Microsoft "Messenger Service"

From: yams (Ihate@spammers.com)
Date: 09/12/02 

From: "yams" <Ihate@spammers.com>
Date: Thu, 12 Sep 2002 17:57:32 -0400

I believe I only had OutLook Express running writing a message when all of a
sudden I got a "Messenger Service" popup message from an Internet Marketing
spam site.

This blew me away! I am usually very careful and don't install anything I
don't need. I don't use ICQ, MSN or none of that crap. This is on my home
ADSL account.

How did this occur?

I turned off the Messager service, but some how this was "activated" and
"executed" on my machine.

To see if this was done from the outside, from my office machine at work, I
attempted a

           "NET SENT home_ip HELLO"

to see if my home machine is open. It failed. So this came from WITHIN my
home machine!

Can someone give me some insight as to whats going on?

Also as I am cleaning up the machine, I have the resultant ports listening:

Active Connections

  Proto Local Address Foreign Address State
  TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1588 0.0.0.0:0 LISTENING
  UDP 0.0.0.0:135 *:*
  UDP 0.0.0.0:445 *:*
  UDP 0.0.0.0:1026 *:*
  UDP 0.0.0.0:1584 *:*
  UDP 67.34.202.215:500 *:*
  UDP 127.0.0.1:1616 *:*

Are any of these suspicious?

thanks

Quantcast