Whenever my machine is on I get barraged with pop up
ads. I'm pretty sure that something is running in the
background as there are many things running in task
manager. I am afraid to delete anything without knowing
for sure what to delete.
Thanks.

Ira wrote:

> Whenever my machine is on I get barraged with pop up
> ads. I'm pretty sure that something is running in the
> background as there are many things running in task
> manager. I am afraid to delete anything without knowing
> for sure what to delete.
> Thanks.

You should really have a virus scanner and a firewall program, but in
the meantime here are a few programs and ideas to clean out the malware
that's probably causing the problem.

AdAware 6
http://www.lavasoftusa.com/support/download/

SpyBot
http://spybot.eon.net.au/index.php?lang=en&page=download

You should also turn off the messaging service too.
Control Panel -> Administrative tools -> services -> Messenger
Set Startup Type: Disabled

Cheers

--
Eric Warnke Personal and Business Solution
Support, Repairs, Upgrades, and Tutoring
(518) 928-0374

Turn on Internet Connection Firewall. Directions are in Help and Support.

Mike Mulligan

"Ira" > wrote in message
...
> Whenever my machine is on I get barraged with pop up
> ads. I'm pretty sure that something is running in the
> background as there are many things running in task
> manager. I am afraid to delete anything without knowing
> for sure what to delete.
> Thanks.

Eric you are the Man thanks, Geoff
>-----Original Message-----
>Ira wrote:
>
>> Whenever my machine is on I get barraged with pop up
>> ads. I'm pretty sure that something is running in the
>> background as there are many things running in task
>> manager. I am afraid to delete anything without
knowing
>> for sure what to delete.
>> Thanks.
>
>You should really have a virus scanner and a firewall
program, but in
>the meantime here are a few programs and ideas to clean
out the malware
>that's probably causing the problem.
>
>AdAware 6
>http://www.lavasoftusa.com/support/download/
>
>SpyBot
>http://spybot.eon.net.au/index.php?lang=en&page=download
>
>You should also turn off the messaging service too.
>Control Panel -> Administrative tools -> services ->
Messenger
>Set Startup Type: Disabled
>
>Cheers
>
>--
>Eric Warnke Personal and Business Solution
>Support, Repairs, Upgrades, and Tutoring
>(518) 928-0374
>
>.
>

On Wed, 6 Aug 2003 07:03:49 -0700, "Ira" > wrote:

>Whenever my machine is on I get barraged with pop up
>ads.

Installing only a firewall to stop pop-up messages is a "putting all
your eggs in one basket" approach to computer security.

If the user is a home user there is a huge likelihood that not only do
they not use the messenger service, but don't even know it exists.
Complete security advice would have them install a firewall *and*
disable the messenger service. Better yet, add a SOHO router which
will block this traffic as well. To be truly as secure as reasonably
possible, a mutli-layered defense is required.

Turning off the messenger service provide the user with 2 benefits.
First, it will provide a more secure system in that the user will not
be susceptible to any vulnerabilities that may exist in the messenger
service today or that may be found in the future. A great example is
sendmail. It is (or at least was) installed and running on Linux
systems as a daemon by default and had been regarded as very secure.
Recently they found a serious vulnerability that had been there
for over 15 years. Who knows how long the hackers knew about it? How
many people left themselves vulnerable by leaving that service on and
didn't need it?. Relying on one and only one line of defense (a
software firewall) is foolish. You should harden your system as well
as install a firewall. Doing one does not mean that you shouldn't do
the other.

Second, it will return some system resources that were being used by a
service that was useless to the user.

In the case that the user is a corporate user and the messenger
service is being used, then it should not be disabled. However, if
you advise him to install a firewall on his own you could be advising
them to do something that could cause their termination. Many
businesses deal very harshly with this type of behavior. If the user
is a corporate user, they should alert their System Admin of these
pop-ups getting through so they can block the traffic at their border
routers/firewalls and solicit their advice as to what they can do, if
anything, as a corporate user to avoid receiving the pop-ups.


---------------------------------------
What could possibly go wrong?

"What could possibly go wrong?"

Well, for one thing, you may not receive virus alerts, or any other alerts
for which your application software uses the messenger service.

To stop messenger spam, the correct procedure is to leave the messenger
service running and either enable Internet Connection Firewall or, for more
features, install a third party firewall.

