Real Registry problem or something else? Please help

Discussion in 'other security issues & news' started by val2060, Aug 6, 2005.

Thread Status:
Not open for further replies.
  1. val2060

    val2060 Registered Member

    Joined:
    Aug 6, 2005
    Posts:
    2
    Location:
    Michigan
    (Sorry if this is posted in the wrong place but I’m not sure what it is so I wasn’t sure where to post it)


    Hi everyone. First of all I want to alert you that you’re dealing with a true computer dummy here. I have visited your site a few times before and once managed to get rid of a homepage hijacker using directions from your site (although I could NEVER tell you how I actually managed to do it or repeat it!), so thanks so much for being here!
    I have encountered a new problem with my computer now and I don’t know if it’s an actual problem or some sort of bug/virus, whatever you want to call it.
    Every time my computer is running, I get a series of warning pop ups. They look very official and just like the usual ones windows occasionally uses. I would like to copy them here for you but they don’t allow me to highlight and copy them. I’ll manually copy a few of the messages at the end of this in case anyone cares to read them.
    All of the messages have links to various sites, supposedly to repair the problem. I have visited a number of them but they all want me to download something…like a free scan…which if I did I’m sure would be followed by another available download to fix the found problems for the low price of “29.99” or something along those lines.
    I’ve heard that sometimes spyware can put these windows or similar ones on your computer so you think you have a virus just so you’ll have to go buy their removal software. That’s what’s making me leary of this business.
    Does anyone know if this is a real error and if it is what I should do about it?
    And if it is some kind of spyware or virus, how can I fix it? I have McAfee and SpyBot Search and Destroy, but neither one of them have picked up anything. I also tried to go to the Windows Update site by searching through Yahoo, but my computer froze up when I tried to click on the link…making me even more suspicious.
    In case it matters, I am running Windows XP and all of the alert messages come in small boxes that say “Messenger Service” in the bar at the top.
    What ever this is, I need to address it somehow because it’s driving me a bit crazy and starting to worry me that there’s something really wrong. Any suggestions?
    Thanks in advance for any help you can offer.
    Val


    Here are a few examples of the messages that have been popping up:


    Message from SYSTEM to ALERT on 8/6/2005 3:20:30 PM

    Windows has encountered an Internal Error
    Your Windows registry is corrupted.
    An Immediate system scan is recommended.

    Visit

    http://e-regpatch.com

    to repair.

    (Then it has the little “Ok” button to click, which when clicked makes the window disappear for a minute or two then the next one pops up)



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Message from SECRUITY to ALERT on 8/6/2005 3:24:13 PM

    STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.

    Windows has found CRITICAL SYSTEM ERRORS.

    To fix the errors please do the following:
    1. Download Registry Repair from: http://www.fixregerror.com
    2. Install Registry Repair
    3. Run Registry Repair
    4. Reboot your computer
    FAILURE TO ACT NOW MY LEAD TO DATA LOSS AND CORRUPTION!

    (OK button)



    Message from System Alert to Current User on 8/6/2005 3:56:25 PM

    Windows error: reg-3328
    Windows has detected errors in the registry!
    Your system files are in danger of being corrupted.
    Visit www.clean-xp.com to repair your computer
    Please write this site down.

    (OK)

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Message from SYSTEM to ALERT on 8/6/2005 3:25:54 PM

    STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.

    Windows has found 47 Critical Errors. (*another window says 74)

    To fix the errors please do the following:
    1.Download Registry repair from: http://www.e-regfix.com
    2. Install Registry Repair
    3. Run Registry Repair
    4. Reboot your computer.
    FAILURE TO ACT NOW MY LEAD TO DATA LOSS AND CORRUPTION!

    (OK)


    Message from SECURITY MONITOR to WINDOWS USER on 8/6/2005 3:39:33 PM

    Important Windows Security Bulletin
    ===================
    Buffer Overrun in Messenger Service Allows Remote Code Execution,
    Virus Infection and Unexpected Computer Shutdowns

    Affected Software:

    Microsoft Windows NT Workstation
    Microsoft Windows NT Server 4.0
    Microsoft Windows 2000
    Microsoft Windows XP
    Microsoft Windows Win98
    Microsoft Windows Server 2003

    Non Affected Software:

    Microsoft Windows Millennium Edition

    Your system is affected, download the patch from the address below !
    FIRST TYPE THE ADDRESS BELOW INTO YOUR INTERNET BROWSER, THEN CLICK ‘OK’.
    THE ADDRESS WILL DISAPPEAR ONCE YOU CLICK ‘OK’.

    www.updatepatch.info

    (OK)


    Message from SYSTEM to ALERT on 8/6/2005 3:43:28 PM

    Microsoft Windows has encountered and Internal Error
    Your windows registry is corrupted.
    We recommend a complete system scan.

