What virus is this? How to remove?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi folks, can you help me ?

I have a virus-type problem which causes a pop-up box appears from time
to time.
This does not only happen when I'm online, or using a browser, it can
happen at any time on any screen while the computer is on, so I've
obviously taken something onboard.

The pop-up box claims to be a message conveyed by 'windows messenger'
(though it isn't since I uninstalled messenger),

It states that it is a -

'Message from SYTEM ALERT to (etc)

Microsoft Windows has encounted (sic) an Internal Error

Your windows registry is corrupted.
Microsoft recommends a complete system scan

Microsoft recommends

http://RepairWindows.net

To repair now with a free download'

Obviously I realize this message is a load of crap to try and get me
even more infected, it's totally unconvincing and they can't even
spell 'encountered'.

Question is, does anyone know how I can clean this annoying pop-up
syndrome out of my system?

Thanks if you can help

Mothed


Re: What virus is this? How to remove?


Disable the Messenger service, its not a necessary service.


Quoted text here. Click to load it



--
Posted via NewsDemon.com - Premium Uncensored Newsgroup Service
      ------->>>>>>http://www.NewsDemon.com <<<<<<------
Unlimited Access, Anonymous Accounts, Uncensored Broadband Access

Re: What virus is this? How to remove?

I have already uninstalled the messenger service, as I mention above.
The pop-ups are probaby made to look like MS Messenger messages.
This is something that's working inside my system.
As I say, it happens even if i'm not online.


Re: What virus is this? How to remove?

mothed-out@excite.com wrote:
Quoted text here. Click to load it

No, not the MSN messenger, but try disabling the 'Messenger' service.
By default it is set to Automatic.  The Messenger service allows a WinPC
to send a text pop-up to any other WinPC.  You cannot uninstall the
Messenger service, only disable it.  Spammers have been abusing the
Messenger service for years.

Re: What virus is this? How to remove?


tdstr wrote:
Quoted text here. Click to load it

Thanks guys, i think you are right, all of you. I've got my messenger
programs mixed up and didn't realise you had to disable it and couldn't
uninstal that inherent messenger thing.

seems to have worked so far, phew, that was a real pain in ass

cheers

mothed


Re: What virus is this? How to remove?

mothed-out@excite.com says...
Quoted text here. Click to load it
**************** REPLY SEPARATER *****************
You have disabled the service, but you have not resolved the underlying
problem. You are obviously not using a firewall, and port 445 is open to abuse.
You should disable the port by adding the following registry item:

  Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
  Value: SmbDeviceEnabled
  Type: DWORD value (REG_DWORD)
  Content: 0 (to disable)

This port is an extra one added by Microsoft that performs the same function
(Server Message Block) as the netbios ports 137-139, and is open to other
abuses. Although Microsoft has theoretically patched the holes in this service,
there is nothing to say that new ones will not be found.

J.A. Coutts


Re: What virus is this? How to remove?


John Coutts wrote:
Quoted text here. Click to load it

OK, i'm obviously not very knowledgeable about this stuff. I thought I
was behind a firewall as part of my norton package.
I'll have a go. I'm assuming you mean type this in in the command
prompt thing for windows.
Thanks.


Re: What virus is this? How to remove?

mothed-out@excite.com says...
Quoted text here. Click to load it
**************** REPLY SEPARATER *****************
A firewall prevents someone from the outside (internet) accessing a port
that your machine may have in the listening mode. Any port in the listening
mode has the potential to provide access to a hacker. Some services such as
Netbios are safer than other services (provided you have proper security
setup). Although some AV packages may provide a firewall service, the best
firewall is an external stand alone device such as a NAT router (it cannot be
defeated by a virus and is more reliable).

For more information on reducing the vulnerability of XP, see:

http://www.yellowhead.com/security2.htm

J.A. Coutts


Re: What virus is this? How to remove?


Quoted text here. Click to load it

Huh? The messenger thing even works when you're 'not online'?



Re: What virus is this? How to remove?


| I have already uninstalled the messenger service, as I mention above.
| The pop-ups are probaby made to look like MS Messenger messages.
| This is something that's working inside my system.
| As I say, it happens even if i'm not online.

Assuming it is the NT Messenger Service...

To disable the Windows Messenger Service, you can open a Command Prompt and type
the
following commands...

sc  stop  Messenger
sc  config  Messenger  start= disabled

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline