Hello,

i start this thread because i assume old threats don't get much attention,
it's not my intention to spam or anything.

i changed my ip a few times and then released it
i disconnected the internet cable
i formatted my drive twice (normal & fast)
installed winxp-home (original cd-rom)
installed msi-mainboard (original cd-rom)
(rebooted when nessecairy)

when i inserted the internet cable to activate winxp:
- immediatly i have a constant up-& downstream
- after a minute or so i get following pop-up messages:

Messenger-Service
Message from MICROSOFT to USER
Critical Error
The Microsoft Windows system contains invalid registry entries and your
computer will crash. Please download the Windows registry application from:
www.fixed-pc.com
To fix your system immediatly

<<a few seconds later>>

Messenger-Service
Message from Microsoft to inform you about a virus detection.
Critical System Error ! The Windows registry appears to be infected.
Please go to the Universal Registry Infection Cleaner at
www.cleanmyharddrive.com to scan and repair the system registry.

<< every now and then i get diverse popups like this>>
i did not install the 35,3Mb NIS, so that's not it
i only installed the original winxp & msi mainboard
no other hd's are connected
i did not load any files except the 2 i mentioned above (winxp & msi)
those 2 are on original cd-roms so they can't be infected

now there's no point updating winxp or msi
installing NIS & updating also makes no difference

At this time my winxp-key is blocked by MS because i have reinstalled so
much, i have to phone them every time to get a new key which contains numbers
only.
The dude on the other side advised me to phone the technical staff instead
of reinstalling all the time... because i live from my invalid-payment i do
not have the money to do so, although i find that such assistance should be
free of charge.
Luckely there a free forums like this.
I hope you guys can help me out with this problem.

thnx in advance
omi

I tried scanning with all known security progs, no infections

These are known as Messenger service SPAM.

Make sure a firewall is turned on. And you need to disable or remove the
Messenger service.

[[If advertisements are opening on your computer in a window titled
Messenger Service, it may indicate that your system is not secure. You
should enable the Internet Connection Firewall and disable the Messenger
Service in Windows XP to help protect your computer from unwanted spam and
other potential threats.

The Messenger Service was originally designed for use by system
administrators to notify Windows users about their networks. However, some
advertisers have started using this service to send information via the
Internet, and these messages could be used maliciously to distribute a
virus.]]
Disabling Messenger Service in Windows XP
http://www.microsoft.com/windowsxp/u.../stopspam.mspx

[[These messages are also known as "messenger spam."]]
[[To resolve this issue, install or turn on a firewall that blocks inbound
NetBIOS and UDP broadcast traffic. ]]
[[To work around this issue, turn off the Messenger service.]]
Messenger Service window that contains an Internet advertisement appears
http://support.microsoft.com/default...b;en-us;330904

Disabling Messenger Service in Windows XP
http://www.microsoft.com/windowsxp/p...e/stopspam.asp

Messenger Service window that contains an Internet advertisement appears
http://support.microsoft.com/default...b;en-us;330904

How to prevent Windows Messenger from running on a Windows XP-based computer
http://support.microsoft.com/?kbid=302089

Disable/Remove Windows Messenger
http://www.dougknox.com/xp/utils/xp_mess_disable.htm

[[This is a Visual Basic Script file which will remove Windows® Messenger
from Windows® XP. It will also adjust your System Registry to prevent a long
delay when opening Outlook Express when Windows Messenger is removed or
disabled.]]
Remove Windows Messenger
http://www.dougknox.com/xp/tips/xp_messenger_remove.htm

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:94F6817B-494A-4C18-9F1B-9B3955720D99@microsoft.com,
omi <omi@discussions.microsoft.com> hunted and pecked:

thnx for those links,

I assume i have to remove/disable messenger before connecting to the internet?
in that case i have to format & reinstall again, MS-key office closes in a
few hours, so i'll do this first thing tomorrow morning.

