new (to me) kind of Spam... (1 Viewer)

[Jay H]

Just recently I've been getting Messenger type messages when online, stupid stuff, like get 10 months of internet free, blah blah blah.. I traced it to process CSRSS.exe which just happens to be a system process and can't be deleted, it's probably part of Win2k's Messager service... Anyway, I've had it for only a week, anybody else? At first, I thought it was a virus or rogue process but I've run the latest Ad-Aware and it finds nothing.

The solution after a little web research is to disable Win2k's messaging service via:



Control Panel->Administrative Tools->Services

Scroll down to "Messenger", and double click it to make it "disabled" at startup, hit stop to disable it now and then hit "OK"

I'll see if I get any more messages, but it should do the trick... Never knew these a**holes are not paging domains with messages...

Jay

 

[nolesrule]

Yeah, that'll disable the Messenger service. However, for those that need to keep it running, being behind a firewall will block outside access to the ports that are open to the Messenger service.

 

[Jay H]

I'm still using dialup, so I gather he must have something that sends a message to perhaps all of my ISP's range... who knows but I never seen this until recently. Perhaps I'll talk to my ISP to see if other users are seeing this. Maybe they can track down the culprit and block him if possible..

Jay

 

[Kevin P]

Messenger spam is everywhere these days. Most senders will send them to entire ranges of IP addresses, particularly broadband addresses. My Linux box, which acts as my firewall, is programmed to capture samples of the spam I receive so I can examine it. What's ironic is most of the messenger spams I receive advertise software that blocks messenger spam!

Turning off the messenger service will stop the pop-ups from occurring, but the fact that you are receiving them means your computer is also open to other forms of attack, especially if you have file sharing enabled, or are running any other services such as IIS or similar, or get infected with a virus, worm, or Trojan. A firewall program is a better solution to the problem overall. Zone Alarm is a good free firewall which you can download.

If you're on dialup a software firewall like Zone Alarm is your best option, but if you ever go broadband you can invest in a router which will act both as a firewall and a way to share your internet connection amongst all your computers.

For the geeks and firewall admins amongst the HTF crowd, blocking incoming packets on UDP port 135 will prevent messenger spam from getting through.

 

[Colin Dunn]

Just about any version of Windows is not secure in its default, "out of the box" configuration. Because of this, I tell all my customers, co-workers, and friends to put their computer behind a firewall if they are using broadband Internet of any kind.

The simple $99 NAT router/firewall devices at local electronics shops will suffice. They block inbound attempts to connect on every TCP and UDP port except the ones you explicitly permit.

This cuts out messenger spam, plus a wide variety of other attacks and exploits.

If you want to avoid paying the $99 for a NAT router/firewall, you can do some things to secure your Windows box for free. These are also useful things to do even if you are behind a firewall:

- STAY ON TOP OF PATCHES! You should be checking Windows Update DAILY if you're not behind a firewall (and weekly if you are) and install any new security-related hot-fix that is provided right away.
- Pick a strong administrator password, using a mix of upper/lower case, numbers, and symbols. These passwords are too time-consuming to crack.
- Turn on the "firewalling" feature of Windows XP (if you are running it) on any Internet-facing network interfaces.
- Install a "software firewall" program like ZoneAlarm. But be prepared for lots of nagging pop-ups as you train it to recognize what applications generate legitimate Internet activity from your computer. Even if you have a hardware firewall, this can be useful for identifying potential virus/Trojan/spyware activity on your system.
- On Windows 2000/XP, apply the HISECWS.INF security template. This will make your box more hack-resistant by picking more rigorous security settings.

 

[David-S]

- On Windows 2000/XP, apply the HISECWS.INF security template. This will make your box more hack-resistant by picking more rigorous security settings

Colin: I'm curious, how would I do this? I've got a "fairly" secure box, but I've never heard of these... do you have any info on how to do this?

Thanks

 

[TonyD]

thanks for the advice colin but all that is tech tlk to me and i have no idea what it all means.

any way to do those things and help me know how to do that in laymen's terms?

 

[Glenn Overholt]

Jay, I'm still getting those too. I've never used the messenger service, and XP wouldn't let me delete it, so I ended up changing the extension of the messenger execute file so it wouldn't work, but the pop-up still show up now and then.

I think I'm glad that I'm not the only one getting those. I am on dialup also. Very strange indeed.

Glenn

 

[Jay H]

I'd get a firewall but I'm not on the internet that much at home (I can multitask at work when I have things compiling or saving and nobody seems to mind), but I am guilty in not checking for Win2k updates that much. I hate downloading things on dialup, too slow. I would dl alot from work and then burn it to a CD-R and then take it home... But thanks for the advice!

Jay

 

[Kevin P]

To disable the messenger service in Windows 2000:

• Click Start, Settings, Control Panel
• Open Administrative Tools
• Open Services
• Open Messenger Service
• Click Stop button
• Change 'Startup Type' to DISABLE
• Click OK

To disable the messenger service in Windows XP:

• Right-click 'My Computer' icon and select 'Manager'
• Open Services and Applications
• Open Services
• Open 'Messenger' Service
• Click Stop button
• Change 'Startup Type' to DISABLE
• Click OK