Mike Mulligan


"Kevin Davis³" > wrote in message
...
> On Wed, 6 Aug 2003 07:03:49 -0700, "Ira" > wrote:
>
> >Whenever my machine is on I get barraged with pop up
> >ads.
>
> Installing only a firewall to stop pop-up messages is a "putting all
> your eggs in one basket" approach to computer security.
>
> If the user is a home user there is a huge likelihood that not only do
> they not use the messenger service, but don't even know it exists.
> Complete security advice would have them install a firewall *and*
> disable the messenger service. Better yet, add a SOHO router which
> will block this traffic as well. To be truly as secure as reasonably
> possible, a mutli-layered defense is required.
>
> Turning off the messenger service provide the user with 2 benefits.
> First, it will provide a more secure system in that the user will not
> be susceptible to any vulnerabilities that may exist in the messenger
> service today or that may be found in the future. A great example is
> sendmail. It is (or at least was) installed and running on Linux
> systems as a daemon by default and had been regarded as very secure.
> Recently they found a serious vulnerability that had been there
> for over 15 years. Who knows how long the hackers knew about it? How
> many people left themselves vulnerable by leaving that service on and
> didn't need it?. Relying on one and only one line of defense (a
> software firewall) is foolish. You should harden your system as well
> as install a firewall. Doing one does not mean that you shouldn't do
> the other.
>
> Second, it will return some system resources that were being used by a
> service that was useless to the user.
>
> In the case that the user is a corporate user and the messenger
> service is being used, then it should not be disabled. However, if
> you advise him to install a firewall on his own you could be advising
> them to do something that could cause their termination. Many
> businesses deal very harshly with this type of behavior. If the user
> is a corporate user, they should alert their System Admin of these
> pop-ups getting through so they can block the traffic at their border
> routers/firewalls and solicit their advice as to what they can do, if
> anything, as a corporate user to avoid receiving the pop-ups.
>
>
> ---------------------------------------
> What could possibly go wrong?

Mike Mulligan wrote:

> "What could possibly go wrong?"
>
> Well, for one thing, you may not receive virus alerts, or any other alerts
> for which your application software uses the messenger service.

Name 1 peice of legitimate software that uses the messanger
service to report anything to the user ( outside of a coperate
environment ).

Eric Warnke > wrote:
> Name 1 peice of legitimate software that uses the messanger
> service to report anything to the user ( outside of a coperate
> environment ).

Norton Antivirus.

--
Shenan Stanley
"Just trying to help"

....and the printer information window of my HP printer...

Mike Mulligan

"Shenan T. Stanley" > wrote in message
...
> Eric Warnke > wrote:
> > Name 1 peice of legitimate software that uses the messanger
> > service to report anything to the user ( outside of a coperate
> > environment ).
>
> Norton Antivirus.
>
> --
> Shenan Stanley
> "Just trying to help"
>
>

On Thu, 7 Aug 2003 09:53:16 -0400, "Mike Mulligan"
> wrote:

>"What could possibly go wrong?"
>
>Well, for one thing, you may not receive virus alerts, or any other alerts
>for which your application software uses the messenger service.

OK, then what would the other things be?

Which virus applications do this? How do they function in standalone
Windows 9x/Me systems?

In my case, it doesn't matter because I don't run AV background
services, period.

But assuming you are correct, you could modify my comment with that
warning. Just because some AV possibly use this is not a mandate
never ever to turn it off on any system.

>
>To stop messenger spam, the correct procedure is to leave the messenger
>service running

That may be the correct procedure in some case, but certainly not all.
To assert that it is would be adopting a "putting all your eggs in one
basket" approach to security.



---------------------------------------
What could possibly go wrong?

On Thu, 7 Aug 2003 16:51:37 -0400, "Mike Mulligan"
> wrote:

>...and the printer information window of my HP printer...
>
>Mike Mulligan

When does this appear?



---------------------------------------
What could possibly go wrong?

"Kevin Davis³" > wrote in message
...
> On Thu, 7 Aug 2003 09:53:16 -0400, "Mike Mulligan"
> > wrote:
>
> >"What could possibly go wrong?"
> >
> >Well, for one thing, you may not receive virus alerts, or any other
alerts
> >for which your application software uses the messenger service.
>
> OK, then what would the other things be?
> Which virus applications do this? How do they function in standalone
> Windows 9x/Me systems?

Legitimate uses for the messenger service are irrelevant to the problem
being reported. What is relevant is that unsolicited data is entering the
computer and the messenger service is the indicator - not the cause.

> In my case, it doesn't matter because I don't run AV background
> services, period.

That's your choice.

> But assuming you are correct, you could modify my comment with that
> warning. Just because some AV possibly use this is not a mandate
> never ever to turn it off on any system.

What part don't you understand Kevin?

The problem that people are reporting is evidence that unsolicited data is
entering their computers. The solution is to stop that data entering their
computers using XP's inbuilt firewall or a third party firewall.

