GlockTalk.com
Home Forums Classifieds Blogs Today's Posts Search Social Groups



  
SIGN-UP
Notices

Glock Talk
Welcome To The Glock Talk Forums.
Reply
 
Thread Tools Display Modes
Old 10-12-2003, 12:15   #1
MB-G26
Lifetime Membership
Inertia Bound
 
MB-G26's Avatar
 
Join Date: Oct 2001
Location: In my head
Posts: 14,905


1-stop Answers here: Spyware, Secret Installs, Popups & related

One stop info reply for all (the typical and most frequently posted problems :)

If you use IE for your browser:
1. IE -> Tools -> Internet Options -> Advanced tab.

A. UNtick the boxes for "Enable Install On Demand"
B. DISable ActiveX(ploit) for ALL "zones", or if you MUST allow it for certain sites, put those sites in the "Trusted" zone and set all ActiveX entries to "Prompt".
C. DISable all entries java & javascript for ALL zones except "Trusted", or at least set them to "Prompt" for zones other than the "Internet" zone.
D. DISable "all installation of desktop items" for ALL zones

2. Go to http://www.lurkhere.com/ and read the paragraphs about the "Hijack This!"**** program. Then go to the "Nice Files" page there and download and install the program. This will keep your homepage in IE from being hijacked.

An alternative that performs same/similar function is StartPage Guard (http://www.pjwalczak.com/spguard/index.php)

A similar and effective program is SpywareGuard:
http://www.wilderssecurity.net/spywareguard.html Also free, although donations are appreciated.

http://www.wilderssecurity.net/bhblaster.html
Quote:
Browser Hijack Blaster
Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenver one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings.
3. While on the "Nice Files" page at LH, download and install Spybot Search & Destroy. Run it every few days to detect and discombobulate any spyware/crapware that you may have picked up and not realized it.

4. Go to http://www.javacoolsoftware.com/spywareblaster.html and download and install SpywareBlaster. "SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed." The program is free, and you can help support it (dev'ing and hosting it does cost money) with a donation, if you chose.

5. Go to www.wilders.org and then to their "free tools" subsection, which is at http://www.wilders.org/free_tools.htm
Download and install these:
A. HTAstop (in the prevention section, about 1/2 down the page)
B. WSH Anti-Polymorphism Patch
C. DSOStop v2
D. Windows Media Player Scripting Fix v1.0

And from the "monitoring" section there, get and install:
E. ScriptSentry or AnalogX Script Defender (depending upon whether you have MS VBS installed)
F. DHCP Fix
H. StartUp Monitor

and from the "misc" section there, download and install:
I. BHO Captor or BHOCop

"Messenger" Problems; Popup Problems & Programs

For "Messenger" popup problems, go here:
http://forums.spywareinfo.com/index.php?showtopic=1920 as this section of the forum gives information about programs that will tame the darn thing, as well as gives specific instructions to manually tame it with a step-by-step procedure for each OS.

Review and comparison of current, popular Popup killer programs is located at http://www.popup-killer-review.com/test.htm and is a pretty comprehensive site regarding the 'science' of pupups, how they function and how killer programs are defeated, and of popup killers themselves.

Oh, the *sigh* at the beginning isn't directed at you - it's directed at the scumburgers that create and foist this crap over and over again onto unsuspecting computer users.
m

PS. IE-SPYADS HAS A NEW URL. See updating post in this thread dated 8/7/04. There is an easy way to keep probably 90% of the crap sites from even being able to touch your machine to begin with: install "IE-SPYAD" - what it does is put a huge list of bad and universally-undesireable sites into the "Restricted" zone of IE. Go here: http://www.staff.uiuc.edu/~ehowes/resource.htm to read what it is and how it works. This is a good alternative to learning to use the HOSTS file to do the same thing, and some Windows OSs (Xp and 2000, I think) reportedly slow to a crawl if the HOSTS file is large.

Hazeleger.net is severely curtailing what, if any forums will remain available after 2/14-2/15/04. This post has therefore been edited to remove the reference to the various sections/forums.http://www.hazeleger.net/yabbframe.htm


(originally posted here: http://www.glocktalk.com/showthread....0&pagenumber=2)

***UPDATE: mando updates to HiJackTHIS! & CWShredder, due to new (as of 11/16/03) variant of the CWS Trojan.
Quote:
http://www.spywareinfo.com/

Update Your Copies of HijackThis and CWShredder
If you have ever downloaded HijackThis or CWShredder, it is urgent that you upgrade to the latest versions before using them again. If you mirror these programs on your own site, it is extremely urgent that you update the files.

Due to a new variant of the CWS Trojan (http://www.spywareinfo.com/~merijn/cwschronicles.html), using either HijackThis or CWShredder on an infected Win98 or WinME computer may lead to severe damage to that computer. You must update to the very newest versions of these programs before using either of them again....

To upgrade these programs, you merely delete the old files and replace them with the new. The links are below.
See the Spywareinfo URL above for download links to the updated versions.

Spywareinfo.com is having hosting problems at the moment. Here's an alternative DL location:

CWSHREDDER LINK http://www.majorgeeks.com/download4086.html
CWShredder 1.59.1
Author: Merijn.org
Date: 2004-06-28
Size: 137 Kb
License: Freeware
Requires: Win All

Added 3/13/04- A growing spyware problem, incredibly, is self-proclaimed "anti-spyware" applications that actually CONTAIN spyware and often this is NOT appropriately disclosed. While not a previously-unknown problem, it IS become a rather prolific one. For examples, this article is worth reviewing:
http://news.com.com/2100-1032_3-5153485.html?tag=st_rn
Quote:
Spyware cures may cause more harm than good
Last modified: February 4, 2004, 1:21 PM PST
By John Borland
Staff Writer, CNET News.com

Web surfers battling "spyware" face a new problem: so-called spyware-killing programs that install the same kind of unwanted advertising software they promise to erase. ...
See also http://www.netrn.net/spywareblog/
"Spyware Warrior
Waging the war against spyware"
There are several areas which list phoney "anti-spyware" apps which are actually spyware themselves.
__________________
I am slowly falling apart - I wish you'd take a walk in my shoes for a start. You might think it's easy being me ... Sometimes I find myself shaking - In the middle of the night. And then it hits me and I can't - Even believe this is my life
(The Wreckers; "Stand Still; Look Pretty")

Last edited by MB-G26; 09-06-2004 at 08:37..
MB-G26 is offline   Reply With Quote
Old 10-12-2003, 12:52   #2
ArestiaFL
Makin' waffles
 
ArestiaFL's Avatar
 
Join Date: Feb 2003
Location: Florida
Posts: 48
Send a message via AIM to ArestiaFL Send a message via Yahoo to ArestiaFL
Another very effective spyware tool is Ad-Aware, downloadable from www.lavasoftusa.com. I also HIGHLY recommend you install a virus scanner. In the event you don't want to pay outlandish prices for programs that slow your computer to a crawl, go download AVG Anti-Virus for FREE (www.grisoft.com). AVG is implemented on my corporate network and has kept out Gaobot, Melissa, Swen and The BLASTER virus. I highly recommend them, they're good people, and the program sits quietly on your system eating up a mere 2 MB of virtual memory (compared to Norton at 36 and McAfee at 21).

