Has anyone experienced under Win 2000 pro a message popping up claiming the registry is corrupt and you need to download a third part reg cleaner like registry mechanic?

This appeared after installing microsofts remote desk top to work across a vpn.

Ive scanned for adware, cleaned what I found, cleaned the registry and the bloody thing is still popping up.

any help would be appreciated.

No, but I run a Mac, which gets other pop ups when i click on any of the images posted...... like chicks offering to model for me, hmmmmm....

GQ

you need to turn off netbios messaging...

it runs as a service in the background.

access to it isnt by a trojan, it is just remote software that accesses that particular port... good for mass advertising..

plenty of free ituls out there to turn it off if you dont know how to turn off services.

Has anyone experienced under Win 2000 pro a message popping up claiming the registry is corrupt and you need to download a third part reg cleaner like registry mechanic?

This appeared after installing microsofts remote desk top to work across a vpn.

Ive scanned for adware, cleaned what I found, cleaned the registry and the bloody thing is still popping up.

any help would be appreciated.

If your using a ADSL modem/router (which I assume you are) then it's unlikely to be spam coming through Messenger Service unless you have deliberately set a port forward to your computer.

If you right click on the toolbar (XP default is down the bottom of your screen) and select Task Manager, then third tab "Performance". Left middle you will see PF Usage, this is basically the amount of physical memory (RAM) your computer is currently using.

If you have 512MB or less, XP will use about 130 - 160MB to get to the desktop after a reboot. 1GB or more of memory (RAM) and its about 200 - 260MB. If your system is using substantially more than that it's likely you have some unwanted items running.

I have a general quick ref guide I give to people (friends etc) that wish to check-up/clean etc their computers. It can be found here;
http://unconfigured.wordpress.com/malware-spyware/

If you have done all that, you really need to post some more info.

Best regards
DarrenR

you dont need to set a port forward.... i have seen it do it countless times behind adsl routers...

you dont need to set a port forward.... i have seen it do it countless times behind adsl routers...

Obviously I could believe that statement if the modem/router is set to bridge mode (so the computer in question is directly connected to the internet) or other defaults are changed that allow the relevant ports to be open (udp 135, 137, 138, tcp 135, 139, 445).

Keep in mind if the computer isn't connected directly to the internet (as in the modem/router is NOT in bridge mode) the ports in question still need to be forwarded to a computer on the LAN, as the net send (from outside) is a "broadcast" to the external IP address.

I have plenty of business clients (me included) that have Messenger Service running as a lot of devices such as network printers, UPS units and other software still use the Messenger Service.

As I'm sure you know the Messenger Service vulnerability (work around perhaps?) is a well known “trick” and has been around for what? 10 years, must be close to it. I’d be surprised to find a consumer lvl modem/router device that would allow inbound NetBIOS by default, as for business any half baked IT admin should be well aware of what needs doing to prevent inbound broadcast of the Messenger Service.

Best regards
DarrenR

drivel....

and the fix is

No matter what Service Pack is installed, the NT Messenger Service is still enabled by
default on 90% of installs.

NetBIOS over IP is totally exposed to the Internet, as proven by the NetBIOS,
Messenger Service Pop-Ups.

The SC.EXE command does not come stock with Win2K. It is available in the NT Resource Kit or
by download. ftp://ftp.microsoft.com/reskit/win2000/sc.zip

Extract SC.EXE to the folder; %windir%\system32

Execute:

sc stop Messenger
sc config Messenger start= disabled

drivel....

and the fix is

No matter what Service Pack is installed, the NT Messenger Service is still enabled by
default on 90% of installs.



At no point did I say that it wasn't.

As for the rest of it, like you said, drivel...

Best regards
DarrenR

the drivel refers to the netbios messaging not spreading behind a std out of the box adsl router setup...

it is the nature of the service to do exactly that..and without specifically excluding it, most router setups let it do its deeds unhindered...

Fine, whatever, If people are that worried about *cough* outdated scare mongering they can try a simple test here;

GRC.com
http://www.grc.com/default.htm
Towards the bottom is ShieldsUP! which has a number of tests which can probe common or specific ports, there is also a "Messenger Spam" test option.

Best regards
DarrenR

Ok, thanks guys, Ive now got this thing under control, it seems I was hit with Smitfraud.c a trojan. Via http://unconfigured.wordpress.com/malware-spyware/ I was able to find a resource that allowed me to remove it from my PC, no more pop ups from the message service.

being the idiot i am I thought I'd try this
http://www.grc.com/default.ht (http://www.grc.com/default.htm)


ended up with a PERFECT rating,,,

I s'pose thats better than failing!!!:D

Ok, thanks guys, Ive now got this thing under control, it seems I was hit with Smitfraud.c a trojan. Via http://unconfigured.wordpress.com/malware-spyware/ I was able to find a resource that allowed me to remove it from my PC, no more pop ups from the message service.

Glad it was of some use to you and that you got it sorted.

Best regards
DarrenR

being the idiot i am I thought I'd try this
http://www.grc.com/default.ht (http://www.grc.com/default.htm)


ended up with a PERFECT rating,,,

I s'pose thats better than failing!!!:D

Smart is more like it, atleast you now have a clearer idea of the status of your connection to the big bad WWW.

Best regards
DarrenR