type of situation that I'm having.<br>
I'm on a W2k box at a university. Recently, when I go to log on to W2k, a
window pops up (before I've started any application) advertising porn sites
etc. It's a standard windows message box with an OK button, and in the title
bar it says "Messenger Service".<br>
Clearly some sort of app has gotten onto my system and runs when I log on
to the computer (again, not when I start IE or any other program-- this is
waiting for me as soon as I log in). <br>
How could this have been placed on my computer? I never open email with extensions
from people I don't know. I don't visit porn or gambling sites. <br>
Where would such an app be stored?<br>
How can I find it? I've tried opening Task Mgr, and looking at "processes"
but the names are so cryptic I can't tell what's what. Under Applications
it just says "Messenger Service".<br><br>
Again, I know this is not the proper disc board for this type of issue. I
am new to all of this and haven't found many sites where the advice is dependable.
If anyone has any answers, or could direct me to a board that would be more
appropriate for this, I'd greatly appreciate it.
<br><br>
Thank you.
[1663 byte] By [
Nat] at [2007-11-9 17:46:48]
# 1 Re: Pop up spam at log-in, no browser is running
Try running Adware from Lavasoft ( http://www.lavasoft.de/). It detects
spyware.
Andrew
# 2 Re: Pop up spam at log-in, no browser is running
could it be http://messenger.msn.com/
perhaps http://www.symantec.com/avcenter/venc/data/w32.funnyfiles.worm.html
just a guess...
"Nat" <grauman@bellsouth.net> wrote in message
news:3db02e92$1@tnews.web.dev-archive.com...
> I'm on a W2k box at a university. Recently, when I go to log on to W2k, a
> window pops up (before I've started any application) advertising porn
sites
> etc. It's a standard windows message box with an OK button, and in the
title
> bar it says "Messenger Service".<br>
# 3 Re: Pop up spam at log-in, no browser is running
Something could have been put in the registery or your starup for this
1) look at start programs startup and check to see if there is anything crazy
there.
2) if your comfortable looking at the registery, do the following
Click start select run type Regedit Navigate to
HKey_LocalMachine\Software\Microsoft\windows\currentversion\
Look for run, runonce, run service folders. See if there are any files being
launched from there look strange. If you see anything with .bat, .com, .exe,
try to find that file on your system and run it yourself. If the same messenger
window opens you found the "FILE" that has made it on your computer and causing
your problem. I'd simply rename or remove the file and delete that line
from the registery.
Hope this helped
Q*bert
"Larry Triezenberg" <ltriezenberg@pathsys.com> wrote:
>could it be http://messenger.msn.com/
>
>perhaps http://www.symantec.com/avcenter/venc/data/w32.funnyfiles.worm.html
>
>just a guess...
>
>"Nat" <grauman@bellsouth.net> wrote in message
>news:3db02e92$1@tnews.web.dev-archive.com...
>> I'm on a W2k box at a university. Recently, when I go to log on to W2k,
a
>> window pops up (before I've started any application) advertising porn
>sites
>> etc. It's a standard windows message box with an OK button, and in the
>title
>> bar it says "Messenger Service".<br>
>
>
Q*bwet at 2007-11-11 23:20:03 >
# 4 Re: Pop up spam at log-in, no browser is running
> If you're comfortable looking at the registry...
Nat/Q: WinXP includes a utility that allows you to view/edit the programs that
run on startup without messing with the registry; I'm not sure if Win2K includes
it as well. Try running "msconfig" from Start -> Run.
--
Phil Weber
# 5 Re: Pop up spam at log-in, no browser is running
Thanks to all for the responses.
Qbert, I did as you suggested. There is no run service folder, and the others
looked ok. The only weird thing was in the Run folder was something called
WinVNC, and the "data" column said (everything inside the single quotes):
' "C:\Program Files\ORL\VNC\WinVNC.exe" -service helper '
However, no such path exists and I did a search for that .exe file, VNC,
and ORL and nothing was found.
What do you think?
"Q*bwet" <luke_davis_76@hotmail.com> wrote:
>
>Something could have been put in the registery or your starup for this
>
>1) look at start programs startup and check to see if there is anything
crazy
>there.
>2) if your comfortable looking at the registery, do the following
>Click start select run type Regedit Navigate to
>
>HKey_LocalMachine\Software\Microsoft\windows\currentversion\
>
>Look for run, runonce, folders. See if there are any files being
>launched from there look strange. If you see anything with .bat, .com,
.exe,
>try to find that file on your system and run it yourself. If the same messenger
>window opens you found the "FILE" that has made it on your computer and
causing
>your problem. I'd simply rename or remove the file and delete that line
>from the registery.
>
>Hope this helped
>
>Q*bert
>"Larry Triezenberg" <ltriezenberg@pathsys.com> wrote:
>>could it be http://messenger.msn.com/
>>
>>perhaps http://www.symantec.com/avcenter/venc/data/w32.funnyfiles.worm.html
>>
>>just a guess...
>>
>>"Nat" <grauman@bellsouth.net> wrote in message
>>news:3db02e92$1@tnews.web.dev-archive.com...
>>> I'm on a W2k box at a university. Recently, when I go to log on to W2k,
>a
>>> window pops up (before I've started any application) advertising porn
>>sites
>>> etc. It's a standard windows message box with an OK button, and in the
>>title
>>> bar it says "Messenger Service".<br>
>>
>>
>
Nat at 2007-11-11 23:22:01 >
# 6 Re: Pop up spam at log-in, no browser is running
Thanks Phil- I was getting ready to respond to your other post re my Option
Explicit problem-
As for this situation, msconfig does not run. It says "can't find the file
(or one of its components)". Is that a problem?