*Just* turning off the messenger service and not blocking the unsolicited
connections is masking the problem and not fixing it.


>
> >
> >To stop messenger spam, the correct procedure is to leave the messenger
> >service running

***And turn on or use a firewall***

>
> That may be the correct procedure in some case, but certainly not all.
> To assert that it is would be adopting a "putting all your eggs in one
> basket" approach to security.

If the firewall is not accepting unsolicited connections (or broadcast
packets), it doesn't matter what services are running.

You are correct in asserting that un-needed services should be stopped or
disabled for enhanced security. In the case of the problem being reported,
the solution is to 'shut the gate' *first*, *then* stop un-needed services.

ahl

On Fri, 8 Aug 2003 11:34:42 +1000, "ahl"
> wrote:


>Legitimate uses for the messenger service are irrelevant to the problem
>being reported. What is relevant is that unsolicited data is entering the
>computer and the messenger service is the indicator - not the cause.
>

My reponse was in the context of what legitimate uses there is for the
Messenger service for the typical home user. This was the question
posed to the person I was repsonding to so by default is relevant.

However, it is a valid discussion. I have absolutely no quarrel with
the suggestion that one should first install a firewall. However, I
do think that the user should educate oneself about their computer and
computer security. This means that after installing the firewall, one
should find out what this service does and if they need it. If they
don't then certainly turn it off.

>> In my case, it doesn't matter because I don't run AV background
>> services, period.
>
>That's your choice.
>

It's my choice to turn off the Messenger service too. In my case,
both choices were well and intelligently thought out. That certainly
does not mean it is the right choice for everyone (like some feel
theirs is).

>> But assuming you are correct, you could modify my comment with that
>> warning. Just because some AV possibly use this is not a mandate
>> never ever to turn it off on any system.
>
>What part don't you understand Kevin?

None, What part don't you understand?

>
>The problem that people are reporting is evidence that unsolicited data is
>entering their computers. The solution is to stop that data entering their
>computers using XP's inbuilt firewall or a third party firewall.
>
>*Just* turning off the messenger service and not blocking the unsolicited
>connections is masking the problem and not fixing it.

You never read any of my posts do you? I NEVER, EVER suggested and
NEVER will suggest to *just* turn off the messenger service.

>If the firewall is not accepting unsolicited connections (or broadcast
>packets), it doesn't matter what services are running.

Really? So you think all firewalls are impervious, eh? News Flash.
None are.

>
>You are correct in asserting that un-needed services should be stopped or
>disabled for enhanced security. In the case of the problem being reported,
>the solution is to 'shut the gate' *first*, *then* stop un-needed services.
>

If you read my posts, that's EXACTLY what I am suggesting. I'm glad
we agree.



---------------------------------------
What could possibly go wrong?

"Kevin Davis³" > wrote in message
...
> On Fri, 8 Aug 2003 11:34:42 +1000, "ahl"
> > wrote:

> However, it is a valid discussion. I have absolutely no quarrel with
> the suggestion that one should first install a firewall. However, I
> do think that the user should educate oneself about their computer and
> computer security. This means that after installing the firewall, one
> should find out what this service does and if they need it. If they
> don't then certainly turn it off.

In total agreement.

> >> In my case, it doesn't matter because I don't run AV background
> >> services, period.
> >
> >That's your choice.
> >
> It's my choice to turn off the Messenger service too. In my case,
> both choices were well and intelligently thought out. That certainly
> does not mean it is the right choice for everyone (like some feel
> theirs is).

It was the percieved manner in which you made that statement that I took
umbrage to.

The "period" comment leads to the assumption that you claim with authority,
that background virus scanning is useless. In a securely managed environment
I'll agree that it generally is needless. However, I think it's safe to
assume the original poster(s) and majority of users do not have such an
environment.

> >The problem that people are reporting is evidence that unsolicited data
is
> >entering their computers. The solution is to stop that data entering
their
> >computers using XP's inbuilt firewall or a third party firewall.
> >
> >*Just* turning off the messenger service and not blocking the unsolicited
> >connections is masking the problem and not fixing it.
>
> You never read any of my posts do you? I NEVER, EVER suggested and
> NEVER will suggest to *just* turn off the messenger service.

Probably not all of them. The signal to noise ratio on this subject is
rather high.....

> >If the firewall is not accepting unsolicited connections (or broadcast
> >packets), it doesn't matter what services are running.
>
> Really? So you think all firewalls are impervious, eh? News Flash.
> None are.

You can "news flash" all you like!

If the firewall is *not accepting* unsolicited connections (or broadcast
packets), it doesn't matter what services are running. Note the emphasis on
"not accepting".

> >You are correct in asserting that un-needed services should be stopped or
> >disabled for enhanced security. In the case of the problem being
reported,
> >the solution is to 'shut the gate' *first*, *then* stop un-needed
services.
> >
>
> If you read my posts, that's EXACTLY what I am suggesting. I'm glad
> we agree.

It appears we *do* on most issues. :)

Regards,
ahl

On Sat, 9 Aug 2003 14:31:52 +1000, "ahl"
> wrote:

>
>It was the percieved manner in which you made that statement that I took
>umbrage to.
>
>The "period" comment leads to the assumption that you claim with authority,
>that background virus scanning is useless. In a securely managed environment
>I'll agree that it generally is needless. However, I think it's safe to
>assume the original poster(s) and majority of users do not have such an
>environment.

Here is exactly what I said:

"In my case, it doesn't matter because I don't run AV background
services, period"

I don't know how much more clear I can make it. I specifically stated
"In my case". This obivously means that it doesn't fit for everyone
or else I would say "In most cases", or "In all cases".

Now, getting past that, I would not really disagree that much with
what you are suggesting. Most people don't know enough about security
to turn this stuff off and remain reasonably secure. That is a valid
point.

However, what still is a valid point is that one should learn what the
messenger service does, and determine if one needs it and if not, turn
it off.


>> >If the firewall is not accepting unsolicited connections (or broadcast
>> >packets), it doesn't matter what services are running.
>>
>> Really? So you think all firewalls are impervious, eh? News Flash.
>> None are.
>
>You can "news flash" all you like!

And I will.

>
>If the firewall is *not accepting* unsolicited connections (or broadcast
>packets), it doesn't matter what services are running. Note the emphasis on
>"not accepting".

Sorry but firewalls can be compromised from the outside. Once that's
done, your system is generally as vulnerable as if the firewall wasn't
there. Gee wouldn't it be nice in this case if you had implemented
secondary defenses? You should have more than one line of defense. I
recommend at least 3. First install a hardware SOHO router/"firewall"
which provides some defense from outside attacks. Nowadays they are
pretty cheap (some are less than 50 bucks). Second, install a
personal software firewall on each system attached to the router.
Third, harden each system like turning off services you know you don't
need, apply patches, disable NetBIOS over TCP\IP, unbind NetBEUI/file
sharing from TCP\IP, etc.

Now, don't get me wrong. I don't think it's particularly easy to
compromise firewalls. Hackers who want to get through will always try
to go around it instead of hitting it head-on if possible. However
that does not mean that one should put such utmost confidence in one
piece of software that it would be "unbreakable". There has been some
vulnerabilities discovered in the various personal firewall products.
The other two things I suggest are not that costly or time consuming
to pass off as an unreasonable suggestion.



---------------------------------------
What could possibly go wrong?

"Kevin Davis³" > wrote in message
...
> On Sat, 9 Aug 2003 14:31:52 +1000, "ahl"
> > wrote:

> You should have more than one line of defense. I
> recommend at least 3. First install a hardware SOHO router/"firewall"
> which provides some defense from outside attacks. Nowadays they are
> pretty cheap (some are less than 50 bucks). Second, install a
> personal software firewall on each system attached to the router.
> Third, harden each system like turning off services you know you don't
> need, apply patches, disable NetBIOS over TCP\IP, unbind NetBEUI/file
> sharing from TCP\IP, etc.

IMHO *this* is the correct and informative answer to the pop-message
posts!!

Looks like there's nothing left to argue about. :o)

Regards,
ahl

On Sun, 10 Aug 2003 14:35:33 +1000, "ahl"
> wrote:

>
>"Kevin Davis³" > wrote in message
...
>> On Sat, 9 Aug 2003 14:31:52 +1000, "ahl"
>> > wrote:
>
>> You should have more than one line of defense. I
>> recommend at least 3. First install a hardware SOHO router/"firewall"
>> which provides some defense from outside attacks. Nowadays they are
>> pretty cheap (some are less than 50 bucks). Second, install a
>> personal software firewall on each system attached to the router.
>> Third, harden each system like turning off services you know you don't
>> need, apply patches, disable NetBIOS over TCP\IP, unbind NetBEUI/file
>> sharing from TCP\IP, etc.
>
>IMHO *this* is the correct and informative answer to the pop-message
>posts!!
>
>Looks like there's nothing left to argue about. :o)


Good deal. IMO, if one is to pass on security information it should be
as comprehensive as reasonably possible.



---------------------------------------
What could possibly go wrong?