Whilst closely watching the traffic to a server here at work (I had a good reason, I don’t just find it fun) (yes I do) I noticed a firewall batting away a bunch of incoming Microsoft Messenger Service NetrSendMessage. These are UDP packets destined for port 1026. The contents of the messages seem to be spyware and spam tricks. “Your system needs updating, click here to purchase the patch” etc.etc.
I’ve not come across this before, but it seems to be wide spread. In 2 hours I collected over a dozen to one particular host, all from different source IPs and nearly all with different messages and urls in them. Here are some excerpts, notice that as URLs aren’t clickable in message boxes they have to leave instructions to type the url in.
UPDATE: For all the non-techies, these messages are NOT the result of a virus or worm or anything like that. They are just network messages sent over the internet by scammers, a bit like spam. You can safely ignore them. If you want them to go away, install some firewall software or follow the instructions by Manimo to turn off the messaging service.
======================
Buffer Overrun in Messenger Service Allows Remote Code Execution,
Virus Infection and Unexpected Computer Shutdowns
Affected Software:
Microsoft Windows NT Workstation
Microsoft Windows NT Server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Win98
Microsoft Windows Server 2003
Non Affected Software:
Microsoft Windows Millennium Edition
Your system is affected, download the patch from the address below !
FIRST TYPE THE ADDRESS BELOW INTO YOUR INTERNET BROWSER, THEN CLICK ‘OK’.
THE ADDRESS WILL DISAPPEAR ONCE YOU CLICK ‘OK’.
www.updatepatch.info
and this one
Windows has found infected spyware and dangerous errors on your computer!
To rid your computer of these dangerous errors and infected spyware do the
following:
1. Download eAntiSpy from: www.desktopfix.com
2. Install eAntiSpy
3. Run eAntiSpy
4. Reboot your computer
FAILURE TO ACT NOW MAY LEAD TO DATA CORRUPTION AND LOSS OF PERSONAL
INFORMATION AND SYSTEM FAILURE!
And this one:
We detected a dangerous Virus installed on your computer but was unable
to remove it. This Virus allow companies/users to monitor your
Internet browsing patterns. It is recommended that you install the
latest software to remove these by going to:
www.fixscan.com
Comments
Hi,
I purchased a PC invected with these messages. Tried downloading Noadaware, Registry Mechanic & Spybot S&D but still having the problem. Anyone there know how to fix this? Thanks for your help.
Shut down the messenger service (this does NOT affect MSN Messenger etc). In w2k/xp you do this by going to the Control Panel, Administrative Options and then Services. Stop the messenger service and have it not starting up on boot (should be fairly obvious how to do this).
Also note the names (especially Administrative Options) can be somewhat off since I don’t run windows so I can’t check.
http://www.grc.com/stm/shootthemessenger.htm
(or install Linux!)
i have the same pop ups is this for real??????
hi,
my pc has been effected by a virus .so please remove it from my system,thank you
nortons antivirus 2003 is unable to detect the virus .so please remove the virus .thank u
I have same problem.
I alread upgrade IE to latest version, IE6 SP1.
On the same networking, only one of them has the trouble.
When it connects to the internet.
So, I think, It must be comming form the OS, Win2K.
WoW !!! I got that garbage trying to do a DOS telnet experiment, yep, using a DOS ppp tcp/ip connection, RLFOSSIL, which is a DOS program that emulates a modem to allow a terminal program such as TELEMATE to connect to the internet….. pretty weird stuff
Thanks for the info, just reformatted my computer, have adware by MS. Never seen these before. No legit sites either. You site was most helpful!
emm no se que pasa con la compu de repente aparecre un aviso que tengo que vagar de eta paguina
You can install norton antivirus 2007, and than, scan your computer, i hope this step can solve your problem