Does my STep dad have a virus on his PC
Posted by: garyi on 02 October 2004
I am at my step dads pc, and although he is on dial up opening pages is painfully slow, it took five minutes to load naims.
But what is concerning me is 'messenger service' keeps appearing with invites to 'lindas webcam' and such like.
I suspect he has something dodgey on here, but wouldn't know where to begin with PCs? I am downloading a free spybot finder to see if that helps.
Can anyone offer some assitance.
I am trying to get him to buy an imac so he can enjoy computing instead of asking me to fix it every time I come down!
But what is concerning me is 'messenger service' keeps appearing with invites to 'lindas webcam' and such like.
I suspect he has something dodgey on here, but wouldn't know where to begin with PCs? I am downloading a free spybot finder to see if that helps.
Can anyone offer some assitance.
I am trying to get him to buy an imac so he can enjoy computing instead of asking me to fix it every time I come down!
Posted on: 02 October 2004 by garyi
Thanks Tom.
I download Spybot serach and destroy
This discovered 36 of them which I duely removed, but still this messenger persists, it looks like part of the operating system programming, and comes up even if explorer is not open, surely XP is not that full of holes?
I am also trying to instal norton that came with this machine but it looks like some sort of subscription service so am not sure if it will proceed, although it says the subscription ran out in August it is still doing the live up date right now.
The question is how do I stop this messenger service?
Ironically one just came in from a spybot website telling me how I could remove them, the fact they came in the back door is enough to put me off LOL
I download Spybot serach and destroy
This discovered 36 of them which I duely removed, but still this messenger persists, it looks like part of the operating system programming, and comes up even if explorer is not open, surely XP is not that full of holes?
I am also trying to instal norton that came with this machine but it looks like some sort of subscription service so am not sure if it will proceed, although it says the subscription ran out in August it is still doing the live up date right now.
The question is how do I stop this messenger service?
Ironically one just came in from a spybot website telling me how I could remove them, the fact they came in the back door is enough to put me off LOL
Posted on: 02 October 2004 by matthewr
Gary,
Start Menu > Control Panel > Performance & Maintenance > Administrative Tools > Services
Double click "Messenger", in Start up type select "Disabled".
More seriously, the fact that you are getting such messages may indicate your system is not secure for a number of reasons.
-- You may have some kind of malware so the spybot/adaware and virus process you are doing now is essential.
-- The PC is almost certainly not up to date in terms of patches. There are some much more serious vulnerabilies in Messenger than spam popups. Get it up to date -- a process which will be much easier (depending on how out of date the PC is) if you go down to the local WH Smiths and get a copy of a magazine with a cover disk containing XP Service Pack 2 (PC Pro has it this month I think).
(IIRC Messenger is disabled in XP SP2 by default).
-- Messenger popups assuming they are not coming from some kind of resident malware, come via open comms ports being visible from the internet. This strongly implies there is no firewall or the firewall is not configured correctly.
So, basically, disconnect from the internet. Patch up to date with SP2, sanitise everything with spybot/adwawre or similar, sort out your firewall, sort out your anti-virus software (I prefer McAfee to Norton).
If you (or your step Dad) want to know more about computer security I can strongly recommend Thomas Greene's book. It fully covers the whole subject from a perspective of home and small office users and is written for a non-expert audience.
See here
Matthew
Start Menu > Control Panel > Performance & Maintenance > Administrative Tools > Services
Double click "Messenger", in Start up type select "Disabled".
More seriously, the fact that you are getting such messages may indicate your system is not secure for a number of reasons.
-- You may have some kind of malware so the spybot/adaware and virus process you are doing now is essential.
-- The PC is almost certainly not up to date in terms of patches. There are some much more serious vulnerabilies in Messenger than spam popups. Get it up to date -- a process which will be much easier (depending on how out of date the PC is) if you go down to the local WH Smiths and get a copy of a magazine with a cover disk containing XP Service Pack 2 (PC Pro has it this month I think).
(IIRC Messenger is disabled in XP SP2 by default).