Finally, if you have a high speed connection and aren't being a router or a firewall, PLEASE download the latest Microsoft patches from http://windowsupdate.microsoft.com! You also may want to invest in a router or firewall software. It will save you many many headaches! Good luck!
__________________
"All Your Glock Are Belong To Us"

Proud member of the NRA

"Boom-down, and you were dead, never partly dead." - The Things They Carried by Tim O'Brien
ArestiaFL is offline   Reply With Quote
Old 10-12-2003, 14:04   #3
Texas T
CLM Number 23
TX expatriate
 
Texas T's Avatar
 
Join Date: Jan 2000
Location: W7YBY
Posts: 12,095


Re: 1-stop Answers here: Spyware, Secret Installs, Popups & related

Quote:
Originally posted by MB-G26
Disclosure: I am part of the Admin at Hazeleger.net
Geez... only six people have voted. At least I got the correct answer.


T
__________________
"A gun is a tool, Marion. No better and no worse than any other tool - an axe, a shovel, or anything.
A gun is as good or as bad as the man using it. Remember that." Alan Ladd as Shane (1953)

NRA Life Benefactor Member, AMA Champion Member, AOPA Member, ARRL Member, GOA Life Member
Texas T is offline   Reply With Quote
Old 10-12-2003, 14:52   #4
NetNinja
Always Faithful
 
NetNinja's Avatar
 
Join Date: Oct 2001
Location: HotLanta, GA
Posts: 2,424
Very Nice

Nice Post MB-G26.

As always a wealth of Knowledge.
__________________
G17,G22,G30,Sig P229 Sport
Kimber CC Series 1,Kimber CCR Series 1
SA TRP Operator SA 1911A1
S&W 1911, 686, M19, 627VComp,ColtDE10mm
Anschutz 1813 Super Match
NetNinja is offline   Reply With Quote
Old 10-12-2003, 18:11   #5
MB-G26
Lifetime Membership
Inertia Bound
 
MB-G26's Avatar
 
Join Date: Oct 2001
Location: In my head
Posts: 14,905


This will be stickies when Aeolus gets to it

So definately add your 'one-stop' fix/prevention tricks and such.
m
__________________
I am slowly falling apart - I wish you'd take a walk in my shoes for a start. You might think it's easy being me ... Sometimes I find myself shaking - In the middle of the night. And then it hits me and I can't - Even believe this is my life
(The Wreckers; "Stand Still; Look Pretty")
MB-G26 is offline   Reply With Quote
Old 10-12-2003, 21:56   #6
DWavs
Moderator
 
DWavs's Avatar
 
Join Date: Feb 2000
Location: Virginia
Posts: 6,400
Send a message via ICQ to DWavs Send a message via AIM to DWavs Send a message via Yahoo to DWavs


Re: This will be stickies when Aeolus gets to it

Quote:
Originally posted by MB-G26
So definately add your 'one-stop' fix/prevention tricks and such.
m
Stickied.

David
__________________
Brothers of the Leaf...a place to discuss cigars!

TT #1
DWavs is offline   Reply With Quote
Old 10-12-2003, 22:48   #7
David_G17
/\/\/\/\/\/\/\/
 
David_G17's Avatar
 
Join Date: Oct 2002
Posts: 7,678
if none of the above work.

run linux ;a
__________________
"One handgun a month is too much."
"If you ask me, 12 handguns/year is too much."
"I'd be OK with one gun a year."
"We need the strong gun regs and enforcement Europe has."
-DU debates America's future 10/23/2005
David_G17 is offline   Reply With Quote
Old 10-14-2003, 05:32   #8
HerrGlock
CLM Number 2
Scouts Out
 
HerrGlock's Avatar
 
Join Date: Dec 2000
Posts: 64,420


Quote:
if none of the above work.

run linux
As I've often said:

Step One: Remove all Microsoft products from your computer...

THEN we can talk about locking it down.

DanH
__________________
Sent from my rotary phone
"The way I see it as soon as a baby is born, he should be issued a banjo!"- Linus Van Pelt
UNIX - Not just for Vestal Virgins any more
HerrGlock is offline   Reply With Quote
Old 12-25-2003, 22:02   #9
lomfs24
Senior Member
 
lomfs24's Avatar
 
Join Date: Apr 2003
Location: Kansas
Posts: 4,812
Send a message via AIM to lomfs24 Send a message via Yahoo to lomfs24
I agree with David. SuSe 9 is looking good.

I downloaded and installed all the things in the original post and now I have no room left on my harddrive to do any work.
__________________
The simple believeth every word: but the prudent man looketh well to his going. ~Proverbs 14:15
lomfs24 is online now   Reply With Quote
Old 12-26-2003, 10:15   #10
CMA G21
Senior Member
 
CMA G21's Avatar
 
Join Date: Oct 2001
Location: Florida
Posts: 474


In addition to MB-G26's suggestions, you may want to consider (strongly consider!) using something other than Internet Explorer for browsing, and Outlook (or Outlook express) for email.

You might want to consider Mozilla ( http://mozilla.org/ ) or Opera ( http://www.opera.com/ ) .
CMA G21 is offline   Reply With Quote
Old 12-26-2003, 19:03   #11
lomfs24
Senior Member
 
lomfs24's Avatar
 
Join Date: Apr 2003
Location: Kansas
Posts: 4,812
Send a message via AIM to lomfs24 Send a message via Yahoo to lomfs24
Anti-virus

Anti-virus software is a must. I have used and really liked f-prot on Linux. They also have versions for nearly every operating system. Windows, Linux, FreeBSD, Unix... etc.

It is very reasonalby priced and at least with the Linux version there were new definitions available every 12 to 24 hours.

They can be found at www.f-prot.com
__________________
The simple believeth every word: but the prudent man looketh well to his going. ~Proverbs 14:15
lomfs24 is online now   Reply With Quote
Old 12-26-2003, 19:30   #12
Shoeless
Gun Totin' Girl
 
Shoeless's Avatar
 
Join Date: Nov 2001
Location: Planet Earth
Posts: 10,511


Mel, you are unbelievable. Almost every post you write seems like it has hours of tedious research behind it. Girl, you are one valuable resource!

xoxo
Shoeless
__________________
Follow me on Twitter or Facebook. View my videos, website, and blog, "Your Life. Organized."
Shoeless is offline   Reply With Quote
Old 01-02-2004, 19:28   #13
streeter69
This is Kewl
 
Join Date: Nov 2001
Location: I like annoying people.
Posts: 2,883
Quote:
Originally posted by Shoeless
Mel, you are unbelievable. Almost every post you write seems like it has hours of tedious research behind it. Girl, you are one valuable resource!

xoxo
Shoeless
One BIG DITTO;f
__________________
Just when you think it can not get any hotter.
streeter69 is offline   Reply With Quote
Old 03-03-2004, 23:59   #14
Blast
'nuff said
 
Blast's Avatar
 
Join Date: Aug 2002
Location: NKY/Cincinnati area
Posts: 19,640


Your posts are highly appreciated, MB-G26. You have provided me with tools that saved my rickity old computer.;f
Keep up the good work.^c
__________________
A man should look for what is, and not for what he thinks should be - Albert Einstein
Blast is offline   Reply With Quote
Old 04-23-2004, 14:28   #15
MB-G26
Lifetime Membership
Inertia Bound
 
MB-G26's Avatar
 
Join Date: Oct 2001
Location: In my head
Posts: 14,905


UPDATE: re-arranged, expanded, and more info

The recent attempted hack of GT's servers got me thinking, as did several inquiry threads. So.... here's an expanded and rearranged update - takes more than 1 posts:

SUGGESTIONS:
The follow is focused on users of Windows 9.x and up, and of Internet Explorer. IE 6.x users - achieve the same things but you will have to look for where 6.x puts these options w/in IE Internet Tools.

