Help - Search - Members - Calendar
Full Version: Mystery Malware
BleepingComputer.com > Security > Am I infected? What do I do?
   
discokid
Jan 9 2007, 10:34 PM
Hey all,

To start, I work for a provider installing phone, cable and internet.

About a year or so ago, I bought a used computer from a Government Surplus. Good deal, 25 bux.
It came loaded with Win 2000 and worked great until I plugged a cable modem into it. As soon as
it detected a network connection, a note popped up saying something like - 'Your computer is infected
with something blah blah blah. Please visit www.pcregfix.com or something like that.'

So I closed the window and every 2 minutes another would pop up. After closing a few of them it came up
and said 'Critical Error. Your computer will shut down in 60 Seconds'. And so the timer went down and the computer would turn off.'

The only way I could get rid of it was to format, assuming that all of the computers from the surplus sale were ghosted off of one machine.

Do you supposed this is a correct assumption? I have had numerous customers with the same issue and I'm not totally sure what to tell them. I figure it's not a virus but some sort of really bad malware. I have seen it probably half a dozen times since then, and some of those computers were in fact from a government surplus as well.

What is that thing anyway?

Thanks,

discokid
Jacee
Jan 10 2007, 11:43 AM
This sounds like MESSENGER SERVICE

Windows Messenger Service windows may appear when using Windows NT, 2000, or XP online. They have nothing to do with the similarly named MSN Messenger chat program or with your web browser (so any popup stopper option has no effect).

Windows Messenger Service was designed to enable messages to be sent over a Local Area Network (LAN). Typically, a system administrator might use it to notify users that the server is about to be shut down. Because it uses the same TCP/IP communication standard as the Internet, such messages can also be sent over the Internet.

Turn off the Messenger service. To do this, follow these steps:

1. Click Start, and then click Control Panel (or point to Settings, and then
click Control Panel).
2. Double-click Administrative Tools.
3. Double-click Services.
4. Double-click Messenger.
5. In the Startup type list, click Disabled.
6. Click Stop, and then click OK.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2008 Invision Power Services, Inc.