Re: Messenger Service spam problems again
- From: Malke <notreally@xxxxxxxxxxxxxxx>
- Date: Mon, 24 Sep 2007 04:59:10 -0700
dontsleeponit@xxxxxxxxx wrote:
Hi everyone. Ive been having some issues with the windows firewall,
and had to disable it. I do run sygate pro 5.5. After disabling the
windows firewall I am getting the classic spam through windows
messenger service. I have set up sygate to block ports 135, 137, 138,
139, 445, and 1025 for both TCP and UDP. I have gone to the shields up
site https://www.grc.com/x/ne.dll?bh0bkyd2 , and I pass all of the
port tests. What can be causing the spam from the messenger service
now? Is it a worm that is on my computer, because I dont understand
how this can happen with all of the ports blocked. I do NOT want to
simply disable the messenger service, that would be like closing my
eyes to the real problem.
I have also updated and run both spybot S&D and Ad-Aware, found a few
minor things, but the problem persists.
When you say "spam from the messenger service" do you really mean that you are getting messages from Registry Cleaner that your computer is infected? Because 1) if your messenger service is not disabled this means that you don't have XP Service Pack 2 installed and you should; 2) your computer is infected with some variant of the Smitfraud trojan.
So what version of XP are you using and what Service Pack level? You can disable the messenger service by going to:
Start>Run>services.msc [enter]
Scroll down to the messenger service, stop it, and disable it.
To remove variants of the Smitfraud trojan:
Do the preparatory steps here:
http://www.elephantboycomputers.com/page2.html#Removing_Malware
Then do the specific removal steps here:
http://www.elephantboycomputers.com/page2.html#Smitfraud_Trojan - Smitfraud, Spyaxe, Spyfalcon
You can also check to see if there are targeted removal steps for your malware here:
Bleeping Computer removal how-to's - http://www.bleepingcomputer.com/forums/forum55.html
When all else fails, run HijackThis and post your log in one of the specialty forums listed at the first link above (not here, please).
Not all tools used will work in Vista and you will need to run them elevated. Since Vista is so new, it will be a while before removal techniques and tools are developed. If you are unable to remove the infection by following the general steps, register at one of the HijackThis forums as suggested.
Standard caveat: If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop (not your local version of BigComputerStore/GeekSquad). Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. Have all your data backed up before you take the machine into a shop.
Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
.
- References:
- Messenger Service spam problems again
- From: dontsleeponit
- Messenger Service spam problems again
- Prev by Date: Re: Add Remove Programs List Missing-No Scroll Bar...
- Next by Date: Re: programs not responding - i do mean everything
- Previous by thread: Re: Messenger Service spam problems again
- Next by thread: Re: Messenger Service spam problems again
- Index(es):
Relevant Pages
|
Loading
