[windows2000] Re: Virus/Worm via Messenger Service?
- From: "Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx>
- To: "'windows2000@xxxxxxxxxxxxx'" <windows2000@xxxxxxxxxxxxx>
- Date: Fri, 4 Oct 2002 14:47:44 -0400
As to the purpose of the messenger service...
It is designed to receive messages from anyone who sends it too you. I've
been looking on the web for what permissions you need to send messages to a
computer, and can't find it anywhere.
But, on any local network of Win NT or 2K machines, try one of the following
(with the messenger service on, of course):
NET SEND username "Look at my advertisement"
NET SEND computername "Look at my advertisement"
NET SEND ip address "Look at my advertisement"
It is probably someone that is running a script that does "NET SEND <ip
address> message" for a whole range of IP addresses.
Send me your IP off list and I will try it from here and see if it works, if
you'd like... I've sent by IP before, but always to computers who trust
me...
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
-----Original Message-----
From: Rayneman [mailto:reignofdeath@xxxxxxxxxxxxx]
Sent: Friday, October 04, 2002 1:03 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Virus/Worm via Messenger Service?
I am 99% sure that it was the Window Messenger Service as it stated this in
the header of the IM window. I was just not sure EXACTLY what it said and
didn't want to get flamed for calling it by a name that it wasn't. I
disabled the service EXACTLY as you described and your instructions were
accurate to the letter.
Once again thank you for the accuracy and promptness of your reply...
Additionally, the Description of the service says "sends/receives messages
transmitted by administrators or by the Alerter service." As stated
prior, these messages were spam suggesting I look at their pictures of naked
women and how to make a fortune sitting on my ass. Is there something in
relation to administrator rights/privileges that I may have misconfigured
that allowed administrative rights to spammers that allowed them to use this
service? Again, I am concerned as to what rights this service has inside
the w2kserver OS.
As for the adware program....I have it, use it and think that it is a fine
service as long as you read carefully what you are going to remove before
doing so.
Thank you all.
Ray S.
raynserv@xxxxxxxxx
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Sullivan, Glenn
Sent: Friday, October 04, 2002 12:57 PM
To: 'windows2000@xxxxxxxxxxxxx'
Subject: [windows2000] Re: Virus/Worm via Messenger Service?
This is all contingent upon the fact that these are actual "Windows
Messenger" messages.
If they still show up after you follow these steps, then we're barking up
the wrong tree. Let us know, and maybe we can help determine the nasty-app
in question.
Assuming we read your messages correctly, that is... ;-)
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
-----Original Message-----
From: Rayneman [mailto:reignofdeath@xxxxxxxxxxxxx]
Sent: Friday, October 04, 2002 12:50 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Virus/Worm via Messenger Service?
I sincerely appreciate your detailed response...
Previous comments withdrawn...
Ray S.
raynserv@xxxxxxxxx
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Sullivan, Glenn
Sent: Friday, October 04, 2002 12:53 PM
To: 'windows2000@xxxxxxxxxxxxx'
Subject: [windows2000] Re: Virus/Worm via Messenger Service?
I did not see the "What to do and where to do it" part.
Here you go: Right click on My Computer->Manage. Open "Services and
applications". Click on Services.
In the right hand pane, find "Messenger". Double click on it. In the
window that opens, click the "Stop" button. Change the "Startup type" to
"Disabled." Click OK.
Detailed enough for you?
You can catch many more flies with Honey than you can with vinegar, but I am
in a vinegar sort of mood.
Regards,
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
-----Original Message-----
From: Rayneman [mailto:reignofdeath@xxxxxxxxxxxxx]
Sent: Friday, October 04, 2002 12:42 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Virus/Worm via Messenger Service?
Maybe you should read my post again...
I asked a question a little more specific that what you gave me an answer
to...
And if this is your idea of a response then maybe you should save your/our
bandwidth by not responding at all.
Ray S.
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Sullivan, Glenn
Sent: Friday, October 04, 2002 12:41 PM
To: 'windows2000@xxxxxxxxxxxxx'
Subject: [windows2000] Re: Virus/Worm via Messenger Service?
Stop the messenger service.
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
-----Original Message-----
From: Rayneman [mailto:reignofdeath@xxxxxxxxxxxxx]
Sent: Friday, October 04, 2002 12:25 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Virus/Worm via Messenger Service?
I periodically get popup messages that are similar to IM messages but claim
to be a Windows Messenger Service or some such thing....I don't remember
installing any such thing but evidently I have some type of messaging
service on this W2K Server machine that can send/receive messages in the
background and I wish to COMPLETELY DISABLE this function. Please advise me
as to what to do and where to do it. I'd like to think that I am relatively
proficient in this OS but this is an obvious indication that I am NOT. And
for those that are curious...they are all spam messages and I'm scared of
what access this IM gives itself in my server.
Thank you in advance.
Ray S.
raynserv@xxxxxxxxx
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Scott Ehrlich
Sent: Friday, October 04, 2002 9:58 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Virus/Worm via Messenger Service?
Last night around 5pm EST we received a Messenger Service window from a
host called WX2. Most people, across subnets, received a poem, credited
to Henry Cuyler Bunner (1855-1896) will a hallmark of "Provided by
http://www.ALLprice.info";
Of our two NT 4 domain controllers, one received the message intact, the
other just received "Message from WX2 to <domain controller> on 10/3/2002
<timestamp>" but no body of the message.
Anyone heard of anything like that?
nbtstat shows no such host, as does nslookup.
Thanks for any insight.
Scott
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