I downloaded the VBScript to remove messenger but i got following error:
I tried START-RUN
RunDll32 advpack.dll,LaunchINFSection %windir%\inf\msmsgs.inf,BLC.Remove
Maybe this won't occur if i perform those actions after a fresh install
without connecting to the net... i will see tomorrow

i was able to perform the action described at
http://www.microsoft.com/windowsxp/u.../stopspam.mspx
i also was able to change the registry to prevent messenger from running

hopefully i can post a good news thread tomorrow
thumbs up
omi

"Wesley Vogel" wrote:

question, u say:
There's no software that is updated, both NIS as winxp
I have to update first before i can turn on the firewall.
i can turn on an unupdated NIS firewall but i doubt if this will help

omi

"Wesley Vogel" wrote:

Omi

You do not have to update before turning on the Windows XP firewall.. either
go to Control Panel and look for the Windows Firewall icon there, or click
on START - Settings - Network Connections, locate your ISP connection icon,
right click and select Properties, click on the Advanced tab and check the
box to activate the firewall..

The Windows Messaging Service is NOT the same as Windows Messenger, so you
do not have to remove Windows Messenger..

Re. NIS.. any protection is better than none at all.. you should ALWAYS
install whatever security program you have in your possession BEFORE
connecting to the internet.. personally, I think that you would be better
off without NIS.. better to install Zonealarm free firewall, and AVG or
Avast free anti-virus if funds are tight for you..

--
Mike Hall
MVP - Windows Shell/User


"omi" <omi@discussions.microsoft.com> wrote in message
news:EB348B4A-8D89-434D-8E3E-D6074745954A@microsoft.com...

Again it didn't went as it should
leaking mb's again
ZoneAlarm is stopping those MSN popups
and blockes a lot of attempts
tracking down the ip's shows 90% is coming from china

i give up, next time i reinstall i'll be having a NAT router
MS should include one when buying a winxp cd-rom that's what i think
or at least advise customers that their software is full of holes, like
Swiss cheese

thnx to everyone who invested their time and effort to try and help me
cheers
omi


"omi" wrote:

In news:2BCCC2C0-85DD-43E0-B9F0-67C4BECC3A06@microsoft.com,
omi <omi@discussions.microsoft.com> typed:
How would anyone provide a NAT *router* on a CD? That's hardware.

You *have* a firewall. In fact, when you set up Windows XP with SP2
slipstreamed, the firewall is on by default. Do not connect your computer to
the Internet without a firewall....a separate NAT/firewall appliance is a
good thing to have as well, but if you aren't going to get one, do not
connect your computer before enabling your firewall. MS includes one in XP
even without SP2. Or use ZA. Your choice - but it's your job to protect your
computer, and you've been given the built-in tools with which to do so.

Omi

Where did Zonealarm come in?... your original post talked of NIS and the
Windows firewall..

The hits that Zonealarm is recording shows that it is doing it's job.. we
all get hits continually from port scanners around the world.. what you
should do is turn off all alerts other than critical..

Installation of Zonealarm will automatically turn off Windows firewall,
because one does not require two firewalls running..

Windows should include a NAT router?.. why?.. Windows is software.. NAT
routers are hardware..

Have you tried looking in the Zonealarm help files?.. or any help files at
all?..

Coming in here with the attitude that MS should advise that there OS is full
of holes like Swiss cheese will get attitude reflected back at you.. they
are the words of the ill-informed and technically challenged.. many people
run Windows operating systems without problems, and when they get any, they
come here and ask nicely.. none of this 'every body knows that M$ Windoze
is crap' jive..

--
Mike Hall
MVP - Windows Shell/User


"omi" <omi@discussions.microsoft.com> wrote in message
news:2BCCC2C0-85DD-43E0-B9F0-67C4BECC3A06@microsoft.com...

Right on. No one has said about windows being Fort Knox in terms of
security. There always a trade off of ease of use, responsiveness against
security that can easily mitigated with a little external help on security.

Right now connecting to internet without proper protection is like having
your doors open inviting intruders into your home.

Besides, back in those days of designing XP, the internet was quite a bit
more friendly, and has a lot less crooks.

"Mike Hall (MS-MVP)" <mikehalll@mvps.org> wrote in message
news:uilDucaKGHA.360@TK2MSFTNGP12.phx.gbl...

thnx,

i thought the win-firewall was only in SP2
this might solve a lot
about messenger, i'm so spooked right now that i prefer to completely delete
this program from my system at next install, i'll find other ways to chat
with my friends, plenty of options. I just hope that messenger won't be
reinstalled when i install SP2 or something, but for safety i'll make the
adjustments to prevent messenger from running also.

