RE: WARNING Long Reply - Re: pop-down windows killer
From: jacques (jacques_at_discussions.microsoft.com)
Date: 09/13/04
- Previous message: Allen Thompson: "Safe Mode - can't get out of it!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 12 Sep 2004 15:33:02 -0700
i could say that the messenger is OFF and 90% of popups are out
however there are 2 windows with following addresses:
http://z1.adserver.com/w/cp.x;rid=1;tid=2;ev=1;dt=3;ac=14;c=98;
http://205.180.85.40/w/pc.cgi?mid=38999&sid=17587
still popup in the last 3 hours -- does any one know what is the
source and how to get rid oh these TWO
thanks
"Jim Byrd" wrote:
> Hi Gmrad - There are currently two classes of things going on that are
> causing people popup difficulties. If you get popups even when your browser
> is not connected to the Internet with a title bar reading "Messenger
> Service", then these are most likely due to open NetBios TCP ports 135, 139
> and 445 and UDP ports 135, 137-138 and a UDP port in the range of
> 1026-1029.. You really need to block these with a firewall as a general
> protection measure. You can stop the popups by turning off Messenger
> Service; however, this still leaves you vulnerable. If you have an NT-based
> OS such as XP or Win2k, you should probably also specifically block TCP
> 593, 4444 and UDP 69, 139, 445, and install the very important 824146 patch
> from MS03-039, here: http://support.microsoft.com/default.aspx?kbid=824146
> to block the Blaster worm as well as several other parasites.
>
>
> See: Messenger Service Window That Contains an Internet Advertisement
> Appears http://support.microsoft.com/?id=330904 which identifies reasons to
> keep this service and steps to take if you do.
>
> You can test your system and follow the 'Prevention' link to get additional
> information here:
> http://www.mynetwatchman.com/winpopuptester.asp Unless you have very good
> reasons to keep this active, it should be turned off in Win2k and XP. Go
> here and do what it says:
> http://www.itc.virginia.edu/desktop/docs/messagepopup/ or, even better, get
> MessageSubtract, free, here, which will give you flexible control of the
> service and viewing of these messages:
> http://www.intermute.com/messagesubtract/help.html Recommended.
>
> (FWIW, ZoneAlarm's default Internet Zone firewall configuration blocks the
> necessary ports to prevent this use of Messenger Service. I don't know the
> situation with regard to other firewalls.)
>
> Messenger Service is not per se Spyware or something that MS did wrong - It
> provides a messaging capability which is useful for local intranets and is
> also sometimes (albeit nowdays infrequently) used by some applications to
> provide popup messages to users. However, it can also be (and now frequently
> is) used to introduce spam via this open NetBios channel. For a single user
> home computer, it normally isn't needed and can be turned off which will
> eliminate the spam popups. This DOESN'T, however, remove the vulnerability
> of having these ports open, when in fact they aren't needed, since they can
> be perverted in other ways as well, some of which can be much more damaging
> than just a spam popup.
>
>
>
> If you're getting a lot of popups while surfing, then the following may be
> useful:
>
> Popups - The best way to start is to get Ad-Aware 6.0, Build 181 or later,
> here: http://www.lavasoftusa.com/support/download/. Update and run this
> regularly to get rid of most "spyware/hijackware" on your machine. If it
> has to fix things, be sure to re-boot and rerun AdAware again and repeat
> this cycle until you get a clean scan. The reason is that it may have to
> remove things which are currently "in use" before it can then clean up
> others.
>
> Another excellent program for this purpose is SpyBot Search and Destroy
> available here: http://security.kolla.de/ SpyBot Support Forum here:
> http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi. I recommend
> using both normally. Update before starting, then after fixing things with
> SpyBot S&D, be sure to re-boot and rerun SpyBot again and repeat this cycle
> until you get a clean "no red" scan. The reason is that SpyBot sometimes
> has to remove things which are currently "in use" before it can then clean
> up others.
>
> Then, there are a variety of third party "Popup Killers" available. I
> normally use AdShield, which, if you maintain its Block List every now and
> then, almost totally stops this. In addition, it stops a variety of
> ads/banners/etc. (particularly spyware like doubleclick) on pages I access.