-- Messenger popups assuming they are not coming from some kind of resident malware, come via open comms ports being visible from the internet. This strongly implies there is no firewall or the firewall is not configured correctly.
So, basically, disconnect from the internet. Patch up to date with SP2, sanitise everything with spybot/adwawre or similar, sort out your firewall, sort out your anti-virus software (I prefer McAfee to Norton).
If you (or your step Dad) want to know more about computer security I can strongly recommend Thomas Greene's book. It fully covers the whole subject from a perspective of home and small office users and is written for a non-expert audience.
See here
Matthew
Posted on: 02 October 2004 by Hawk
I had more or less the same problem with my mums pc... after the 3rd time i fixed it with an iMac... Tell him its only a matter of time... lol
Neil
PS Good luck!
Neil
PS Good luck!
Posted on: 02 October 2004 by Tim Jones
It may be a browser hijacker that Spybot won't find. There's a really good little application called "Hijack this" that displays the command lines in your browser startup so you can delete the nasties. Works well:
http://www.hijack-this.net/
Tim
http://www.hijack-this.net/
Tim
Posted on: 02 October 2004 by JonR
quote:
Originally posted by garyi:
But what is concerning me is 'messenger service' keeps appearing with invites to 'lindas webcam' and such like.
Actually I get this every so often as well....and I use an iBook, though like your step dad I am currently on dial-up and I use AOL as my ISP.
Currently I just select 'ignore' and then don't think any more about it ie. I have not considered it might be virus-related.
jon
Posted on: 02 October 2004 by Toksik
Garyi, once you have your wee adaware programs installed onto your step-dad's pc have a look at this site www.grc.com/;it explains everything you Never wanted to know about firewalling your system and will even test all your pc's open/stealthed ports........sounds Very Greek? 
Dennis
Dennis
Posted on: 03 October 2004 by garyi
Thanks Guys.
Thanks Matthew, I have done as you said and the messenger is now off. I updated norton and scanned everything and that showed nothing nasty so thats good.
Seriously though what a palava I am sOOooOo glad I went the apple route all them years ago, I used to have a 512ke.
Thanks Matthew, I have done as you said and the messenger is now off. I updated norton and scanned everything and that showed nothing nasty so thats good.
Seriously though what a palava I am sOOooOo glad I went the apple route all them years ago, I used to have a 512ke.
Posted on: 03 October 2004 by garyi
Jon your problem is AOL, I believe we discussed just how shit that programme is?
Posted on: 03 October 2004 by matthewr
Garyi,
Did you upgrade to SP2? As I said the sequence of events you described rather implies that you might have (or might have had) firewall and update issues as well as the immediate Messenger problem. If these aren't resolved your step dad will likely find himself with similar problems again very shortly.
TOKSIK said "have a look at this site www.grc.com/;it"
Do not look at grc.com as despite it's near ubiquitiy it's full of mistakes and bad advice and he basically just wants you to buy his products. See www.grcsucks.com for more on Steve Gibson and his "Nanoprobes".
If you want to now more about security you really can do a lot worse than spend £17.50 on Thomas Greene's excellent book I linked to above.
A good solid website on security pitched at this level (ie to typical home uses) seems to be missing at the moment. The more technically minded can try http://www.securityfocus.com/ although it's really aimed at security professionals.
Matthew
Did you upgrade to SP2? As I said the sequence of events you described rather implies that you might have (or might have had) firewall and update issues as well as the immediate Messenger problem. If these aren't resolved your step dad will likely find himself with similar problems again very shortly.
TOKSIK said "have a look at this site www.grc.com/;it"
Do not look at grc.com as despite it's near ubiquitiy it's full of mistakes and bad advice and he basically just wants you to buy his products. See www.grcsucks.com for more on Steve Gibson and his "Nanoprobes".
If you want to now more about security you really can do a lot worse than spend £17.50 on Thomas Greene's excellent book I linked to above.
A good solid website on security pitched at this level (ie to typical home uses) seems to be missing at the moment. The more technically minded can try http://www.securityfocus.com/ although it's really aimed at security professionals.
Matthew
Posted on: 03 October 2004 by JonR
quote:
Originally posted by garyi:
Jon your problem is AOL, I believe we discussed just how shit that programme is?
Yes Gary we did.
I'm getting Broadband in a few weeks time so luckily I will be able to ditch AOL at last after 7 loooong years!
jon
Posted on: 03 October 2004 by JonR
Alex,
As it happens I did go with PlusNet, but I'm going on holiday on Tuesday for a couple of weeks so the engineer won't be coming to fix my line until at least the day after I get back.
Still, hopefully it'll all be worth it!
jon
As it happens I did go with PlusNet, but I'm going on holiday on Tuesday for a couple of weeks so the engineer won't be coming to fix my line until at least the day after I get back.
Still, hopefully it'll all be worth it!
jon
Posted on: 03 October 2004 by garyi
Matthew we didn't do the service pack so I will have to do that next time (back home now)
I don't think my step dad like me is particuarly interested in having to learn how to secure his computer, all he wants to do is email and a bit of surfing, what a shame you seem to need a PHD in windows just to protect yourselves.
Matthew you seem like a clever guy, why don't you have a Mac?
I don't think my step dad like me is particuarly interested in having to learn how to secure his computer, all he wants to do is email and a bit of surfing, what a shame you seem to need a PHD in windows just to protect yourselves.
Matthew you seem like a clever guy, why don't you have a Mac?
Posted on: 03 October 2004 by matthewr
Gary
Some basic advice (basically Get the Updates + AV + Firewall), will keep people like your step Dad 99% secure for relatively little effort. Install SP2 will steer you strongly in this direction and, whilst a PITA that ends up taking four times longer than you expected, is relatively striaghtforward.
The point of the book is if you want to know more and it's by no means essential.
"why don't you have a Mac?"
Becuase my two computers both have requirements that effectively rule out Macs -- Windows software development, some games and online poker being the most obvious. I would consider a G4 Powerbook instead of my laptop if I didn't use it for most f my Poker playing and occasionally do work on it.
I think Macs are great and for someone with typical home user requirements (e-mail, surf, photos, mp3s, word processing, spreadsheet) I'd recommend a Mac everytime unless you are on a stricyly limited budget. Indeed I told my Dad to buy one recently (although he ignored me a bought some Vaio thing which has all the problems of a Windows box plus you get to pay a premium for the nice case).
Matthew
PS Incidentally, the Techical Director of the company I work for actually has a 17" G4 Powerbook and I was lusting after it only last week. He loves it but seems to have resigned himself to not getting everyone else to use Entourage (or at least get Outlook to work with his copy).
Some basic advice (basically Get the Updates + AV + Firewall), will keep people like your step Dad 99% secure for relatively little effort. Install SP2 will steer you strongly in this direction and, whilst a PITA that ends up taking four times longer than you expected, is relatively striaghtforward.
The point of the book is if you want to know more and it's by no means essential.
"why don't you have a Mac?"
Becuase my two computers both have requirements that effectively rule out Macs -- Windows software development, some games and online poker being the most obvious. I would consider a G4 Powerbook instead of my laptop if I didn't use it for most f my Poker playing and occasionally do work on it.
I think Macs are great and for someone with typical home user requirements (e-mail, surf, photos, mp3s, word processing, spreadsheet) I'd recommend a Mac everytime unless you are on a stricyly limited budget. Indeed I told my Dad to buy one recently (although he ignored me a bought some Vaio thing which has all the problems of a Windows box plus you get to pay a premium for the nice case).
Matthew
PS Incidentally, the Techical Director of the company I work for actually has a 17" G4 Powerbook and I was lusting after it only last week. He loves it but seems to have resigned himself to not getting everyone else to use Entourage (or at least get Outlook to work with his copy).
Posted on: 03 October 2004 by JonR
quote:
Originally posted by AlexG:
? engineer?