I hear almost nothing but critism about NIS, i guess it became the victim of
it's own popularity eh, a cooperation that big looks like the ultimate target
for hackers, like infiltrating into the fbi's office or something.

Thnx for the ZoneAlarm tip !!
I had it on my 1st pc a few years ago but have forgotten the excistance
It'll be installed at next installation.
I'm testing it now and the Messenger pop-ups are being blocked by it
it's a start

"Mike Hall (MS-MVP)" wrote:

oops, looks like i hit a few sensitive snares
guys, it was not my intention to offend any of you
but you have to understand that i was a bit frustrated after messing with
this problem for 36 days now.

last month i have been reading, learning, asking questions etc like never
before
have i looked into any help files at all ?? off course i have

Quote Mike Hall: Where did Zonealarm come in?...
ZoneAlarm was advised in this topic by Mike Hall, yes that's yourself :P
i just tried as many possible ways to get rid of the problem.
During all the different installations I never connected to the internet
unprotected,
I tried the Win-firewall, NIS, ZoneAlarm, BHODemon, Avast AV, Adaware,
MultiAV, Spybots, they all fail...

Funny thing is, i sometimes get the NIS warning that a Trojan Horse called
BLA is blocked to get acces to my system... when i check out the IP it shows
my own. lol i guess it's just someone messing with me, me trying to get acces
with a trojan horse to my own computer, lol. i've scanned with all known
tools but there's just no Bla or any other infection on my system, and if NIS
can block it it should also be able to find it if it was on my HD, so i
conclude i haven't got it

Off course i know that a NAT-router doesn't fit on a cd-rom... eh
same as Al-Qaida doesn't shoot with blanks, i'm no moron
it was just a figure of speak
i got advised in this forum to get rid of NIS and buy a NAT-router instead

i apologize again if i offended you
but you shouldn't take it personal,
if i remember correctly i've thanked you all for investing the time and effort
the criticism was more meant for mr,BG

peace
omi

"jg" wrote:

Omi

You have to approach these things in a structured manner.. wildly installing
one program over another will end in tears..

So, from the top..

Having clean installed XP, the first thing to do is get protection when
connecting to the internet.. to do this, you go to Start - Settings -
Network Connections.. right click on your ISP connection.. click on the
'Properties'.. now click on the 'Advanced' tab.. now click on the 'Settings'
button.. check the firewall 'ON'..

Now you are ready to connect to the internet..

Time to get anti-virus protection.. either go to

http://free.grisoft.com/doc/2/lng/us/tpl/v5

or

http://www.avast.com/eng/avast_4_home.html

You do NOT require both.. pick one, install it and update it..

Now time for Windows Updates.. I would imagine that you are well versed in
the procedure.. :-)

OK.. the XP firewall does a good job, not a complete job.. third party
firewalls cover both in and outgoing stuff, where as XP firewall covers
inbound only.. so, if you like the idea of covering in and out, you go to
here..

http://www.zonelabs.com/store/conten...eeDownload.jsp

Install it, run it, update it, set it to only alert for critical stuff..

NB.. installing a third party firewall will aitomatically terminate the XP
firewall.. as with anti-virus programs, you do not require two.. your
computer is not a Noah's Ark.. one of a kind is good..

Now to spyware protection.. you will require three programs (an exception to
the rule above):

Adaware SE - http://www.lavasoftusa.com/software/adaware/

SpyBot S&D - http://www.safer-networking.org/

SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html

Download, update, and run them..

All done.. a well protected XP system.. I have four just like it on my home
network.. all of the programs listed, other than XP, can be downloaded for
free..

Time to take a break, a coffee and cigarette if that is your thing, before
installing any other software..

As a follow up, you run the anti-spyware weekly, updating before the run..
AVG and Avast will update themselves daily.. Zonealarm updates when updates
become available..

Do a defrag once weekly, clear out Temporary internet files, run Disk
Cleanup.. Sunday morning is a good time to do these things..get into a
routine, and you will find that re-installing XP over and over becomes a
thing of the past..


--
Mike Hall
MVP - Windows Shell/User


"omi" <omi@discussions.microsoft.com> wrote in message
news:950B82A6-8AB2-44E2-92EC-747CEF5698DB@microsoft.com...

thnx for the detailed info

i've tried your way of set-up a few times last month
When you say:
<< activate the win-firewall... now you are ready to connect to the
internet...

