RE: Messager Service Pop-up Dialogs

From: Dan (Dan_at_discussions.microsoft.com)
Date: 06/16/05

• Next message: Terri Creagh: "Unable to download security patches"
• Previous message: Marco van Nieuwenhoven: "RE: EFS symmetric algorithm"
• In reply to: UnderAttack?: "Messager Service Pop-up Dialogs"
• Next in thread: Bruce Chambers: "Re: Messager Service Pop-up Dialogs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 16 Jun 2005 11:53:10 -0700

There is a vulnerability in the Messenger Service that allows an attacker to
use it as an advertising tool, although if I remember correctly it only
affects the messenger service in XP. There is a buffer overflow
vulnerability in the W2K messenger service.

To stop the pop-ups, simply stop and then set the messenger service to
disabled. If you are actually running XP, use the XP firewall. I would also
recommend using a personal firewall (www.kerio.com) as it will alert you to
both ingress and egress traffic issues. The XP firewall only protects you
against unauthorized ingress traffic.

Best of luck,
Dan, SSCP, MCP

"UnderAttack?" wrote:

> I keep seeing the following dialog pop up on my screen:
>
> Messager Service
> Message from WINDOWS to ALERT on 6/15/2005 9:37:42 AM
> STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.
> Windows has found Critical System Errors.
> To fix the errors please do the following:
> 1. Download Repair Registry Pro from: www.regprofix.com
> 2. Install Repair Registry Pro
> 3. Run Repair Registry Pro
> 4. Reboot your computer
> FAILURE TO ACT NOW MAY LEAD TO SYSTEM FAILURE!
>
> However, I can find no reference to regprofix.com with a Google search.
> Other similar dialogs appear directing me to www.updatepatch.info,
> e-regpatch.com and SwipeSpy.com for repair utilities. However, I can find no
> reference to any of those sites on Google! Regprofix.com indicates no
> affiliation with Microsoft.
>
> I'm concerned that this is a deceptive internet attack of some sort. What
> should I do? Can anyone offer a suggestion? Asking good ole Microsoft costs
> $100 up front.
>

• Next message: Terri Creagh: "Unable to download security patches"
• Previous message: Marco van Nieuwenhoven: "RE: EFS symmetric algorithm"
• In reply to: UnderAttack?: "Messager Service Pop-up Dialogs"
• Next in thread: Bruce Chambers: "Re: Messager Service Pop-up Dialogs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [NT] Buffer Overrun in Messenger Service Could Allow Code Execution (MS03-043) ... A security vulnerability exists in the Messenger Service that could allow ... * Microsoft Windows NT Workstation 4.0, ... Internet Connection Firewall (only available on XP and Windows Server ... (Securiteam) Re: Unwanted Pop Up Ads ... > I said that disabling a service don't make a system MORE vulnerable. ... UNLESS you have applications in need of that port. ... Although disabling the messenger service does not make the system "more ... a warning sign of the vulnerability. ... (microsoft.public.security) Re: False positive? ... Windows Messenger is very susceptible to buffer overflow problems. ... "Microsoft Windows Messenger Service contains a vulnerability that can ... (alt.comp.anti-virus) Re: Need help on Microsoft pop ups ... > Scroll down and find the Messenger service, select it, right click it ... (Don't just stop receiving the symptom that you are vulnerable, ... the vulnerability.) ... (microsoft.public.windowsxp.newusers) Re: Messenger Service Pop-ups ... >vulnerability exists in the messenger service. ... you may miss security notifications. ... firewall around it - there is no known vulnerability in Messenger Service ... (microsoft.public.windowsxp.security_admin)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint