Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Mystery Malware

  • Please log in to reply
1 reply to this topic

#1 discokid


  • Members
  • 6 posts
  • Local time:03:17 AM

Posted 09 January 2007 - 10:34 PM

Hey all,

To start, I work for a provider installing phone, cable and internet.

About a year or so ago, I bought a used computer from a Government Surplus. Good deal, 25 bux.
It came loaded with Win 2000 and worked great until I plugged a cable modem into it. As soon as
it detected a network connection, a note popped up saying something like - 'Your computer is infected
with something blah blah blah. Please visit www.pcregfix.com or something like that.'

So I closed the window and every 2 minutes another would pop up. After closing a few of them it came up
and said 'Critical Error. Your computer will shut down in 60 Seconds'. And so the timer went down and the computer would turn off.'

The only way I could get rid of it was to format, assuming that all of the computers from the surplus sale were ghosted off of one machine.

Do you supposed this is a correct assumption? I have had numerous customers with the same issue and I'm not totally sure what to tell them. I figure it's not a virus but some sort of really bad malware. I have seen it probably half a dozen times since then, and some of those computers were in fact from a government surplus as well.

What is that thing anyway?



BC AdBot (Login to Remove)



#2 Jacee


    Bleeping around

  • Malware Response Team
  • 3,714 posts
  • Gender:Female
  • Local time:11:17 PM

Posted 10 January 2007 - 11:43 AM

This sounds like MESSENGER SERVICE

Windows Messenger Service windows may appear when using Windows NT, 2000, or XP online. They have nothing to do with the similarly named MSN Messenger chat program or with your web browser (so any popup stopper option has no effect).

Windows Messenger Service was designed to enable messages to be sent over a Local Area Network (LAN). Typically, a system administrator might use it to notify users that the server is about to be shut down. Because it uses the same TCP/IP communication standard as the Internet, such messages can also be sent over the Internet.

Turn off the Messenger service. To do this, follow these steps:

1. Click Start, and then click Control Panel (or point to Settings, and then
click Control Panel).
2. Double-click Administrative Tools.
3. Double-click Services.
4. Double-click Messenger.
5. In the Startup type list, click Disabled.
6. Click Stop, and then click OK.

MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users