I've tried diverse ways of installation to get rid of that:
after a fresh installation of win-xp:
installed NIS &/or ZoneAlarm before connecting to the net
but again, when i insert the cable i get an up-& downstream immediatly

Right now i've scanned my system with
http://scan.sygatetech.com/probe.html
IP-adres, OS and browser are showing
computer name & running services are blocked
If i do another fresh installation of win-xp i will do as you say and only
activate the win-firewall, connect to the net and do another scan, just
curious what will be shown/blocked.

Next time i'll try and install those 3 anti-spyware progs before connecting
to the net,
but i doubt if it'll make a difference because i've tried so in the past
with installing 2 of them before connecting and another one (AdAwareSE
personal 1.06 / bhodemon 20_2023 / Spybot S&D 1.4)
so next time i can try to install/run SpywareBlaster 3.5.1 also but i doubt...

Again, before connecting:
Activating the win-firewall is not sufficient
Activating NIS and/or ZoneAlarm is not sufficient
Activating NIS and/or ZoneAlarm and/or Anti-Spyware progs is not sufficient
Activating NIS and/or ZoneAlarm and/or Anti-Spyware progs and/or Anti-Virs
is not sufficient

I admit that i've been able to install my system in the past without any probs
following more or less you're way of installing worked fine indeed.
But since i've been affected with this virus things have changed

i use CCleaner 1.26 / RegClean 4.1a MS / Regcleaner 2.6.5 Tweaknow
to keep a more or less fresh system, i indeed clean my system weekly
defragging is something i almost never do, but when i get a descent
installation i will follow your advise and do it more often

omi

"Mike Hall (MS-MVP)" wrote:

In news:E2A5EC97-3889-4EF9-9A6C-C6C3D264ADD9@microsoft.com,
omi <omi@discussions.microsoft.com> typed:
Then your firewall isn't actually on, it sounds like. You need to turn it on
*before* you connect to the Internet even *once* - right after your clean
install, if you want to start over.


What doe you mean by "up & downstream" ?
After a clean install, meaning, you wiped/formatted/installed, there should
be no need to run antispyware right away.

Yes, it is.

Omi

What kind of installation media do you have?.. is it a recovery set supplied
by the manufacturer, a hidden partition whereby you press F12 to recover, or
a genuine XP CD?..

When you re-install, do you take the option to delete the current partition,
or just accept the format?.. strictly speaking, a reformatted HDD should no
longer contain a virus..

If it doesn't include the XP SP2 update, then you need to download SP2 and
save it to a CD, or order an SP2 CD..

To order a CD..

http://www.microsoft.com/windowsxp/d...s/default.mspx

To download SP2..

http://www.microsoft.com/downloads/d...displaylang=en

Assuming that your installation media does NOT contain SP2, appropriate the
SP2 update in one of the ways above..

Directly after installing XP, install SP2.. the Windows firewall will be
activated by default.. then carry on with the rest of the procedure as
outlined in my last response..

There is NO necessity to install ant-spyware programs before connecting to
the internet.. again, refer to the previous reply..

Re. "installed NIS &/or ZoneAlarm before connecting to the net but again,
when i insert the cable i get an up-& downstream immediatly".. two points
here.. you do NOT want to install the NIS firewall and Zonealarm together..
forget NIS.. do NOT install any part of it.. and with broadband, you will
get traffic immediately.. it is like an open tube to your ISP.. when your
computer recognises broadband, it says to the world "I am open for business,
and promptly starts shaking hands with the ISP server and anything else out
there.. this is by design..

Next.. <quote> "i use CCleaner 1.26 / RegClean 4.1a MS / Regcleaner 2.6.5
Tweaknow to keep a more or less fresh system, i indeed clean my system
weekly..." <endquote>.. I don't know about CCleaner, but use of the others
is not recommended.. Regclean 4.1a is a Windows 9x/ME registry cleaner, and
has no value on an XP system.. it only ever took out absolutely safe items
anyway, which is why so many used it without problems.. a throrough clean of
the registry it NEVER did.. this applies to all of the others too..

I do have a registry cleaner, but I do not use it regularly.. available
here..

http://www.majorgeeks.com/download460.html

Use this one carefully, and dump all of the others that you have..