1. DISable virtually everything in ALL "Zones" in IE-> Tools -> InternetOptions ->Security except for the "Trusted Zones", including specifically:
A. All ActiveX entries (1st 5 entries in IE5.5)
B. Cookies (both entries)
C. File and Font download (one entry each)
D. MS VM - Java Permissions (DISable java)
E. Misc: (Access Data Source.... etc., (9 entries, including Installation of Desktop Items...)
(set to HIGH Software Channel Permissions)
F. DISable all scripting entries (3 java/java script entries, Active, Paste & Scripting Java Applets)
D. Set User Authentication to "Annonymous logon"

E. A bit outdated, but for background info re the "Zones" http://www.nwnetworks.com/iezones.htm "Internet Explorer Security Zones, by Scott Schnoll"

F. See "Accidental Trojan Horses - Security Problems in Windows 98 PCs" http://www.computerbytesman.com/acctroj/ regarding ActiveX issues.

G. Advisable to change the default settings in "My Computer" zone - which can't be done straight manually since it isn't displayed like the other zones. See http://www.edensoft.com/ieak.html "Changing settings in the My Computer security zone"

H. Put "*.glocktalk.com" (w/o quote marks) in your Trusted Zone so it will work properly. Ditto for any other sites you need the otherwise disabled functionalities for.

I. ENSURE each & every single option is DISabled or set to "HIGH" (if that is the most disabling option offered) in the Restricted Zone.

2. DISable/UNtick the following in IE -> Tools -> Internet Options -> Advanced tab.
A. UNtick the boxes for "Enable Install On Demand"

3. Protection from browser high-jackers and others, including silent-download invaders:
A. SpywareGuard: http://www.wilderssecurity.net/spywareguard.html Also free, although donations are appreciated.

B. Browser Hijack Blaster: http://www.wilderssecurity.net/bhblaster.html

C. Go to http://www.lurkhere.com/ & look at info re: "Hijack This!" program. Download is mirrored @"Nice Files" page there. Installation will keep your homepage in IE from being hijacked. It "includes a copy of StartupList, that can be run from the HijackThis interface. Updated August 15th, 2004"

4. Protect against Start Page hijacks: StartPage Guard (http://www.pjwalczak.com/spguard/index.php)

5. Protect against infections of spyware: locate, download & install & keep updated the following:
A. Spybot Search & Destroy: also at lurkhere.com and a variety of other mirror sites. Home page: http://www.safer-networking.org/ Official support forums: http://forums.net-integration.net/index.php?c=7

B. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
From http://www.wilders.org/free_tools.htm

C. HTAstop (in the prevention section, about 1/2 down the page) also on http://www.simtel.net/pub/pd/53731.shtml

D. Robin Keir Script Trap http://keir.net/software.html

E. WSH Anti-Polymorphism Patch (Wilders)
F. DSOStop v2 (Wilders)
G. Windows Media Player Scripting Fix v1.0 (Wilders)

From the "monitoring" section there at Wilders, get and install:
H. ScriptSentry or AnalogX Script Defender (depending upon whether you have MS VBS installed)
I. DHCP Fix
J. StartUp Monitor

from the "misc" section @ Wilders, download and install:
K. BHO Captor or BHOCop

L. Obtain/install Ad-Aware, and use it as a backup to Spybot Search & Destroy. Start w/their main page http://www.lavasoft.de/ (AA products require frequent updates, have pay & free versions, & are often the subject of problem complaints immediately after updates/upgrades are issued.)

M. Considering installing EBURGER Windows Security Utility, "a menu-driven batch file utility that allows you to disable, re-enable, or otherwise configure the following aspects of Windows", and his "Windows Script (Host) Uninstaller".
Quote:
*EBERGER Windows Security Utility:
NetBIOS Over TCP/IP (File & Printer Sharing)
Microsoft DCOM
Microsoft Jet security
Microsoft Windows Script
BHO's (Browser Helper Objects)
HOSTS file
There is an extensive ReadMe.txt included."
This is the same Eric Howe that writes IE-SPYAD (see below- URLs have changed as of 6/04)
Quote:
Windows Script (Host) Uninstaller
Last Updated: Apr 28 '01
"The Windows Script (Host) Uninstaller is a batch file utility that will uninstall any version of Windows Script, sometimes known as the Windows Scripting Host. It will uninstall Windows Script (Host) no matter the original source of the installation...

Windows Script 5.6 (from microsoft.com)
Windows Script 5.5 (from microsoft.com)
Windows Script 5.1 (from microsoft.com)
Windows Script 5.0 (from microsoft.com)
Visual Basic Scripting Support (any version of IE 5)
Windows Scripting Host 2.0 beta
Windows Scripting Host 1.0 (Windows 98 SE)
Windows Scripting Host 1.0 (Windows 98)
Windows Scripting Host 1.0
This batch file will NOT uninstall Windows Script (Host) from Windows ME or Windows 2000 due to the System File Protection scheme that these versions of Windows employ."
N. Consider UNinstalling Windows's "VBS Script" from Add/Remove Programs/Windows Components.

O. Consider changing the "association" of "dangerous file types" to something harmless, like Notepad. (WSH, HTA, SHS-scrap files, MSHTA, etc.) See http://www.nsclean.com/psc-exe2.html (Privacy Software Corporation Security Advisory, Friday, April 13, 2001, "EXE2HTML HTA Exploit Generator" - authored by the coders of commercial AT programs BOClean, IECLean, and the freeware HTASTOP.) See also: "Scrap Files Can Tear Your Up", http://www.pc-help.org/security/scrap.htm

6. Ensure your "bindings" are properly configured. http://grc.com/su-bondage.htm
Quote:
Network Bondage
Discipline your network bindings in the privacy of your own home.

Microsoft's networking technology is only required for sharing files and printer services with other Microsoft-based PC's. It is not needed for connecting to the Internet or for using any Internet services. ... exposing Microsoft's weak password protection system to password crackers over the Internet... .

Understanding Adapter, Protocol, and Service Binding

The key to taming your computer's network configuration is understanding what is meant by "binding". For example, we say that a network adapter is bound to TCP/IP or that NetBEUI is bound to File and Printer sharing. ...

