Go Back   Wireless and Wifi Forums > News > Newsgroups > alt.computer.security
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-07-2007, 08:02 PM
Gualtier Malde
Guest
 
Posts: n/a
Default What is "regproscan"?

I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com and
download regproscan.exe. This last time the window is persistent and I can't stop it even with Task
Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.

Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting for an
answer.

Thank you.

Reply With Quote
  #2 (permalink)  
Old 02-07-2007, 08:06 PM
Admins
Guest
 
Posts: n/a
Default Re: What is "regproscan"?

On Wed, 07 Feb 2007 13:02:03 -0800, Gualtier Malde wrote:

> I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com and
> download regproscan.exe. This last time the window is persistent and I can't stop it even with Task
> Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
>
> Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting for an
> answer.
>
> Thank you.


It sounds like spyware, try emptying out your browsers cache after your
scans. If you don't need cookies for any particular reason consider
setting your browser to accept them for current session only,

Regards,
--
Admin


* www.privacyoffshore.net (No Logs Internet Surfing)
* Anonymous Secure Offshore SSH-2 Surfing Tunnels

Reply With Quote
  #3 (permalink)  
Old 02-07-2007, 08:17 PM
David H. Lipman
Guest
 
Posts: n/a
Default Re: What is "regproscan"?

From: "Admins" <invalid@bogus.com>


|
| It sounds like spyware, try emptying out your browsers cache after your
| scans. If you don't need cookies for any particular reason consider
| setting your browser to accept them for current session only,
|
| Regards,

Nope !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Reply With Quote
  #4 (permalink)  
Old 02-07-2007, 08:18 PM
David H. Lipman
Guest
 
Posts: n/a
Default Re: What is "regproscan"?

From: "Gualtier Malde" <valacapt@yahoo.com>

| I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com
| and download regproscan.exe. This last time the window is persistent and I can't stop it
| even with Task Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
|
| Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting
| for an answer.
|
| Thank you.

It is a plain and simple con job in a NetBIOS Pop-Up form !

To disable the Windows Messenger Service, you can open a Command Prompt and type the
following commands...

sc stop Messenger
sc config Messenger start= disabled

A Router such as the Linksys BEFSR41 will also block this at the WAN/LAN interface and such
messages won't be seen on a LAN PC.

It also means two things...

You do NOT have WinXP SP2 installed
Your PC has NetBNIOS over IP exposed to the Internet.

If you had installed WinXP SP2 it would have done two things. Disabled the NT Messenger
Service and enabled the WinXP FireWall.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Reply With Quote
  #5 (permalink)  
Old 02-07-2007, 10:33 PM
Gualtier Malde
Guest
 
Posts: n/a
Default Re: What is "regproscan"?

David H. Lipman wrote:
> From: "Gualtier Malde" <valacapt@yahoo.com>
>
> | I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com
> | and download regproscan.exe. This last time the window is persistent and I can't stop it
> | even with Task Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
> |
> | Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting
> | for an answer.
> |
> | Thank you.
>
> It is a plain and simple con job in a NetBIOS Pop-Up form !
>
> To disable the Windows Messenger Service, you can open a Command Prompt and type the
> following commands...
>
> sc stop Messenger
> sc config Messenger start= disabled
>
> A Router such as the Linksys BEFSR41 will also block this at the WAN/LAN interface and such
> messages won't be seen on a LAN PC.
>
> It also means two things...
>
> You do NOT have WinXP SP2 installed
> Your PC has NetBNIOS over IP exposed to the Internet.
>
> If you had installed WinXP SP2 it would have done two things. Disabled the NT Messenger
> Service and enabled the WinXP FireWall.
>

For that and other reasons, after leaving this message I restored a clone backup. Messenger doesn't
seem to be active, but perhaps it is lying in wait.

I am a bit bummed by that news. I am not running XP but W2000 (I have one very important
dos-dependent database manager). OTOH I checked my Zone Alarm Pro and found that my firewall wasn't
set to max. It now is. How protective can I expect that to be?

