virus or hacked?

Chris_Todd · August 20, 2003, 4:32pm

Good morning:
I was wondering if anyone has seen this message on a win2k server before and
might be able to help me

Message from destroyer to you on 8/19/2003 11:24:53pm
Make this your last pop-up ever Destroy all these pop-up for a fraction of
the price of our competitors!!!
go to www. messagdestroyer.net

This is all in a plain windows box(gray box with an ok button at the bottom
and the X is the upper right corner)

Any help or insight would much appreciated!!

Thanks
Chris Todd
Computer Technician
Western Newspapers, Inc.
(928)775-2499

Resistance is Futile

Paul_A_Bradford · August 20, 2003, 5:30pm

That would probably be the messenger service in Win2k..... to stop it,
go to Settings -> control panel -> Administrative Tools -> Services.
Find Messenger and disable it.

Thanks,
Paul

Or load the linux OS of choice

Todd_Mitchell · August 20, 2003, 5:38pm

From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf

Of

Chris Todd
Sent: Wednesday, August 20, 2003 12:33 PM
To: 'nanog@merit.edu'
Subject: virus or hacked?

Good morning:
I was wondering if anyone has seen this message on a win2k server

before

and
might be able to help me

Message from destroyer to you on 8/19/2003 11:24:53pm
Make this your last pop-up ever Destroy all these pop-up for a

fraction of

the price of our competitors!!!
go to www. messagdestroyer.net

This is all in a plain windows box(gray box with an ok button at the
bottom
and the X is the upper right corner)

This is a standard Windows messenger (not MSN messenger) spam. If you
don't use the Windows messenger service, disable the "messenger"
service. SPAM will stop.

Todd

Johannes_Catterwell · August 20, 2003, 5:51pm

Chris Todd schrieb:

Thanks
Chris Todd
Computer Technician

Computer Technician? you sure?

Jack_McCarthy1 · August 20, 2003, 6:19pm

Chris,
Chances are that you're not but...make sure you block the following ports (at a
minimum) at your firewall:

135
137-139
445

If you don't have a firewall, you need to get one installed ASAP. In the
meantime, install a personal (software) firewall - if the circumstances allow.
If you are getting pop-up ads on that server, who knows what else is going on.

-Jack

J.F_Noonan · August 20, 2003, 6:30pm

That ain't nothing compared to the "Network Security Engineer"
that posted a few messages before that had never heard of Blaster
and has his servers set to auto-update from M$ (shudder).