The process known as "binding" bridges the layer boundaries to interconnect pairs of individual components residing in adjacent layers. . . . In other words ... By default EVERYTHING [as set up by Microsoft in its OSs] on each layer is BOUND to EVERYTHING on the adjacent layer!
. . .
You don't need to be a rocket scientist to easily see why this is unsafe: The insecure Microsoft networking components the Client for Microsoft Networks and File and Printer Sharing are bound to the Internet's worldwide routable TCP/IP protocol, and the TCP/IP protocol is bound to ALL of the system adapters! Thus, anytime this system has any contact with the Internet, the machine's guts are spilling out for the whole world to access! . . .
(to rearrange your bindings, follow Gibson's step-by-step)

7. DISable Windows Messenger (not the same as the other Messenger)
A. Read and follow: (link out of date - currently culling new ones)

8. Obtain/install a pop-up blocker:
A. Review & comparison of current, popular Popup killer programs is located at http://www.popup-killer-review.com/test.htm

9. Prevent 'bad' websites from effectuating things on your computer:
A. A huge list of bad and universally-undesireable sites into the "Restricted" zone of IE. See Eric Howe's pages which provide IE-SPYAD, a self-installing add-in to the IE Restricted Zone which adds a choice of undesirable websites to that zone.
Quote:
new home page is:

Protecting Your Privacy & Security (UIUC)
https://netfiles.uiuc.edu/ehowes/www/

Note the https (SSL) instead of the standard http. The new URL for the IE-SPYAD/AGNIS page is:

IE-SPYAD/AGNIS
https://netfiles.uiuc.edu/ehowes/www/resource.htm

...you can convert the URLs ... because the internal structure of the site has remained the same. ... change [old to new] ...
http://www.staff.uiuc.edu/~ehowes/
...to...
https://netfiles.uiuc.edu/ehowes/www/
The rest of the URL remains the same.
10. Obtain and install CW Shredder (CoolWebSearch trojan killer program) http://www.spywareinfo.com/~merijn/cwschronicles.html

11. Ensure no phoney, 'pretending' "anti-spyware" programs are installed. See details here: http://www.netrn.net/spywareblog/

12. Ensure machine is running a good, updated ANTI-VIRUS PROGRAM "resident". Obtain an additional AV, such as the freeware AVG6, www.grisoft.com, and while keeping the 2nd one updated DO NOT RUN IT RESIDENT - RUN IT WEEKLY ON MANUAL LOAD DEMAND.
12(A) Good, reliable, and frequently updated free Anti-Trojan programs are almost impossible to find anymore, but SERIOUSLY CONSIDER spending the $40 for a good AT program. An AV program is NOT any guarantee in the least against a trojan - too much difference between the beasts. I recommend BOClean AT - about $40, & have used it for several years. Tho not affiliated in any way with PSC company or its coders, this is the only AT I have ever recommended. http://www.nsclean.com/boclean.html
12(B) If you won't run an AT, next best idea is implementing various fixes and work-arounds to combat trojan infections. Example: http://www.hackfix.org/subseven/ SubSeven Trojan info & fix page. Wilders.org also has a TON of 'trojan' and exploit fix tools indexed - free & downloadable, altho dated.

12(C). Anti-Virus programs (not a complete list):

(i) AVG (Anti-Virus Grisoft) www.grisoft.com
(ii) Trend Micro (including Online virus scan)
http://housecall.trendmicro.com/

13. Ensure the appropriate patches installed from http://windowsupdate.microsoft.com ; http://www.microsoft.com/windows98/d.../corporate.asp ; https://v4.windowsupdate.microsoft.com/en/default.asp . There are alternative source sites for MS's patches if for some reason you have trouble w/the MS update pages. (You will have to RE-ENABLE all the ActiveX, Java, Script, Cookies, Download, etc., settings for whatever zone the MS page you use is in.)
A. http://members.tripod.com/erpman1/
B. http://www.mdgx.com/web.htm
C. http://www.softwarepatch.com/
D. http://www.rwclements.com/upgrades/mswin98.html (back up the URL or use links on page for updates for non win98 updates)
E. http://www.techspot.com/tweaks/updates/

14. Ensure the FIREWALL is updated, if applicable, properly configured, and learn to utilize "Advanced" or "Special" Rules.
A. Consider using a different FW if you believe the one you have is being successfully penetrated.
(A)(1) Sygate Personal Firewall STD and PRO Versions. See the Sygate site for most updated version info. You may be able to download from here http://smb.sygate.com/buy/download_buy.htm
Quote:
Sygate Personal Firewall (free)
Protects against Trojans, spyware, worms and other known & unknown threats Prevents unauthorized or malicious applications from bypassing the firewall. Enables even inexperienced users to easily customize and fine-tune security policies... Easiest-to-use PC firewall and still free for personal/home use.
If you use Zone Alarm do some research into ZA's various downsides - including false alerts and issues regarding alert sensitivity settings. If you have ZA and choose to go w/a different FW, thoroughly research the UNinstall steps before UNinstalling ZA.

(B). If concerned with FW "alerts" and log entries, Learn to understand WHAT your FW logs are actually indicating.
(1) http://www.robertgraham.com/pubs/firewall-seen.html
"Firewall Foresics, What Am I Seeing?"

(2) http://www.interhack.net/pubs/fwfaq/
"Internet Firewalls: Frequently Asked Questions"

(3) Sygate products - FireWall, forums: http://forums.sygate.com/vb/

(4) Intrusion Detection Services http://www.ssimail.com/Sesintrude.htm

(5) Doshelp.com (firewall) Intrusion & Attack Reporting Center (helpful tips, explanations, FW help, Trojan Ports list, AV Tools, Security Patches, Security News, etc.) http://www.doshelp.com/sectips.htm

(6) Dshield.org FAQ http://www.dshield.org/primer.php
Quote:
Internet Primer
This introduction is intended to provide a basic understanding of how the Internet works and how this applies to firewalls.... This page will just provide a brief definition of many of the terms used on this site.

IP Address
DNS / Domain Name / Host Name
Ports
IP (Internet Protocol)
TCP (Transmission Control Protocol)
UDP
ICMP (Internet Control Message Protocol
Firewalls
(7) http://unixgeeks.org/security/newbie.../firewall.html "Firewall Basics"
(8) Firewall Exploits: http://www.iss.net/security_center/a...ts/default.htm
Quote:
"The term 'exploit' refers to a well-known bug/hole that hackers can use to gain entry into the system. This section contains extensive reference information on common exploits and intrusion methods that hackers use to break into systems."
(9) Beyond-Security's SecuriTeam.com http://www.securiteam.com/

(10) Intrusion Detection Tools: http://www.foundstone.com/resources/..._detection.htm

go to part 2
m

Last edited by MB-G26; 09-07-2004 at 13:32..
MB-G26 is offline   Reply With Quote
Old 04-23-2004, 14:29   #16
MB-G26
Lifetime Membership
Inertia Bound
 
MB-G26's Avatar
 
Join Date: Oct 2001
Location: In my head
Posts: 14,905


Part 2

15. Utilize a reporting organization for serious intrusion attempts.
(A) http://www.dshield.org/
This is an excellent site to become familiar with. It is part of the Internet Storm Center/SANS ("SysAdmin, Audit, Network, Security" Institute, established 1989) and has an IP number registration lookup interface - useful for IP numbers reflected in the FW log as attempted intrusions, as well as a recent port useage/exploit lookup. (http://www.dshield.org/reports.php) Both the ISC and SANS sites are WELL worth perusing. For example, see not only the graphic on the main Dshield page which depicts current threat traffic, but also the "Trends" page on Sans: http://isc.sans.org/trends.php.