If you can give me some help in the W2000 environment, I will appreciate it. I'll also post
pertinent text from your reply on the W2000 NG.

Thank you


Reply With Quote
  #6 (permalink)  
Old 02-07-2007, 11:37 PM
David H. Lipman
Guest
 
Posts: n/a
Default Re: What is "regproscan"?

From: "Gualtier Malde" <valacapt@yahoo.com>


| For that and other reasons, after leaving this message I restored a clone backup.
| Messenger doesn't seem to be active, but perhaps it is lying in wait.
|
| I am a bit bummed by that news. I am not running XP but W2000 (I have one very important
| dos-dependent database manager). OTOH I checked my Zone Alarm Pro and found that my
| firewall wasn't set to max. It now is. How protective can I expect that to be?
|
| If you can give me some help in the W2000 environment, I will appreciate it. I'll also
| post pertinent text from your reply on the W2000 NG.
|
| Thank you

Sorry, you failed t mention the OS and the number of WinXP platforms out-numbers Win2K so I
assumed WinXP.

No matter what Service Pack is installed, the NT Messenger Service is still enabled by
default.

However it still means you were not using a FireWall properly or using a NAT Router. In
either case, NetBIOS over IP was totally exposed to the Internet, as proven by the NetBIOS,
Messenger Service, Pop-Ups.

The SC.EXE command doe not come stock with Win2K. It is available in the NT Resource Kit or
by download. ftp://ftp.microsoft.com/reskit/win2000/sc.zip

Extract SC.EXE to the folder; %windir%\system32

Execute:

sc stop Messenger
sc config Messenger start= disabled

You don't have to use SC.EXE.
You can do it manually by executing; SERVICES.MSC

Find the MESSENGER service then stop it and then disable it.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Reply With Quote
  #7 (permalink)  
Old 02-11-2007, 04:41 AM
Admins
Guest
 
Posts: n/a
Default Re: What is "regproscan"?

On Wed, 07 Feb 2007 21:18:42 GMT, David H. Lipman wrote:

> From: "Gualtier Malde" <valacapt@yahoo.com>
>
>| I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com
>| and download regproscan.exe. This last time the window is persistent and I can't stop it
>| even with Task Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
>|
>| Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting
>| for an answer.
>|
>| Thank you.
>
> It is a plain and simple con job in a NetBIOS Pop-Up form !
>
> To disable the Windows Messenger Service, you can open a Command Prompt and type the
> following commands...
>
> sc stop Messenger
> sc config Messenger start= disabled
>
> A Router such as the Linksys BEFSR41 will also block this at the WAN/LAN interface and such
> messages won't be seen on a LAN PC.
>
> It also means two things...
>
> You do NOT have WinXP SP2 installed
> Your PC has NetBNIOS over IP exposed to the Internet.
>
> If you had installed WinXP SP2 it would have done two things. Disabled the NT Messenger
> Service and enabled the WinXP FireWall.


Maybe but not for certain,
--
Admin


* www.privacyoffshore.net (No Logs Internet Surfing)
* Anonymous Secure Offshore SSH-2 Surfing Tunnels

Reply With Quote
  #8 (permalink)  
Old 02-11-2007, 04:51 PM
David H. Lipman
Guest
 
Posts: n/a
Default Re: What is "regproscan"?

From: "Admins" <invalid@bogus.com>


|
| Maybe but not for certain,

No, not maybe, definitely for certain.

I have seen and replied to posts like this numerous times.

These are NetBIOS Pop-Ups spam scams. Nothing less, nothing more.
To assume that this is by software residing on the PC is a faux assumption.

The mere fact that he stated "Messenger Service" is the proof. The fact is this is a very
common ploy. The most important concept here is that if one receives a NetBIOS Pop-Up then
their PC's MS Networking is exposed to the Internet and the PC user has a higher probaility
of Internet worms buffer overflow exploitations and hack attempts.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Reply With Quote
Reply


« ~~ TSA still struggling with Security Issues ~~~ | Celebrity News Celebrity Gossip »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 05:27 PM.



Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45