Is this a virus

Thanks Tom, but the system he is running is using Windows 98. One
thing I noticed when we boot the system and it hangs at the desktop
only one task is running. Just know thought of doing a Google search
on this running program to see if it's the problem.

On Sat, 10 Jan 2004 18:57:25 -0500, Tom Geer <tgeer43 RemoveThis @NOSPAMyahoo.com>
wrote:

>I'll take a wild stab at this because the first part sounds a lot like what my
>brother went through. If you are running Win XP (home or pro), try running
>"Services.msc" from the run command on the start menu and disabling the Windows
>Messenger Service. Sounds like messenger spam to me. I have no idea why this
>would cause lockups like you are experiencing but it couldn't hurt. The
>messenger service is totally uneeded anyway. For more information, just type "
>Windows XP Messenger Service" into Google.
>
>Tom
>
>spy wrote:
>> I'm trying to help my brother-in-law troubleshoot a minor problem with
>> his system. Every once in awhile a window pops up with the following
>> message. "Virus/Spyware found! Click yes to remove it!", the tittle
>> of the window is "Remove found spyware". If we click yes, the next
>> time we reboot the system it freezes at the desktop with no icons.
>> Any ideas what this might be, I can not find any refrence on the 'net
>> for this problem.
>>
>>
>> TIA
 >> Stay informed about: Is this a virus 

"Tom Geer" <tgeer43 DeleteThis @NOSPAMyahoo.com> wrote in message:

> I'll take a wild stab at this because the first part sounds a lot like what my
> brother went through. If you are running Win XP (home or pro), try running
> "Services.msc" from the run command on the start menu and disabling the Windows
> Messenger Service. ...

Sometimes with variations, that advice applies to Windows NT, 2000 & 2003.

However, it is irrelevant. Please see my response to Davis Hodgins for
the reason why.

> ... Sounds like messenger spam to me. ...

That may be what it sounds like to you, but you'd be wrong. Please see my
response to Davis Hodgins for the reason why.

> ... I have no idea why this
> would cause lockups like you are experiencing ...

That's because you know that just clicking "OK" on a Messenger Service pop-up
_only_ makes the pop-up go away. That something else is clearly happening
should suggest to you that either your beliefs about Messenger Service are
worryingly incorrect _or_ something else is to blame. In either case, the
"advice" in your reply should have been tempered with some indication of your
lack of clue as to the real problem.

> ... but it couldn't hurt. ...

Agreed. There is no good reason to have _any_ of the standard Microsoft
networking services exposed to the Internet (and precious little sensible
reason to be running any of them anyway...).

> ... The
> messenger service is totally uneeded anyway. For more information, just type "
> Windows XP Messenger Service" into Google.

Well, not _totally_, but it is fairly rare for anything a "typical user"
runs to need it.


--
Nick FitzGerald
 >> Stay informed about: Is this a virus 

Nick FitzGerald wrote:

> "Tom Geer" <tgeer43.TakeThisOut@NOSPAMyahoo.com> wrote in message:
>
>
>>I'll take a wild stab at this because the first part sounds a lot like what my
>>brother went through. If you are running Win XP (home or pro), try running
>>"Services.msc" from the run command on the start menu and disabling the Windows
>>Messenger Service. ...
>
>
> Sometimes with variations, that advice applies to Windows NT, 2000 & 2003.
>
> However, it is irrelevant. Please see my response to Davis Hodgins for
> the reason why.
>
>
>>... Sounds like messenger spam to me. ...
>
>
> That may be what it sounds like to you, but you'd be wrong. Please see my
> response to Davis Hodgins for the reason why.
>
>
>>... I have no idea why this
>>would cause lockups like you are experiencing ...
>
>
> That's because you know that just clicking "OK" on a Messenger Service pop-up
> _only_ makes the pop-up go away. That something else is clearly happening
> should suggest to you that either your beliefs about Messenger Service are
> worryingly incorrect _or_ something else is to blame. In either case, the
> "advice" in your reply should have been tempered with some indication of your
> lack of clue as to the real problem.
>

I believe that "I'll take a wild stab..." and "I have no idea why..." would
qualify as indications per your last sentence. I gave the OP no false sense
that my post was the definitive answer.

Tom

--
Remove NOSPAM from email address to reply via email.
 >> Stay informed about: Is this a virus 

"daults (spy)" <@comcsat.net> wrote:

> Thanks Tom, but the system he is running is using Windows 98. ...

Win9x (and ME with third party s/w) machines can display "Messenger spam".
They seldom do though as it is very rare for the non-default, MS-supplied
(at least in Win9x) utility that listens for them and displays them to be
enabled, and the cases where it is enabled, the odds are very high the
machine will part of a relatively competitently run corporate or similar
LAN which will, by definition, block "Messenger spam" at a perimeter
firewall or through some other mechanism before it can get to the PC.

> ... One
> thing I noticed when we boot the system and it hangs at the desktop
> only one task is running. Just know thought of doing a Google search
> on this running program to see if it's the problem.

Get the name of the task and search the registry for it. Note the
filename(s) from the registry entries referring to the task name (this
does not necessarily always work!), eliminate any "coincidental"
references. Nowadays a lot of malware re-uses legitimate service names
to confuse naive users -- make sure that you know the thing you are
looking at is not a legitimate OS service component before proceeding.
If you are sure you have located the filename of the offending service,
restart the machine in DOS mode, change to the directory where the
file(s) of concern are and rename them (for example, .EXE to .EX_, .SCR
to .SC_, etc). Try restarting Windows normally...

Are any start-up errors reported? Does the machine seem to be "back to
normal"?

If all seems right (or even if it doesn't but you cannot resolve it
further yourself) zip (or similar) the suspect file(s) you found and
send them to your preferred antivirus developer(s) for analysis and so
they can add detection of this to their next update.

If you need any more help, you are welcome to Email me directly at this
posting address.


--
Nick FitzGerald
 >> Stay informed about: Is this a virus 

On Sun, 11 Jan 2004 16:47:57 +1300, Nick FitzGerald <nick.TakeThisOut@virus-l.demon.co.uk> wrote:

> Dave -- please explain to us how text in a Windows Messenger pop-up can
> have any kind of active button, or in fact, any kind of active control
> (even something as simple as clicking anywhere being a hyperlink as some
> web-browser pop-ups use).

You're correct, I didn't read the message properly, and gave the wrong
advice. My apologies.

Regards, Dave Hodgins

--
Change nomail.afraid.org to rogers.com to reply by email.
(nomail.afraid.org has been set up specfically for
use in usenet. Feel free to use it yourself.)
 >> Stay informed about: Is this a virus