Re: A annoying Pop-up message windows

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Bruce Chambers (bruce_a_chambers_at_h0tmail.com)
Date: 08/05/04 

Date: Wed, 4 Aug 2004 18:42:17 -0600

Greetings --

    It's a scam, plain and simple. It's from a very unscrupulous
"business." They're trying to sell you patches that Microsoft
provides free-of-charge, and using a very intrusive means of
advertising. It's also demonstrating that your PC is very unsecure.

    This type of spam has become quite common over the past year or
so, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you most definitely open to other threats, such as the Blaster,
Welchia, and Sasser Worms that still haunt the Internet. Install and
use a decent, properly configured firewall. (Merely disabling the
messenger service, as some people recommend, only hides the symptom,
and does little or nothing to truly secure your machine.) And
ignoring or just "putting up with" the security gap represented by
these messages is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

  Whichever firewall you decide upon, be sure to ensure UDP ports 135,
137, and 138 and TCP ports 135, 139, and 445 are _all_ blocked. You
may also disable Inbound NetBIOS over TCP/IP). You'll have
to follow the instructions from firewall's manufacturer for the
specific steps.

    You can test your firewall at:

Symantec Security Check
http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT

Security Scan - Sygate Online Services
http://www.sygatetech.com/

    Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?

Bruce Chambers 

-- 
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
"Zhongnan" <zhongnan_h@yahoo.com> wrote in message
news:ba7d01c479cc$af3e1ff0$a601280a@phx.gbl...
> Hi,
>
> Recently I installed a version of Norton AntiVirus. After
> that(I don't know if Norton is the reason), a annoying
> Pop-up message windows poped up almost every three hours.
> It asks me to go to www.patchwindows.org to buy a $19
> patch. The file excecute this messange is CSRSS.exe in
> System32 file. Is it some trap? How should I do? I dare
> not to delect the CSRSS.exe. Thanks for help in advance.
> The following is the message:
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Message from MICROSOFT NETWORKS to WINDOWS USER on 2004-8-
> 3 18:43:22
>
> Microsoft Security Bulletin MS-03-043
>
> Buffer Overrun in Messenger Servuce Could Allow Code
> Excecution (828035)
>
> Affected Software:
>
> Microsoft Windows NT Workstation
> Microsoft Windows NT Server 4.0
> Microsoft Windows 2000
> Microsoft Windows XP
> Microsoft Windows Win98
>
> Not affected Software:
> Microsoft Windows Millenium Edition
>
> Your system is affected, download the patch from the
> address below !
> FIRST TYPE THE ADDRESS BELOW INTO YOUR INTERNET BROWSER,
> THEN CLICK 'OK'. THE ADDRESS WLL DISAPEAR ONCE YOU
> HIT 'OK'
>
>                www.patchwindows.org
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>

Relevant Pages

  • Re: !!Windows Is Infected!!
    ... trying to sell you patches that Microsoft provides free-of-charge. ... Messenger Service of Windows ... belive its a fake microsoft site the patch links on the ... Microsoft Windows NT Workstation ...
    (microsoft.public.windowsxp.general)
  • [NT] Microsoft ASN.1 Library Vulnerability Could Allow Code Execution (MS04-007)
    ... Get your security news from a reliable source. ... A security vulnerability exists in the Microsoft ASN.1 Library that could ... * Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ...
    (Securiteam)
  • Re: contacting Microsot
    ... sell you patches and information that Microsoft already provides, ... the security gap represented by these messages is particularly ... Messenger Service of Windows ... > some website for updates or patches. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Popups
    ... Microsoft sent, you've been installing viruses. ... rely upon this PC for your business needs, ... something about computer security. ... Messenger Service Window That Contains an Internet Advertisement ...
    (microsoft.public.windowsxp.security_admin)
  • Re: How do I get rid of these porn pop ups?!!!
    ... recently swept cross the Internet. ... "putting up with" the security gap represented by these messages is ... Messenger Service Window That Contains an Internet Advertisement ... > Since the "Microsoft Support" will not accept my Windows ...
    (microsoft.public.security.virus)