"Phil Weber" <pweber@nospam.fawcette.com> wrote:
> > If you're comfortable looking at the registry...
>
>Nat/Q: WinXP includes a utility that allows you to view/edit the programs
that
>run on startup without messing with the registry; I'm not sure if Win2K
includes
>it as well. Try running "msconfig" from Start -> Run.
>--
>Phil Weber
>
>
Nat at 2007-11-11 23:23:07 >
# 7 Re: Pop up spam at log-in, no browser is running
> Msconfig does not run. It says "can't find the file
> (or one of its components)". Is that a problem?
Nat: No, just means the utility is specific to Windows XP. You can still use
Q*bert's method to check the registry for apps that run on startup.
--
Phil Weber
# 8 Re: Pop up spam at log-in, no browser is running
>>As for this situation, msconfig does not run. It says "can't find the file
(or one of its components)".<<
According to this site you can use the Win98 version of msconfig. Can also
download it.
http://www.techadvice.com/win2000/m/msconfig_w2k.htm
Note: did not try this myself.
How to Use msconfig - http://netsquirrel.com/msconfig/
Andrew
Andrew at 2007-11-11 23:25:03 >
# 9 Re: Pop up spam at log-in, no browser is running
I think you can safely remove that line from your registery. It's not doing
anything.
Even if the other lines "looked ok" I'd make sure that each .exe or .com
or .bat is not starting up the app.
Be sure that you also checked, autoexec.bat for extra files as well as startup
folder on your start menu.
Is the default page for your browser set to the wrong site perhaps?
The last thing it could be is a service installed on the system.
For that you would have to go and examine each service and see what that
service does. The names themselves may be given something that seems windows
like but in fact be the culprit. (Easier to check a like system not having
this issue and match the services up) (I'd consider doing that)
Hope this helps,
Q*bert
@#(*%&
"Nat" <grauman@bellsouth.net> wrote:
>
>Thanks to all for the responses.
>
>Qbert, I did as you suggested. There is no run service folder, and the others
>looked ok. The only weird thing was in the Run folder was something called
>WinVNC, and the "data" column said (everything inside the single quotes):
>' "C:\Program Files\ORL\VNC\WinVNC.exe" -service helper '
>
>However, no such path exists and I did a search for that .exe file, VNC,
>and ORL and nothing was found.
>
>What do you think?
>
>
>"Q*bwet" <luke_davis_76@hotmail.com> wrote:
>>
>>Something could have been put in the registery or your starup for this
>>
>>1) look at start programs startup and check to see if there is anything
>crazy
>>there.
>>2) if your comfortable looking at the registery, do the following
>>Click start select run type Regedit Navigate to
>>
>>HKey_LocalMachine\Software\Microsoft\windows\currentversion\
>>
>>Look for run, runonce, folders. See if there are any files being
>>launched from there look strange. If you see anything with .bat, .com,
>.exe,
>>try to find that file on your system and run it yourself. If the same
messenger
>>window opens you found the "FILE" that has made it on your computer and
>causing
>>your problem. I'd simply rename or remove the file and delete that line
>>from the registery.
>>
>>Hope this helped
>>
>>Q*bert
>>"Larry Triezenberg" <ltriezenberg@pathsys.com> wrote:
>>>could it be http://messenger.msn.com/
>>>
>>>perhaps http://www.symantec.com/avcenter/venc/data/w32.funnyfiles.worm.html
>>>
>>>just a guess...
>>>
>>>"Nat" <grauman@bellsouth.net> wrote in message
>>>news:3db02e92$1@tnews.web.dev-archive.com...
>>>> I'm on a W2k box at a university. Recently, when I go to log on to W2k,
>>a
>>>> window pops up (before I've started any application) advertising porn
>>>sites
>>>> etc. It's a standard windows message box with an OK button, and in the
>>>title
>>>> bar it says "Messenger Service".<br>
>>>
>>>
>>
>
Q*bert at 2007-11-11 23:26:12 >
# 10 Re: Pop up spam at log-in, no browser is running
Hi guys.
You're all close, but no cigar awarded. read this article for a heads up
on what's really going on. ;)
http://www.techtv.com/screensavers/answerstips/story/0,24330,3374542,00.html
And here's how to stop it
http://www.auburn.edu/oit/security/messengerService.html
Cheers!
Kyle
Kyle at 2007-11-11 23:27:07 >
# 11 Re: Pop up spam at log-in, no browser is running
Hi
I have the same thing on my XP server (www.dumbTV.co.uk) and from what I
understand (from asking around) it may be to do with Windows Messenger, and
can be prevented by disabling a service (sorry to be so vague - haven't tried
it yet)
Hope that points you in the right direction ;)
Cheers
Rodney
# 12 Re: Pop up spam at log-in, no browser is running
It sounds to me like a standard "Net Send" message. The guys here in our office
use net send messenger service to tell everyone if e-mail is going to be
down of if the server is going to be restarted.
Recently, I've been getting spam in the same format. At home, I don't get
net send spam if my firewall is on. McAffee bundles a software based firewall
with its anti-virus now. Zone Alarm Pro also makes a good one.
The reason they come at start up is because they are sent by IP address in
the middle of the night. Whoever logs in next gets the message. So I don't
believe it's registry or startup folder related. In fact, if you happen to
be using your machine when the message is sent, it will just pop up in front
of whatever you are doing.
Hope this helps!
