Reply With QuoteNo, but I run a Mac, which gets other pop ups when i click on any of the images posted...... like chicks offering to model for me, hmmmmm....
GQ
Has anyone experienced under Win 2000 pro a message popping up claiming the registry is corrupt and you need to download a third part reg cleaner like registry mechanic?
This appeared after installing microsofts remote desk top to work across a vpn.
Ive scanned for adware, cleaned what I found, cleaned the registry and the bloody thing is still popping up.
any help would be appreciated.
YarnMaster
No, but I run a Mac, which gets other pop ups when i click on any of the images posted...... like chicks offering to model for me, hmmmmm....
GQ
SysAdmin (Owner)
you need to turn off netbios messaging...
it runs as a service in the background.
access to it isnt by a trojan, it is just remote software that accesses that particular port... good for mass advertising..
plenty of free ituls out there to turn it off if you dont know how to turn off services.
2007 Discovery 3 SE7 TDV6 2.7
2012 SZ Territory TX 2.7 TDCi
"Make the lie big, make it simple, keep saying it, and eventually they will believe it." -- a warning from Adolf Hitler
"If you don't have a sense of humour, you probably don't have any sense at all!" -- a wise observation by someone else
'If everyone colludes in believing that war is the norm, nobody will recognize the imperative of peace." -- Anne Deveson
“What you leave behind is not what is engraved in stone monuments, but what is woven into the lives of others.” - Pericles
"We can ignore reality, but we cannot ignore the consequences of ignoring reality.” – Ayn Rand
"The happiness of your life depends upon the quality of your thoughts." Marcus Aurelius
Master
If your using a ADSL modem/router (which I assume you are) then it's unlikely to be spam coming through Messenger Service unless you have deliberately set a port forward to your computer.Originally Posted by RR5L
If you right click on the toolbar (XP default is down the bottom of your screen) and select Task Manager, then third tab "Performance". Left middle you will see PF Usage, this is basically the amount of physical memory (RAM) your computer is currently using.
If you have 512MB or less, XP will use about 130 - 160MB to get to the desktop after a reboot. 1GB or more of memory (RAM) and its about 200 - 260MB. If your system is using substantially more than that it's likely you have some unwanted items running.
I have a general quick ref guide I give to people (friends etc) that wish to check-up/clean etc their computers. It can be found here;
http://unconfigured.wordpress.com/malware-spyware/
If you have done all that, you really need to post some more info.
Best regards
DarrenR
SysAdmin (Owner)
you dont need to set a port forward.... i have seen it do it countless times behind adsl routers...
2007 Discovery 3 SE7 TDV6 2.7
2012 SZ Territory TX 2.7 TDCi
"Make the lie big, make it simple, keep saying it, and eventually they will believe it." -- a warning from Adolf Hitler
"If you don't have a sense of humour, you probably don't have any sense at all!" -- a wise observation by someone else
'If everyone colludes in believing that war is the norm, nobody will recognize the imperative of peace." -- Anne Deveson
“What you leave behind is not what is engraved in stone monuments, but what is woven into the lives of others.” - Pericles
"We can ignore reality, but we cannot ignore the consequences of ignoring reality.” – Ayn Rand
"The happiness of your life depends upon the quality of your thoughts." Marcus Aurelius
Master
Obviously I could believe that statement if the modem/router is set to bridge mode (so the computer in question is directly connected to the internet) or other defaults are changed that allow the relevant ports to be open (udp 135, 137, 138, tcp 135, 139, 445).
Keep in mind if the computer isn't connected directly to the internet (as in the modem/router is NOT in bridge mode) the ports in question still need to be forwarded to a computer on the LAN, as the net send (from outside) is a "broadcast" to the external IP address.
I have plenty of business clients (me included) that have Messenger Service running as a lot of devices such as network printers, UPS units and other software still use the Messenger Service.
As I'm sure you know the Messenger Service vulnerability (work around perhaps?) is a well known “trick” and has been around for what? 10 years, must be close to it. I’d be surprised to find a consumer lvl modem/router device that would allow inbound NetBIOS by default, as for business any half baked IT admin should be well aware of what needs doing to prevent inbound broadcast of the Messenger Service.
Best regards
DarrenR
SysAdmin (Owner)
drivel....
and the fix is
No matter what Service Pack is installed, the NT Messenger Service is still enabled by
default on 90% of installs.
NetBIOS over IP is totally exposed to the Internet, as proven by the NetBIOS,
Messenger Service Pop-Ups.
The SC.EXE command does not come stock with Win2K. It is available in the NT Resource Kit or
by download. ftp://ftp.microsoft.com/reskit/win2000/sc.zip
Extract SC.EXE to the folder; %windir%\system32
Execute:
sc stop Messenger
sc config Messenger start= disabled
Last edited by incisor; 13th March 2007 at 11:19 AM.
2007 Discovery 3 SE7 TDV6 2.7
2012 SZ Territory TX 2.7 TDCi
"Make the lie big, make it simple, keep saying it, and eventually they will believe it." -- a warning from Adolf Hitler
"If you don't have a sense of humour, you probably don't have any sense at all!" -- a wise observation by someone else
'If everyone colludes in believing that war is the norm, nobody will recognize the imperative of peace." -- Anne Deveson
“What you leave behind is not what is engraved in stone monuments, but what is woven into the lives of others.” - Pericles
"We can ignore reality, but we cannot ignore the consequences of ignoring reality.” – Ayn Rand
"The happiness of your life depends upon the quality of your thoughts." Marcus Aurelius
Master
At no point did I say that it wasn't.
As for the rest of it, like you said, drivel...
Best regards
DarrenR
SysAdmin (Owner)
the drivel refers to the netbios messaging not spreading behind a std out of the box adsl router setup...
it is the nature of the service to do exactly that..and without specifically excluding it, most router setups let it do its deeds unhindered...
2007 Discovery 3 SE7 TDV6 2.7
2012 SZ Territory TX 2.7 TDCi
"Make the lie big, make it simple, keep saying it, and eventually they will believe it." -- a warning from Adolf Hitler
"If you don't have a sense of humour, you probably don't have any sense at all!" -- a wise observation by someone else
'If everyone colludes in believing that war is the norm, nobody will recognize the imperative of peace." -- Anne Deveson
“What you leave behind is not what is engraved in stone monuments, but what is woven into the lives of others.” - Pericles
"We can ignore reality, but we cannot ignore the consequences of ignoring reality.” – Ayn Rand
"The happiness of your life depends upon the quality of your thoughts." Marcus Aurelius
Master
Fine, whatever, If people are that worried about *cough* outdated scare mongering they can try a simple test here;
GRC.com
http://www.grc.com/default.htm
Towards the bottom is ShieldsUP! which has a number of tests which can probe common or specific ports, there is also a "Messenger Spam" test option.
Best regards
DarrenR
Posting Permissions
| Search AULRO.com ONLY! |
Search All the Web! |
|---|
|
|
|
Bookmarks