> This is probably all you'll need; however, I've also investigated a program
> called webwasher which appears to be very good, but decided that AdShield
> was sufficient. At the bottom of this post, you'll find a list provided
> courtesy of bc_acadia of a number of free popup blockers with links.
>
> ****** NOTE: As of 28 Apr 03 AdShield appears to have partnered with a new
> reseller, and AdShield is no longer free. There is a trial version of
> AdShield3; however, IMO it is seriously crippled in not being able to import
> or export block lists and I think for reasonable utility one would have to
> go to the full version. While I don't normally recommend non-free software,
> I personally will continue to use AdShield3, since I think it is the best
> currently available combined Popup/Ad/Malware blocker, but you should be
> aware of the fact that it now costs, ($29.95), whereas the earlier versions
> upon which I based my original recommendation were free, although not nearly
> as capable as the AdShield3 release. I've included below links to both the
> older free version and the new paid version. You'll have to investigate and
> make your own choice in the matter. *******
>
> Here are a number of AdShield-related links:
>
> http://www.fsd1.org/technology/Files/AdShield.exe - AdShield1.2 (free)
> http://www.internettechs.net/utilities/AdShield.exe - AdShield1.2 (free)
> http://ftp.ural.ru/home/index/windows/networking/utils/AdShield -
> AdShield1.2 (free)
> http://www.megalog.ru/info/utilz/AdShield.zip - AdShield1.2 (free)
> http://www.allstarss.com/store/adshield.html - AdShield3
> http://www.mvps.org/winhelp2002/block.txt - (Mike Burgess' .txt Block List
> for AdShield)
> http://www.mvps.org/winhelp2002/block.zip - Mike Burgess' Zipped Block List
> for AdShield - Recommended)
> http://adshield.briankass.com/blocklists.html (lists a number of blocklists)
> http://adshield.briankass.com/blocklist.abl (brian's blocklist in .abl
> format)
> http://adshield.briankass.com/blocklist.txt (brian's blocklist in .txt
> format)
> http://www.songwave.com/software/adshield_blocklist.txt (40,000 pornsites
> blocked - *VERY* large list - use at your own risk)
> http://www.chrismyden.com/temp/block.abl (chrismyden's blocklist in .abl
> format)
> http://www.staff.uiuc.edu/~ehowes/resource.htm#AdShield (Eric Howes AGNIS
> for AdShield block list - Recommended) (BTW, Eric's site contains a wealth
> of very valuable information about all aspects of net security - Very Highly
> Recommended)
>
> There's also a new AdShield forum here:
> http://users.boardnation.com/~adshield/index.php
>
> Here's a good AdShield test site, courtesy of siljaline: "Make ***SURE***
> you have your block scripted popups enabled
> http://www.mediaboy.net/1010100-1100001-1111010/gahk/>>>> [Warning this URL
> opens a multitude of Browser windows almost instantly]"
>
> http://www.webwasher.com - Webwasher
>
>
> Additionally, some people have recommended Popup Stopper and PopupBuster,
> but they have also been reported or experienced to cause perceived problems
> for some people with "normal" links in IE6 such as Google search results and
> links from OE. Some proponents of PopupBuster assert, however, that this is
> normal operation for this program under
> certain circumstances which can be overridden if necessary. YMMV Another
> "Proxy" type blocker similar to Webwasher and Proxomitron but supposedly a
> bit easier to configure is Privoxy here: http://www.privoxy.org/ Also, the
> free Google Tool Bar has a builtin popup blocker which is fairly effective.
>
> Also, if you're comfortable allowing changes to the registry, there is an
> approach, IE-SPYAD, using the restricted sites list which can be used for
> scripted popups. I use this and it works very well. See here:
> https://netfiles.uiuc.edu/ehowes/www/resource.htm
>
>
>
> There is additonal information about setting up and using AdShield, and
> about using the Restriced Zone (and an additional list) here:
> http://www.mvps.org/winhelp2002/hosts.htm and some of the Frequently Asked
> Questions (FAQ's) about AdShield here: http://adshield.briankass.com
>
> Lastly, ZoneAlarmPro3/4 has added provisions for stopping adds/popups,
> handling cookies, web bugs, and scripting/ActiveX components in addition to
> it's firewall functionality. Not free, but I have used it with my other
> AdBlocking stuff (AdShield, etc.) turned off as a test, and it appears to be
> very good indeed. So far I've experienced no problems at all with it set in
> its High Security modes for Ads although others have reported the need to
> temporarily turn it off to reach some sites. Also, Agnitum's Outpost
> Firewall supports a plug-in for this: "Pre-configured to block most banner
> advertisement. Can be configured manually or by simply dragging and dropping
> unwanted banners into the Ad Trashcan." I
> have no experience as to how effective it is, but I have received a
> favorable report.
