Re: Messenger service..critical Errors

From: Chuck (Ummm_at_guess.org)
Date: 01/04/05 

Date: Tue, 04 Jan 2005 10:30:56 -0500

Malke wrote:
> Gibraltar wrote:
>
>
>>hello
>>my friend recently been recieving this odd message
>>:message from system to user ..
>>Warning! your computer may have critical errors in registry and file
>>system. these errors can lead to computercrashes, instability and full
>>system failure..
>>it goes on and to finally asks to log on to a site at
>>..'www.errorfixer.com' we wre wondering if this is a virus of some
>>sort ..he cannot log onto the internet anymoreand hes running windows
>>2000. hes at his wits end and any help will be greatly appreciated.
>
>
> Hi Alan. Your friend is getting messages from spyware, which means he
> needs to clean up his computer. An additional step is that he should
> disable the Messenger service (no, this is not related to Instant
> Messenger) by going to Start>Run and typing (without quotes)
> "services.msc" [enter]. Scroll down to the Messenger service and
> double-click it to get its Properties. Stop the service and set to
> Disabled. However, doing this without running a firewall is just
> masking the problem so make sure your friend has a firewall.
>
> Now, on to the cleanup steps. Do everything with updated tools in Safe
> Mode.
>
> 1) Scan in Safe Mode with current version (not earlier than 2003)
> antivirus using updated definitions.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> HijackThis is an excellent tool to discover and disable hijackers, but
> it requires expert skill. See below for HijackThis links. A combination
> of HijackThis and About:Buster works well in removing the About:Blank
> homepage hijacker. Again, this is an expert tool and novices should get
> help with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore because malware will be in the Restore Points. With ME, you
> must disable System Restore completely. With XP, you can delete all but
> the most recent (presumably clean) System Restore point from the More
> Options section of Disk Cleanup (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Links to help with malware:
>
> Software/Methods:
> http://www.safer-networking.org - Spybot Search & Destroy
> http://www.lavasoftusa.com - Ad-aware
> http://www.majorgeeks.com - good download site
> http://www.intermute.com/spysubtract/cwshredder_download.html
> http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
>
> HijackThis:
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> Eshelman
> http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> forum
> http://www.wilderssecurity.com/
> http://forums.tomcoyote.org/
> http://www.spywareinfo.com/forums/
>
> General:
> http://forum.aumha.org/ - look under "Security" for various forums
> http://rgharper.mvps.org/cleanit.htm
> http://mvps.org/winhelp2002/unwanted.htm
> http://www.aumha.org/a/parasite.htm - The Parasite Fight
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Malke
Just to add, you might also want to turn off the Windows Messaging
Service. This is something that SPammers can do, by sending a Windows
message to all users at a certain IP, and making a bot to do this to
send to large numbers of Ips at once is easy to do. This is a feature
in windows so that Net Admins can alert users of downtime or the like.
Unfortunately it was made so anyone from anywhere can do it.

Relevant Pages

  • Re: Copy Paste Function
    ... I deleted my system restore points so I think ... > It sounds like you have malware on your computer. ... See below for HijackThis links. ... > 3) If you are running Windows ME or XP, ...
    (microsoft.public.windowsxp.general)
  • Re: Still cannot stop Windows "Notebook" from vanishing ... HELP!!
    ... I have to agree with Malke. ... >> I run Windows XP home; ... See below for HijackThis links. ... > the most recent System Restore point from the More ...
    (microsoft.public.windowsxp.security_admin)
  • Re: New Computer Freezing
    ... you are in Windows. ... general troubleshooting steps for both software and hardware. ... See below for HijackThis links. ... the most recent System Restore point from the More ...
    (microsoft.public.windowsxp.general)
  • Re: Messenger service..critical Errors
    ... Your friend is getting messages from spyware, ... See below for HijackThis links. ... > the most recent System Restore point from the More ... Do not install driver updates from Windows Update. ...
    (microsoft.public.security.virus)
  • Re: Application error 0xc00000142
    ... > Those files appear to be malware. ... See below for HijackThis links. ... > 3) If you are running Windows ME or XP, ... > the most recent System Restore point from the More ...
    (microsoft.public.windowsxp.general)