|
9 Nov 2002, 14:24
|
#1
|
Rawr rawr
Join Date: Dec 2000
Location: Upside down
Posts: 5,300
|
"message from WEBPOPUP to on 11/9/2002 01:09:48 PM"
Where do these popups come from?
This is the second time (in a few weeks) I have a dialog appearing from this "messenger service" offering me an university diploma.
Where does this thing come from?
I have closed every program that MIGHT have created this thing (in the hope it was the parent and it would take the popup down too) but to no avail. I have searched google, but it doesn't return anything.
The dialog is a windows dialog with as title "messenger service" and claims on the first line of the dialog text to be from "WEBPOPUP"...
It appears in the Win2k task manager as a task "Messenger service" but I cannot find it on the processes tab (tried to kill all processes systematically, but got "access denied" or "critical process" warning on most, and the ones I did kill didn't take the popup down).
Atleast I want to know where this thing comes from. I feel my security is breached =/
[EDIT]
Found some data:
http://www.cnn.com/2002/TECH/interne....ap/index.html
[/EDIT]
__________________
"Yay"
Last edited by Structural Integrity; 9 Nov 2002 at 14:37.
|
|
|
9 Nov 2002, 14:46
|
#2
|
Darling
Join Date: Dec 2000
Location: Edinburgh
Posts: 890
|
block port 135-9 to outside ips. problem over.
|
|
|
9 Nov 2002, 15:40
|
#3
|
Ensign
Join Date: Apr 2000
Location: An intricate fantasy world.
Posts: 166
|
iirc its the service 'Messenger' - just turn it off.
(its not msn before anyone says, check the service list)
|
|
|
9 Nov 2002, 15:44
|
#4
|
Bitch
Join Date: Jun 2002
Location: North Yorkshire
Posts: 3,848
|
Quote:
Originally posted by Coffee
iirc its the service 'Messenger' - just turn it off.
(its not msn before anyone says, check the service list)
|
Can knacker other things if you turn it off though
__________________
ACHTUNG!!!
Das machine is nicht fur gefingerpoken und mittengrabben. Ist easy
schnappen der springenwerk, blowenfusen und corkenpoppen mit
spitzensparken. Ist nicht fur gewerken by das dummkopfen. Das
rubbernecken sightseeren keepen hands in das pockets. Relaxen und vatch
das blinkenlights!!!
|
|
|
9 Nov 2002, 15:47
|
#5
|
Ensign
Join Date: Apr 2000
Location: An intricate fantasy world.
Posts: 166
|
Quote:
Originally posted by Gayle28uk
Can knacker other things if you turn it off though
|
Its windows. You probably wont notice - just another source of random crashing (o:
|
|
|
9 Nov 2002, 18:27
|
#6
|
Join Date: Jan 2002
Posts: 421
|
if your with winxp/9x then open ur msdos prompt and type
'net send ip.ip.ip.ip Message'
change ip.ip.ip.ip with 127.0.0.1 for extra fun
|
|
|
9 Nov 2002, 18:42
|
#7
|
Bitch
Join Date: Jun 2002
Location: North Yorkshire
Posts: 3,848
|
How to totally piss my DNS off in one easy step
__________________
ACHTUNG!!!
Das machine is nicht fur gefingerpoken und mittengrabben. Ist easy
schnappen der springenwerk, blowenfusen und corkenpoppen mit
spitzensparken. Ist nicht fur gewerken by das dummkopfen. Das
rubbernecken sightseeren keepen hands in das pockets. Relaxen und vatch
das blinkenlights!!!
|
|
|
9 Nov 2002, 18:44
|
#8
|
Rawr rawr
Join Date: Dec 2000
Location: Upside down
Posts: 5,300
|
Quote:
Originally posted by Gayle28uk
How to totally piss my DNS off in one easy step
|
oh?
why?
__________________
"Yay"
|
|
|
9 Nov 2002, 18:46
|
#9
|
Bitch
Join Date: Jun 2002
Location: North Yorkshire
Posts: 3,848
|
Merely an assumptionon my part as I have localhost defined in named.conf.
[edit] I re-read this thread today and I have NO IDEA what I was on about yeaterday I was extremely tired and that's my excuse.[/edit]
__________________
ACHTUNG!!!
Das machine is nicht fur gefingerpoken und mittengrabben. Ist easy
schnappen der springenwerk, blowenfusen und corkenpoppen mit
spitzensparken. Ist nicht fur gewerken by das dummkopfen. Das
rubbernecken sightseeren keepen hands in das pockets. Relaxen und vatch
das blinkenlights!!!