You only need an adsl filter and for BT to do something at the exchange (which PlusNet organise for you).
What is the engineer doing for you?
Apparently PlusNet checked my line and found it needs to be converted somehow to accept Broadband (something which BT has to do which will cost me an extra 50 quid) and I guess it's also something to do with the fact that I've never had Broadband before so it's not a straightforward conversion, plus I have to have a new modem as well and they have to check I've got the appropriate sockets, etc.
That's about as much as I understand of it I'm afraid.
jon
Posted on: 03 October 2004 by Toksik
Mathew,despite the GRC site being sh*te in your opinion, we mortals can have all our service ports checked and at least have the knowledge"in my case" that ALL my ports are STEALTHED........i honestly don't feel the need to rush out and buy anything from this site.
dennis
dennis
Posted on: 03 October 2004 by matthewr
TOKSIK,
Most security professionals beleive Gibson's website contains false, misleading and incomplete infomation and recommend staying well clear of his website.
With regard to "Shields Up"
"have all our service ports checked"
"When clicking the “Test my shields” button, ShieldsUp will inform you about its attempt to “contact the ”’Hidden Internet Server”’ within your PC.
Matter of fact, ShieldsUp will send a NQUERY NetBIOS UDP packet with Broadcast, Query and Request flags set. Upon receiving an answer (or not), ShieldsUp will determine if your Shields are “up”. This is - obviously - not a very accurate method"
"in my case" that ALL my ports are STEALTHED"
"WHAT IS STEALTH?
Well, for starters, Stealth isn’t all that. There is no such thing as “stealth” on the Internet. Ports are either open (they respond accordingly), closed (they do not respond accordingly) or are non-existent (nothing comes back at all). Gibson calls the latter “Stealth”, which is as wrong as could be.
A false sense of security even here. Just for Mr. Gibson’s records: my FTP port is not stealth, it’s just not responding with an ICMP_DESTUNREACH when probed."
See http://www.jluster.org/log/d/textual/misc/2002/10/30/shieldsup_analyzed
If you want your ports scanning for free try www.hackerwhacker.com (there are others).
Matthew
Most security professionals beleive Gibson's website contains false, misleading and incomplete infomation and recommend staying well clear of his website.
With regard to "Shields Up"
"have all our service ports checked"
"When clicking the “Test my shields” button, ShieldsUp will inform you about its attempt to “contact the ”’Hidden Internet Server”’ within your PC.
Matter of fact, ShieldsUp will send a NQUERY NetBIOS UDP packet with Broadcast, Query and Request flags set. Upon receiving an answer (or not), ShieldsUp will determine if your Shields are “up”. This is - obviously - not a very accurate method"
"in my case" that ALL my ports are STEALTHED"
"WHAT IS STEALTH?
Well, for starters, Stealth isn’t all that. There is no such thing as “stealth” on the Internet. Ports are either open (they respond accordingly), closed (they do not respond accordingly) or are non-existent (nothing comes back at all). Gibson calls the latter “Stealth”, which is as wrong as could be.
A false sense of security even here. Just for Mr. Gibson’s records: my FTP port is not stealth, it’s just not responding with an ICMP_DESTUNREACH when probed."
See http://www.jluster.org/log/d/textual/misc/2002/10/30/shieldsup_analyzed
If you want your ports scanning for free try www.hackerwhacker.com (there are others).
Matthew
Posted on: 03 October 2004 by Toksik
Mathew,thanks for the info on this site www.hackerwhacker.com . i have just checked and verified what Gibson Research had reported, that my ports were indeed all "CLOSED".
i use an external router/modem with a Globespan Viking chip and have custom made rules on closing my ports via it's web interface.within the XP Pro o/s i use Sygate's Personal Pro firewal.....you can't be too careful out in there in the big bad WEB!.
dennis
i use an external router/modem with a Globespan Viking chip and have custom made rules on closing my ports via it's web interface.within the XP Pro o/s i use Sygate's Personal Pro firewal.....you can't be too careful out in there in the big bad WEB!.
dennis