>
> There's good information about hijacking in general and fixes available for
> specific hijackers here: http://www.spywareinfo.com/hijacked.html
> http://gmpservicesinc.com/Articles/hijack.asp
> http://www.mvps.org/inetexplorer/Darnit.htm#pop_up
> http://www.doxdesk.com/parasite/
>
> bc_acadia's list:
>
> "Some popup blockers. All of these are 100% pure freeware, no trial
> periods. Some of these do more than just handle popups.
>
> Pow!: http://www.analogx.com/contents/download/network/pow.htm
> NoAds: http://www.southbaypc.com/NoAds/
> PopupEraser: http://www.webknacks.com/popuperaser.htm
> Stop-the-Pop: http://www.bysoft.se/sureshot/stopthepop/index.html
> Internet Organizer: http://www.sf.yucom.be/wdprojects/
> PopKi: http://ranfo.com/popki.html
> PopUpPopper: http://www.bayden.com/Popper/default.asp
> PopUpKiller: http://sourceforge.net/projects/puk/
> AdCruncher Proxy:
> http://home.sprintmail.com/~dtrout/AdCruncher/ReadMe.html
> KillAd: http://www.wplus.net/pp/fsc/
> ClickOff: http://www.johanneshuebner.com/en/download.html
> PopupBuster: http://www.popupbuster.com/PopUpBuster/
> Free Surfer: http://www.kolumbus.fi/eero.muhonen/FS/
> Window Shades: http://www.g-m-m.com/Software/WindowShades/index.php
> AdShield (my personal favorite): http://www.adshield.org/
> PopupStopper: http://www.panicware.com/popupstopper.html
> Proxomitron (has learning curve): http://www.proxomitron.org/
> For those who don't want third party stuff, your own pc's built-in
> host file:
> http://www.mvps.org/winhelp2002/hosts.htm and
> http://www.smartin-designs.com/ and http://www.accs-net.com/hosts/
>
>
> Here is a review of 61 popup killers, not all of them are free:
> http://www.popup-killer-review.com/index.htm"
>
> NOTE that this site also contains a good, comprehensive series of popup
> killer tests. Some good additional tests are also available here:
> http://www.webknacks.com/aptest.htm
>
> There's another popup test page here:
> http://www.kephyr.com/popupkillertest/index.html
>
>
> Another good test page and lists of both free and cost popup blockers is
> here: http://www.popuptest.com/ Recommended
>
>
>
> If you install and keep UPDATED a good HOSTS file, it can help you avoid
> most adware/malware. See here: <http://www.mvps.org/winhelp2002/hosts.htm>
> (Be sure it's named/renamed HOSTS - all caps, no extension)
>
>
>
> You might want to consider installing the SpywareBlaster and SpywareGuard
> here to help prevent this kind of thing and other malware from happening in
> the future:
> http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
> X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
> memory load - but keep it UPDATED) The latest version as of this writing
> will prevent installation or prevent the malware from running if it is
> already installed, and it provides information and fixit-links for a variety
> of parasites.
> http://www.wilderssecurity.net/spywareguard.html (Monitors for attempts to
> install malware) Both Very Highly Recommended.
>
> Perhaps these will help.
>
> --
> Please respond in the same thread.
> Regards, Jim Byrd, MS-MVP
>
>
>
> In news:ONVlk%23KWEHA.3944@tk2msftngp13.phx.gbl,
> gmrad <gmrad@email.com> typed:
> > What is the best killer of popup windows?
>
>
- Previous message: Allen Thompson: "Safe Mode - can't get out of it!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