--
Mike Hall
MVP - Windows Shell/User


"omi" <omi@discussions.microsoft.com> wrote in message
news:E2A5EC97-3889-4EF9-9A6C-C6C3D264ADD9@microsoft.com...

Hello Mike,

<<< What kind of installation media do you have?..
a genuine XP CD i guess, if that means an original shiny cd-rom version 2002
which i bought in the store together with my system
i'll write down some serials that are on the disk:
0801 Art.nr. X08-36814 NL (number on disk itself)
0600 Art.nr. X05-92898 NL (red number on cover, right bottom front)

NUMBERS ON THE CIRTIFICATE: (keeping the product key to myself :P)
00043-441-168-945
Windows XP Home Edition OEM Product
X08-54518

The MSI-cdrom to install the mainboard is also genuine,
there are not many numbers on it except at the right bottom of the back cover:
3201ML0002102

<<< When you re-install, do you take the option to delete the current
partition,
or just accept the format?..
1st i reboot with win-xp inserted
2nd i delete the one and only partition
3rd i format the disk (normal)
4th i reboot with win-xp inserted
5th i format the disk again (fast)
6th i install win-xp
(i've also tried installing after only 1 format, or without deleting the
partition...
i guess i've tried installing all different ways i can think of)

<<< If it doesn't include the XP SP2 update, then you need to download SP2
and
save it to a CD, or order an SP2 CD..
SP2 is not included... but i've tried downloading the updates in advance in
order to burn them on a disc. Most security patches and SP2 installation
worked fine, except:
com_microsoft.886906_NET10_SP3_nld_5556
com_microsoft.888316_ehome_guide_fix
com_microsoft.KB867461_DOT_NET_EN_1_0_SP3
com_microsoft.KB867461_DOT_NET_Tier3
com_microsoft.KB873369_XP_SP3_eHome_INTL
(reason was if i remeber correctly that the program to preform the
upgradepatch was missing, i was able to update thos afterwards from the net)
(i've tried both updating offline and updating online)
(i've also tried installing only SP2)
You can take a look at this forum
DATE: 2/1/2006
SUBJECT: Downloading updates in advance
&
Date: 1/31/2006
SUBJECT: Possible virus in System Volume Information

<<< Directly after installing XP, install SP2.. the Windows firewall will be
activated by default.. then carry on with the rest of the procedure as
outlined in my last response..
Indeed, that's another way off installing i've tried

i'm getting rid of NIS asap, hearing nothing but bad about it

<<< with broadband, you will get traffic immediately.. it is like an open
tube to your ISP.. when your computer recognises broadband, it says to the
world "I am open for business,
and promptly starts shaking hands with the ISP server and anything else out
there.. this is by design..
ouch i guess my computer shakes hands with a lot of chinese people regarding
to wat ZoneAlarm is telling me, at least ZoneAlarm is stopping all those
Messenger pop-ups and them massive attempts from Generetic Host Process for
Win32 Server to connect to a DNS-server (or something). As NIS only gives
confirmation pop-ups about that "automatic rules created" (very much of them
pop-ups) ZoneAlarm blockes that process, the win-firewall if installed as
only firewall doesn't take actions to prevent that.
As soon as i have some money i will buy myself a NAT-router as adviced in
this forum so i can hopefully shake hands with people i invite only

Thnx for that rigistry cleaner, i got rid of those you told me to dump and
downloaded and installed the one you advised.
CCleaner is a tool to delete the history of Internet Explorer, Windows
Explorer, System memory... it's a pretty advanced tool and makes me able to
keep my system fresh and clean, you can also delete caches, log files etc.
Seems funny for me as rookie to advise this tool to a pro :P
but it does its job

omi

"Mike Hall (MS-MVP)" wrote:

Hey Lanwech,

<<< Then your firewall isn't actually on, it sounds like. You need to turn
it on
*before* you connect to the Internet even *once* - right after your clean
install, if you want to start over.
I'm 100% sure the firewall was on, no exceptions allowed !!

<<< What doe you mean by "up & downstream" ?
i mean i receive bytes and send bytes without me generating traffic
i'm 100% this is abnormal as i never had this in the past not even with 50
progs or so installed, it started the moment i got infected untill now

omi

"Lanwench [MVP - Exchange]" wrote: