Help - Search - Members - Calendar
Full Version: mal-messenger in w2k
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
Gerd
Apr 27 2006, 12:29 PM
in w2k i get several popups such as alert to system or security to user or virus alert, which ask to go to one of the following websites: www.registryfixpro.com , ...windowsxpcleaner (which cleans this popups if you buy it (not the free version!!)) .., ... sys32.com, ... systemfix.com (pctools software) and e-rgistry-clean. com .:evil: :evil:
the whole thing is connected to internal system task csrss, which cannot be stopped or deleted with windows means.../:oops:
None of the other anti-adwaremalware programs does recognize the problem ??, How can i get rid of it, its simply annoying ...:?
do you guys and girls wanna make work of it ?? how do i get the iniziating task or registry ?? wacko.gif
Corrine
Apr 28 2006, 02:30 AM
Hi, Gerd. If the popups you get look like any of the images here: http://siri.urz.free.fr/Fix/ScreenShot.php then please follow the instructions in this topic: http://www.lavasoftsupport.com/index.php?s...p=384&#entry384

Otherwise, please post a full system scan logfile and someone will advise you.
Gerd
May 7 2006, 11:25 AM
QUOTE(Corrine @ Apr 28 2006, 02:30 AM) *
Hi, Gerd. If the popups you get look like any of the images here: http://siri.urz.free.fr/Fix/ScreenShot.php then please follow the instructions in this topic: http://www.lavasoftsupport.com/index.php?s...p=384&#entry384

Otherwise, please post a full system scan logfile and someone will advise you.

Besides that theres alittle mess and trouble getting into the forum and finding the issue, just like now when i klick on reply, i get your answer to my problem...
but anyway, no it doesnt look like the one you posted(looks similiiar), I made a lot of screenshots of the messages and all the scanresults (zipfile 2,5M) where can i send them or post them (each of them ca 1,5M unzipped) ??
...
and hereĀ“s a a priori solution:
http://forum.emsisoft.com/Default.aspx?g=posts&t=617
LS SteveJ (former LS employee)
May 10 2006, 08:48 PM
Gerd. If you are receiving pop-ups through the messenger service, this means that either you have no firewall, or your firewall is badly configured... you should install a firewall / re-configure your existing firewall to block incoming connections. If you have your firewall open completely, then you are exposing your computer to a wealth of remote attacks.

The messenger pop-ups you mention are actually very common... and they will rotate through about 15 different ones in a 24 hour period... usuall syscleaner, regfixer, regclean32 and other such names.... the message themselves are not dangerous, but they can be deceptive, tricking a user into installing the software..... however, turning off the messenger service / blocking incoming connections will stop them..

//Steve
winchester73
May 10 2006, 08:55 PM
You might try Gibson's Shoot The Messenger: http://grc.com/stm/shootthemessenger.htm
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.