Last edited by Gayle29uk; 10 Nov 2002 at 10:36.
|
|
|
9 Nov 2002, 21:44
|
#10
|
Banned
Join Date: May 2001
Location: Too close for comfort
Posts: 246
|
omg this is even more annoying than email spam ffs!
|
|
|
19 Nov 2002, 12:57
|
#11
|
Forever Delayed
Join Date: Sep 2000
Location: www.netgamers.org
Posts: 1,475
|
This sounds like something Kazaa-related actually. I assume you've used some software which is part of one of these "stealth" monitoring networks, which pop up adverts sporadically, based on what you're browsing.
Maybe I've misunderstood, but this is what it sounds like?
M.
__________________
Firefly Oper and General l4m3r - "I Do Stuff"
O2 Rip-off campaign
<vampy> plus i hate people ... i despise humanity as a whole
pablissimo "I'm still geting over the fact you just posted a pic of your own vomit"
|
|
|
19 Nov 2002, 13:09
|
#12
|
Born Sinful
Join Date: Nov 2000
Location: Loughborough, UK
Posts: 4,059
|
It's adware/spyware related, surprise surprise.
The service is there to let admins broadcast messages to clients on thier network (ie. "Get the fk off the system, I'm rebooting the server" or whatever).
However, you can send it to ANYONE with the service enabled.
There is some bit of spyware about which reports your IP back to a location which then sends you the message - I'm not sure where it comes from but I've heard of it before (a couple of weeks ago).
Disabling the messenger service won't screw up anything - so do so.
__________________
Worth dying for. Worth killing for. Worth going to hell for. Amen.
|
|
|
19 Nov 2002, 13:12
|
#13
|
Rawr rawr
Join Date: Dec 2000
Location: Upside down
Posts: 5,300
|
Well, I disabled/blocked my NetBios ever since, and I haven't seen a popup again (tho they DID only appear sporadically).
I also doubt that it was KaZaa. Usually when a popup is created it is a child-process of the creating process. In this case it was a stand-alone application and didn't disappear when any other application was killed/closed (including KaZaa).
[edit]
I use kaZaa lite BTW, like Gayle...
[/edit]
__________________
"Yay"
Last edited by Structural Integrity; 19 Nov 2002 at 14:28.
|
|
|
19 Nov 2002, 14:18
|
#14
|
Bitch
Join Date: Jun 2002
Location: North Yorkshire
Posts: 3,848
|
But kazaa installs various bits of spyware when you run it's install. That's why I use kazaa lite
__________________
ACHTUNG!!!
Das machine is nicht fur gefingerpoken und mittengrabben. Ist easy
schnappen der springenwerk, blowenfusen und corkenpoppen mit
spitzensparken. Ist nicht fur gewerken by das dummkopfen. Das
rubbernecken sightseeren keepen hands in das pockets. Relaxen und vatch
das blinkenlights!!!
|
|
|
19 Nov 2002, 18:53
|
#15
|
Forever Delayed
Join Date: Sep 2000
Location: www.netgamers.org
Posts: 1,475
|
I thought it was common knowledge that KaZZa Lite is actually made by the same people, and still does all the spying stuff; it just doesn't pop up ads anymore.
Then they released it under a false name...
M.
__________________
Firefly Oper and General l4m3r - "I Do Stuff"
O2 Rip-off campaign
<vampy> plus i hate people ... i despise humanity as a whole
pablissimo "I'm still geting over the fact you just posted a pic of your own vomit"
|
|
|
19 Nov 2002, 19:52
|
#16
|
Guest
|
Quote:
Originally posted by Mong
I thought it was common knowledge that KaZZa Lite is actually made by the same people, and still does all the spying stuff; it just doesn't pop up ads anymore.
Then they released it under a false name...
M.
|
who told you this ? kazaa-lite hasnt installed any spy-ware on my box
|
|
|
19 Nov 2002, 20:24
|
#17
|
Bitch
Join Date: Jun 2002
Location: North Yorkshire
Posts: 3,848
|
Nor mine. Certainly not anything that ad-aware can find (or that uses a blocked firewall port).
__________________
ACHTUNG!!!
Das machine is nicht fur gefingerpoken und mittengrabben. Ist easy
schnappen der springenwerk, blowenfusen und corkenpoppen mit
spitzensparken. Ist nicht fur gewerken by das dummkopfen. Das
rubbernecken sightseeren keepen hands in das pockets. Relaxen und vatch
das blinkenlights!!!
|
|
|
20 Nov 2002, 16:34
|
#18
|
/dev/zero Retired Mod
Join Date: May 2000
Posts: 415
|
Its the Windows Messenger service. You send datagram packets to port 137, and boom, you have a pop-up message. Some things use the messenger service, so I wouldnt just disable it.
If you want the format of the message protocol .. I cba to find it.
__________________
#linux : Home of Genius
<idimmu> ok i was chained to a desk with this oriental dude
|
|
|
27 Nov 2002, 17:05
|
#19
|
Banned
Join Date: May 2000
Location: Abducted By Aliens
Posts: 282
|
turn off netbios and it wont hapen again
|
|
|
|
All times are GMT +1. The time now is 20:37.
| |