If implemenation of 'special' Rules is desired, consider utilizing Dshield's recommended "block list" of offending IP blocks: http://www.dshield.org/block_list_info.php
Quote:
DShield.org is an attempt to collect data about cracker activity from all over the internet. This data will be cataloged and summarized [via reports through their "Fight Back" reporting and cataloging function]. It can be used to discover trends in activity and prepare better firewall rules.
http://www.dshield.org/fightback.php
Quote:
FightBack
DShield.org is now helping users to fight back against attackers. We will analyze submitted log reports and pick a number of strong cases to forward them to the ISP from which the attack originated. A copy of the abuse report will be forwarded to the user.

You have to sign up for 'Fightback'. We will not forward any of your log submissions unless you agree to by using the fightback option.

The user that submitted the log report will be copied on all correspondence. The ISP will receive all relevant log excerpts and we will include the e-mail address registered with DShield.org, in order to allow the ISP to contact the victim directly.

To sign up for the 'FightBack' program, go to the login page, log in and then check the 'FightBack' box. We'll do the rest.

Right now, the system is tailored to simple packet filters. As firewall systems that produce easy to parse packet filter logs are now available for most operating systems, this data can be submitted and used without much effort.
(A)(1) Download and install CVT, the a freeware reporting client which processes and sends appropriate log entries to Dshield.
http://www.dshield.org/howto.php
Quote:
How to submit your firewall logs to DShield

DShield provides a platform for users of firewalls to share intrusion information. DShield is a free and open service.

If you use a firewall, please submit your logs to the DShield database. You may either download one of our ready to go client programs, or use our Web Interface to manually submit your firewall logs. Registration is encouraged, but is not required.
Everybody is welcome to use the information in the DShield reports and database summaries to protect their network from intrusion attempts.
More information about how DShield works is on our home page.
(links)
Prewritten clients
Windows

DShield "Universal" CVTWIN Client
8Signs Firewall
Agnitum Outpost
AnalogX PortBlocker
Asante FriendlyNET, D-Link, U.S. Robotics, and SMC Barricade routers using RouterLog
Billion Router
BlackIce Defender
eSoft Instagate Firewall
Kerio (formerly Tiny) Personal Firewall
Kerio (formerly Tiny) Software WinRoute Pro
Kiwi Syslog Daemon
Asante FriendlyNet VR2004AC, VR2004C
Cisco ACL (IOS)
Cisco PIX
Clavister Firewall
D-Link Router
Gentek Router
IPChains
IPTables
Linksys Router
Netgear Router
Netscreen
Netopia Router
SMC Router
Smoothwall
Sonicwall
WatchGuard
Zyxel Zywall Routers
Linksys Etherfast Cable / DSL router
Microsoft ISA
McAfee Firewall
Norton Personal Firewall
Snort
Sygate Personal Firewall
Symantec VelociRaptor Firewall
Tiny Personal Firewall 4.0 and 5.0
Vicom Internet Gateway
Trend Micro PC-Cillin
VisNetic (formerlly Ambra) Firewall
Wingate Proxy Server
Windows XP Internet Connection Firewall (ICF)
ZoneAlarm
(A)(2) http://www.mynetwatchman.com/
Quote:
"myNetWatchman is a:
Security Event Aggregator
Centralized, web-based firewall log analyzer
Fully automated abuse escalation/management system
. . .
Q: I uploaded an attack report that I know is a false positive, what do I do?
A: Most escalations require multiple agents to report the same source IP address before any action is taken. Moreover, the escalation thresholds for services that generate a lot of false positives (e.g. streaming audio, file sharing, etc.) have been set to very high values.
Therefore, if you upload a false positive, don't worry about it, it will normally be filtered.
If you actually see something get escalated that shouldn't, then please send an email to support."
B. See "Tool leaky - Why Your Firewall Sucks" http://tooleaky.zensoft.com/

16. There are a variety of sites which offer free infection scanning. A word search in TechTalk will result in several threads listing these.
A. http://www.pcflank.com/scanner1.htm; http://www.pcflank.com/test.htm
Quote:
Quick Test
Stealth Test
Browser Test
Trojans Test
Advanced Port Scanner
Exploits Test
B. Security Space Security Audits http://www.securityspace.com/smysecure/index.html
Quote:
Home PC Users
Desktop Audit $9.95 USD/yr
A comprehensive audit package suitable for desktop systems not running server software. Includes a 1500+ TCP port scan and 631 vulnerability tests in the Denial of Service, Windows, Backdoors (Trojans), Firewalls, and Misc. categories.

Basic Audit ( Free ) Run Audit
Our classic port scan - scans 1500+ known service ports looking for services hackers might use to get in.

Single Test ( Free ) Run Audit
Run any of our 2088 vulnerability tests. Unlimited use
C. GRC's "Shield's Up!" Security Analysis https://grc.com/x/ne.dll?bh0bkyd2

D. Security Analysis Service http://www.vulnerabilities.org/

E. Firewall Test, Port Scan.... http://www.auditmypc.com/
Quote:
Free Online Security Check
Port Scanning Explained: http://www.auditmypc.com/freescan/readingroom/port_scanning.asp
F. http://www.cert.org/
Vulnerabilities, Incidents & Fixes

G. Port Scan Security Check http://www.sdesign.com/securitytest/index.html

H. Sygate Security Probe page http://scan.sygate.com/probe.html

REMEMBER TO DISABLE ANY FIREWALL REPORTING SERVICE/PROGRAM YOU HAVE IMPLEMENTED BEFORE DOING AN INTENTIONAL SECURITY AUDIT - YOU DO *NOT* WANT TO REPORT A FRIENDLY IP AS AN INTRUDER.

17. Various utilities would be helpful to have on board, including process viewers (which will show you EVERYTHING that is running - far beyond what the TaskManager - Cntrl-Alt-Del - box shows.) There is at least one freely available at Wilders.org

A. This is another free one - PrcView. http://www.xmlsp.com/pview/prcview.htm There are many payware programs, also.
Quote:
PrcView is a process viewer utility that displays detailed information about processes running under Windows. For each process it displays memory, threads and module usage. For each DLL it shows full path and version information. PrcView comes with a command line version that allows you to write scripts to check if a process is running, kill it, etc.
18. Get to know Regedit and your Registry and the Windows Regedit program. Always, ALWAYS keep full, current, manual backups of your full registry stored on removable media.
(A) A Registry info site: http://www.winguides.com/registry/

19. Learning to put the HOSTS file to good use is also helpful, but this is limited to certain MS OS's as a nice, fat HOSTS file does NOT play well with some OS's above 9.x
A. http://www.accs-net.com/hosts/
Gorilla Design Studio Presents: Using the Hosts File
(This site is very comprehensive and also links to basically the best HOSTS file sites I know of, so I didn't post them all individually.)

m
__________________
I am slowly falling apart - I wish you'd take a walk in my shoes for a start. You might think it's easy being me ... Sometimes I find myself shaking - In the middle of the night. And then it hits me and I can't - Even believe this is my life
(The Wreckers; "Stand Still; Look Pretty")
MB-G26 is offline   Reply With Quote
Old 05-21-2004, 17:19   #17
rhikdavis
U.S. Veteran
 
rhikdavis's Avatar
 
Join Date: Jul 2002
Location: Late Great Planet Earth
Posts: 13,199
Blog Entries: 1
Send a message via Yahoo to rhikdavis Send a message via Skype™ to rhikdavis
How much to fly you out to my place and just set my computer up. ;f
__________________
Charter OAF Member
"I don't know half of you half as well as I should like; and I like less than half of you half as well as you deserve."
rhikdavis is offline   Reply With Quote
Old 06-13-2004, 00:52   #18
MB-G26
Lifetime Membership
Inertia Bound
 
MB-G26's Avatar
 
Join Date: Oct 2001
Location: In my head
Posts: 14,905


Ah...... but I am in BabyLand.......

Quote:
Originally posted by rhikdavis
How much to fly you out to my place and just set my computer up. ;f
hehehe..... in fact, I'm temporarily at my sister's in Kali, where all things computer sometimes kinda sort work and Winblows is a rare commodity, lol!
m
__________________
I am slowly falling apart - I wish you'd take a walk in my shoes for a start. You might think it's easy being me ... Sometimes I find myself shaking - In the middle of the night. And then it hits me and I can't - Even believe this is my life
(The Wreckers; "Stand Still; Look Pretty")
MB-G26 is offline   Reply With Quote
Old 08-07-2004, 16:44   #19
MB-G26
Lifetime Membership
Inertia Bound
 
MB-G26's Avatar
 
Join Date: Oct 2001
Location: In my head
Posts: 14,905


Help in totally removing AOHell

Just came across this and thought I'd add it to the 'helpful info' list:
http://www.lurkhere.com/forum600.html
Conferences Windows 98 Family ( http://www.lurkhere.com/cgi-bin/foru...mID14&archive= )
Topic #983
"Uninstalling AOL" Jul-28-04, 09:09 AM (EDT)

Quote:
1. "RE: Uninstalling AOL"
Jul-28-04, 10:55 AM (EDT)
I would use the Add/Remove entry.
Then I would look for any AOL related folders in Explorer and run any 'unwise' or 'uninstall' files I found.

Then I'd settle in and get nice and comfy cozy for one of the most rewarding exersizes a computer user can attain, the systematic hunt and destroy of anything AOL in a System Registry.

May want to export one (a copy of the Reg) first, JIC. ...

Then, dump all your Temps and TIF's and defrag that sucker.
*******

2. "RE: Uninstalling AOL"
Jul-28-04, 11:03 AM (EDT)
LAST EDITED ON Jul-28-04 AT 11:06 AM (EDT) by ADZIRK (moderator)

This lists the step you can take. It is a bit old and may be missing some steps for AOL 8 or 9.

How To Uninstall AOL ( http://9337387.home.icq.com/main7.html )

IMHO the only way you can completely eradicate the AOL virus is to wash your hands with an antibacterial soap for 60 seconds and then perform a clean installation of Windows ... there must NOT be any AOL disks in the home or your chances of reinfection become very high.
*****
(re using IE Repair tool to fix problems after a removal of aoHell which has tampered w/other needed files) ... a file you need has been toyed with when AOL was being shutdown, shut out, or removed.

AOL does not standalone, it fusses with too many other things.
m
__________________
I am slowly falling apart - I wish you'd take a walk in my shoes for a start. You might think it's easy being me ... Sometimes I find myself shaking - In the middle of the night. And then it hits me and I can't - Even believe this is my life
(The Wreckers; "Stand Still; Look Pretty")
MB-G26 is offline   Reply With Quote
Old 08-07-2004, 18:09   #20
MB-G26
Lifetime Membership
Inertia Bound
 
MB-G26's Avatar
 
Join Date: Oct 2001
Location: In my head
Posts: 14,905


IE-Spyads users: new URLs

Jun-21-04, 05:09 AM (EDT)
Note from the much admired Mr.Eric L Howes:
Quote:
IE-SPYAD/AGNIS Home Page Moved

Hi All:

Over the past year the University of Illinois at Urbana-Champaign has been migrating all of its student and staff accounts to new servers. This weekend my time to migrate finally came (I had no choice in the matter). That means my privacy & security web site has moved to a new location at UIUC with a new URL. My new home page is:

Protecting Your Privacy & Security (UIUC)
https://netfiles.uiuc.edu/ehowes/www/

Note the https (SSL) instead of the standard http. The new URL for the IE-SPYAD/AGNIS page is:

IE-SPYAD/AGNIS
https://netfiles.uiuc.edu/ehowes/www/resource.htm

Unfortunately, there is no automatic re-direct (or even a placeholder notice) from the old web site ( http://www.staff.uiuc.edu/~ehowes/ ). The old address is now simply broken.

At this time I have migrated all of my files, and the new web site should, for the most part, work as it did before. Most internal links within the site should work just fine, although there undoubtedly are some which are now broken and which I will be fixing over the next few days.

If you bookmarked particular pages at my site, you can convert the URLs rather easily because the internal structure of the site has remained the same. For every URL or bookmark you had before, change...

http://www.staff.uiuc.edu/~ehowes/
...to...
https://netfiles.uiuc.edu/ehowes/www/
The rest of the URL remains the same.

I will be posting this notice at many forums over the next few days. Obviously, I cannot possibly notify everyone on the Net who might be using my web site or IE-SPYAD/AGNIS. If you happen to be a regular at a particular forum and suspect that I'm not, please do pass along the new URL for my web site.

Finally, my regular email has not changed:
eburger68-AT-myrealbox.com (munged by MB)

...so if you have questions or problems with IE-SPYAD or AGNIS, you can continue to contact me at that email address with no problem whatsoever.

All the best,
Eric L. Howes
__________________
I am slowly falling apart - I wish you'd take a walk in my shoes for a start. You might think it's easy being me ... Sometimes I find myself shaking - In the middle of the night. And then it hits me and I can't - Even believe this is my life
(The Wreckers; "Stand Still; Look Pretty")
MB-G26 is offline   Reply With Quote
Old 09-07-2004, 12:40   #21
MB-G26
Lifetime Membership
Inertia Bound
 
MB-G26's Avatar
 
Join Date: Oct 2001
Location: In my head
Posts: 14,905


"about:blank" browser command (aka hijack)

Came across the following which might be useful for anyone battling this new "about:blank" browser command infection/CWS variant:
http://forums.spywareinfo.com/index....ssenger+pop+up

Mentions a couple new tools helpful in detecting & dealing w/windows services and "about:blank" infections:
Quote:
Please download GetService.zip
Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you.
getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here. From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the service will have changed and the fix provided will not work
Quote:
Print out these instructions so you have them handy as some of the steps need to be done in safe mode and you may not be able to go online. We need IE to remain closed throughout the process. With that in mind, read through the instructions and download all necessary files ahead of time. Opening IE may cause the fix to fail

1. Download AboutBuster. Unzip it to c:\aboutbuster but don't run it yet we'll do that later on down in this list in SAFE MODE.
m
__________________
I am slowly falling apart - I wish you'd take a walk in my shoes for a start. You might think it's easy being me ... Sometimes I find myself shaking - In the middle of the night. And then it hits me and I can't - Even believe this is my life
(The Wreckers; "Stand Still; Look Pretty")
MB-G26 is offline   Reply With Quote
Old 09-09-2004, 19:56   #22
MB-G26
Lifetime Membership
Inertia Bound
 
MB-G26's Avatar
 
Join Date: Oct 2001
Location: In my head
Posts: 14,905


Getting rid of "WINDOWS MESSENGER"

This is a different beast than "instant messenger" and such, and the distinction is important to make.
Culled research to date:
Quote:
http://www.grc.com/stm/ShootTheMessenger.htm

Shoot The Messenger - Windows Messenger Spam Elimination Freeware
This 22 kbyte "Shoot The Messenger" utility gives users immediate control over the Windows Messenger service.

File stats for: Shoot The Messenger
Last Updated:Apr 26, 2003 at 07:52
Size: 22k (500.19 days ago) Downloads/day: 1,537
Total downloads: 1,009,411

Windows Messenger Service

The Latest Spam Technology

The Windows "Messenger Service" is being exploited to spray the Internet with unsolicited commercial eMail. The receipt of a single UDP packet can cause a "Messenger Service" dialog to pop-up on the user's screen. It is possible for the sender to "spoof" (falsify) the packet's "Source IP", making these packets impossible to trace back to their origin. If our experience with eMail Spam is any model, we can expect to see a lot more of this in the future.

Wired News: (link) Spam Masquerades as Admin Alerts

Bad Company: These sample home pages give you a good idea what's going on, and just how bad it's likely to become: (links)

www. IP-Messenger. com

www. BroadcastBlaster. com

www. BroadcastAdvertiser. com

www. DirectAdvertiser. com

The first thing to understand is that the Windows Messenger Service is completely different from, and not in any way related to, "MSN Messenger", "Windows Messenger", or any other well-known instant messaging system. Therefore, disabling the Windows Messenger service will have no effect upon your use of any other instant messaging applications. They will continue to work without trouble.

If you ever see legitimate pop-up warnings or announcements with the phrase "Messenger Service" in the title bar, you might have an application running in your system that relies upon the built-in Messenger Service for the delivery of its information. But every application we know of displays its own pop-up alert dialogs, and we're not aware of any programs that rely upon the Messenger Service. It's just a theoretical possibility. If it turns out that you do need to have the Messenger Service running, "Shoot The Messenger" will easily re-enable and start the service.

What is the Messenger Service?

Starting back with Windows NT, and carried forward into all subsequent operating systems, Microsoft included a simple way for users on a network to send each other short "pop-up" messages. Network administrators might have used it to notify everyone of system-wide events. It was a nice idea, though in its original form it never caught on widely. There is a standard command line program "Net Send", that can be used to generate these messages, and there's also a GUI (Graphical User Interface) application to do the same.

If you're curious to see the graphical interface: On Windows 2000 or XP, right-click on "My Computer"/"Manage". Then under "System Tools" right-click on "Shared Folders". Choose "All Tasks" and finally "Send Console Message..."

You probably didn't know any of that was there, and neither do most people. It's a never-used feature that has been replaced by the various well known, popular, and feature-rich instant messaging systems. But, like a great many other "legacy" features of Windows, since it was once included, it survives in case anyone who once used it might still need it.

Several considerations make this something of a problem:

For network messages to be received, the receiving machine must open a port to actively listen for incoming network packets. That means that an Internet server must be running in the computer to service the incoming messages. The entire industry is still learning the hard way with Code Red, Nimda, SQL Slammer, and the never exploited (yet) UPnP vulnerability that leaving unneeded and non-maintained open servers running on the Internet is a bad and dangerous practice. Yet this has been Microsoft's continuing practice. What's worse is that, out of the box, Windows does this to end-user consumer machines.

The Messenger Service is another example of an Internet server that is running, by default, in all versions of Windows from NT through XP. It's a bad idea.

Even if some group of users on a local area network (LAN) were using the built-in Messenger Service to send short notes and alerts to each other, it's a good bet that no one ever intended for it to be used out on the wide area Internet network (WAN). The fact that the Messenger Service "went global" as Windows-based personal computers were put onto the Internet was probably an accident of history and an oversight by Microsoft. Or perhaps Microsoft just didn't care. Either way, it's a good bet that no typical Internet end user who knows what's going on needs or wants to have it running.

Since the first release of Windows 1.0, people have never stopped complaining about how slow and resource-hungry Windows is to boot and operate. It's things like leaving unneeded, unwanted, and never used services running exactly like Windows Messenger that tie up RAM, burn CPU cycles, and consume other system resources. It adds up to slowing everything down.

Turning off unneeded services and not running unnecessary programs is always a good idea.

As you can probably see . . .

Even if your Windows 2000 or XP machine is safe behind a personal firewall or NAT router, shutting down the Messenger Service is a good idea.

"Shoot The Messenger" allows any Windows NT/2000/XP user to easily stop and disable the unnecessary Messenger Service running in their machines.

Shooting The Messenger

Download and run our small (22 kbyte) "ShootTheMessenger.exe" utility. It will display the current status of your system's Messenger Service. The button near the bottom of its window will allow you to set the service to whichever state running or disabled that you desire.

If, for any reason, you should ever choose to re-enable the Windows Messenger Service, simply re-run ShootTheMessenger to do so.

ShootTheMessenger supports two command line convenience options which can be useful for operation from corporate logon scripts or batch command files:

ShootTheMessenger disable

ShootTheMessenger enable

That's all there is to it. It's simple, straightforward, and highly recommended for every user of Windows 2000 and XP.
*****************************
www.itc.virginia.edu/desktop/docs/messagepopup/ - 20k - Sep 5, 2004
Quote:
Disabling the Messenger Service
To remove the ability for anyone in the world to pop up messages on your computer, you can disable the Messenger service. Its easy to reverse at a later time if you wish to do so.

Windows 2000
Click Start-> Settings-> Control Panel-> Administrative Tools->Services
Scroll down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK

Windows XP Home
Click Start->Settings ->Control Panel
Click Performance and Maintenance
Click Administrative Tools
Double click Services Scroll
down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK

Windows XP Professional
Click Start->Settings ->Control Panel
Click Administrative Tools
Click Services
Double click Services Scroll
down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK

Windows NT
Click Start ->Control Panel
Double Click Administrative Tools
Select Services-> Double-click on Messenger
In the Messenger Properties window, select Stop,
Then choose Disable as the Startup Type
Click OK

Windows 98 & ME
Windows Messenger Service cannot be disabled (My note: but there might be an Uninstall option - I'll have to check the 98se machine and supplement info); at the very least, you can totally neuter it using special/advanced "Rules" in your software firewall. It might also be possible to determine which are the active 'exe' files it needs, and then cripple them by renaming them.
******************
http://www.microsoft.com/windowsxp/u.../stopspam.mspx
Quote:
Disabling Messenger Service in Windows XP
(original source document contains helpful images)
Published: January 9, 2004

Related Links
Stop Receiving Pop-up Advertisements With Messenger Service Titles in Windows 2000
Prevent Pop-up Ads When Browsing with Internet Explorer 6
MSN 8 Junk Mail Filter

If advertisements are opening on your computer in a window titled Messenger Service, it may indicate that your system is not secure. You should enable the Internet Connection Firewall and disable the Messenger Service in Windows XP to help protect your computer from unwanted spam and other potential threats.

The Messenger Service was originally designed for use by system administrators to notify Windows users about their networks. However, some advertisers have started using this service to send information via the Internet, and these messages could be used maliciously to distribute a virus.

Note Although the name of the service is similar, Messenger Service in Windows XP is not related to instant messaging programs such as Windows Messenger and MSN Messenger. Disabling instant messaging programs is not necessary and not recommended. Disabling instant messaging programs will not prevent Messenger Service spam on your computer.

If your computer is part of a corporate network, ask the network administrator before disabling Messenger Service.

If you have Windows XP at home or in a small office that you manage yourself, you should disable the Messenger Service.

First, make sure that your system is protected by an Internet firewall and that you've followed the steps to Protect Your PC. Disabling the Messenger Service without using a firewall will prevent the unwanted spam, but will not protect your computer from intruders.

To disable the Messenger Service in Windows XP (Caution: If your computer is part of a corporate network, talk to your system administrator before taking this action.)

1. Click Start and then click Control Panel.

2. Click Performance and Maintenance. (If you do not see the Performance and Maintenance icon, you may be using Classic View. You can skip to step 3 below, but you must double-click Administrative Tools.)

3. Click Administrative Tools.

(Figure 1. Double-click Services in Administrative Tools.)

4. Double-click Services as shown in Figure 1 above..

5. Double-click Messenger.

6. In the Startup type list, choose Disabled as shown in Figure 2 below.

(Figure 2. Choose Disabled from the Startup type list in Messenger Properties. )

7. Click Stop, and then click OK.

For more information on the origins of Messenger Service spam and how to handle it, read this Knowledge Base article 330904.
*********************************
Quote:
PC Hell: How to remove Windows Messaging on Windows XP

... you may want to visit the World of Windows Networking article on PopUp Messages. ...
How to Disable, Uninstall, and Remove Windows Messenger instant messaging ...
www.pchell.com/support/ipmessaging.shtml - 19k - Sep 5, 2004
************
http://www.winguides.com/registry/category.php/67/
Quote:
Disable Background Notification Balloon in Messenger (All Windows)
This tweak can be used to disable the popup message that notifies the user that Windows (MSN) Messenger is still running in the background when you close it.

Remove Windows Messenger from Outlook Express (All Windows) Popular This tweak is used to remove MSN Instant Messenger functionality and integration from Outlook Express.

Disable Windows Messenger in Outlook (All Windows)
This setting can be used to disable the integration of Windows (MSN) Messenger so that is does not start when using Microsoft Outlook.

Change the Messenger Warning Message (All Windows)
When you start a chat in Windows Messenger a warning is shown that says "Never give out your password or credit card number in an instant message conversation". This tweak allows you to customize this message for example to display your company chat policy.

Disable SSDP Discovery in Windows Messenger (Windows 2000/XP)
Windows Messenger uses the Simple Service Discovery Protocol (SSDP) to attempt to locate upstream Internet gateways on UDP port 1900. This tweak allows you to disable Universal Plug and Play Network Address Translation discovery to reduce bandwidth and increase security.

Disable MSN Instant Messenger (All Windows) Popular
This restriction is used to disable the ability to run the Microsoft MSN Instant Messenger client.

Remove Windows Messenger from Internet Explorer (All Windows) Popular This tweak can be used to remove the integration of Windows Messenger into Internet Explorer. It will remove both the toolbar icon and Tools menu item.

Change the MSN Messenger Background Image (All Windows) Popular
This tweak allows you to change the background bitmap image in the MSN Messenger service.

MSN Instant Messenger Restrictions (All Windows) Popular
These restrictions are used to disable various features of the Microsoft MSN Instant Messenger client.
m
__________________
I am slowly falling apart - I wish you'd take a walk in my shoes for a start. You might think it's easy being me ... Sometimes I find myself shaking - In the middle of the night. And then it hits me and I can't - Even believe this is my life
(The Wreckers; "Stand Still; Look Pretty")
MB-G26 is offline   Reply With Quote
Old 09-20-2004, 04:17   #23
PDogSniper
Senior Member
 
PDogSniper's Avatar
 
Join Date: Dec 2000
Location: Southwest Michigan
Posts: 10,777
Could you repeat that please...?
__________________
Hair today, gone tomorrow

Member NRA
Member GOA
PDogSniper is offline   Reply With Quote
Old 10-17-2004, 23:44   #24
NetNinja
Always Faithful
 
NetNinja's Avatar
 
Join Date: Oct 2001
Location: HotLanta, GA
Posts: 2,424
DO NOT USE OUTLOOK EXPRESS

Please for the love of Pete don't use Outlook express as your email client.

Outlook express has so many security holes in it that it should be called the Swiss Cheese email Client.

Please use Outlook Or Mozilla Thunderbird.

Mozilla Thunderbird is an open source email client.

http://www.mozilla.org/products/thunderbird/
__________________
G17,G22,G30,Sig P229 Sport
Kimber CC Series 1,Kimber CCR Series 1
SA TRP Operator SA 1911A1
S&W 1911, 686, M19, 627VComp,ColtDE10mm
Anschutz 1813 Super Match
NetNinja is offline   Reply With Quote
Old 11-23-2004, 14:04   #25
nickg
Senior Member
 
nickg's Avatar
 
Join Date: Jan 2002
Posts: 4,460
gee..these replies aren't NEAR long enough. ;Q ;Q
__________________
I may be wrong, but I'm not wrong long.
nickg is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT -6. The time now is 02:15.



Homepage
FAQ
Forums
Calendar
Advertise
Gallery
GT Wiki
GT Blogs
Social Groups
Classifieds


Users Currently Online: 698
184 Members
514 Guests

Most users ever online: 2,244
Nov 11, 2013 at 11:42