    Visit

    http://NeatReg.com

    To repair now!

    (OK)



    Message from SYSTEM to USER on 8/6/2005 3:49:26 PM

    Warning: Your computer may have critical errors in registry and file system.

    These errors can lead to computer crashes, instability, slowness, and full system failure.

    Immediate repair may be required.

    See help file at: www.spw4f.com

    To bring up the file, type www.spw4f.com into your web browser or:

    1. Press Windows “START” button in the lower-left-hand-corner of screen

    2. Select “Run” from menu

    3. Type www.spw4f into box then press “OK” button


    (OK)




    The messages are all similar but they direct me to many different web addresses, including: www.fixwinreg.com, www.regcleaner32.com, www.spw5c.com, http://FixRegNow.com, http://e-regpatch.com, www.fixregerror.com, www.fixregistryerrors.com, www.ms-repair.com, www.winregedit.com
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes, I know about this, but it's very usefull for those, who don't know it.
    In the past, while I was installing win2000pro + Windows Update, one of those messages warned me that I was heavily infected with a link to solve the problem.
    A newbie could panic when such messages popup during the installation of Windows. I hope this problem is solved in Windows Vista.
     
  4. val2060

    val2060 Registered Member

    Joined:
    Aug 6, 2005
    Posts:
    2
    Location:
    Michigan
    Thank you SOOOOOO much! I followed the directions you sent me to and it worked like a charm. I can feel the straightjacket loosening already!
    You guys are the best!!!!

    :D
     
  5. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,702
    Location:
    Texas
    Hi Val2060,

    Now do a clean-up of your registry. I recommend the following

    http://www.hoverdesk.net/freeware.htm aka Regseeker.

    Just for peace of mind make asystem restore point, then run regseeker, & delete all the junk it finds.

    Also get a copy free of ERUNT you will always have a good backup of the (whole) registry. Just in case your system restore point fails, find ERUNT at:

    http://www.larshederer.homepage.t-online.de/erunt/

    Good Luck
    rico
     
  6. murdera84

    murdera84 Guest

    I would to express my appreciation for that site that stopped those super annoying pop ups and is wish i would have looked for it sooner
     
  7. mhboda

    mhboda Guest

    The advice provided was excellent. Seems to have worked on my laptop as well. / M.
     
  8. tyler-euro

    tyler-euro Guest

  9. janneke

    janneke Guest

    THANKS! I guess this default Windows messenger service is by this time so ****ed these things can happen.

    In my case: messages AND my computer got rebooted all the time within minutes.
     
  10. ///

    /// Guest

    so is it a real problem or not?
     
  11. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    no, it isn't a real problem. they are fake messages being sent over the internet not to you in particular, but to a huge block of addresses. it's a scam to get people to cough up money. if you have messenger turned on you will see the messages. if you turn off messenger you won't see them anymore although they are still being sent. either way they are nothing to worry about.

    i see them everytime i do some packet sniffing but don't see them normally because i have messenger turned off.

    N.B. they can not see into your PC; it is like a radio broadcaster saying "you have problems, pay me £20.00 and i will fix them!" the radio broadcaster can not see into your house, neither can the messenger sender.
     
    Last edited: Aug 24, 2005
  12. Guust

    Guust Guest

    Thanks alot...this tip really helped out :)
     
  13. Ginger

    Ginger Guest

    HELP! Re: Real Registry problem or something else? Please help

    I followed the directions exactly, but the messenger won't turn off.

    ~Frustrated
     
  14. ravin

    ravin Registered Member

    Joined:
    May 2, 2003
    Posts:
    241
    Location:
    South Carolina
    Re: HELP! Re: Real Registry problem or something else? Please help

    if you are using the microsoftanitispyware then goto..
    Tools->
    Real-Time Protection->
    Internet Agent->
    pick view internet agent checkpoints.

    should see Red X on Windows NetBios Messenger Service.

    hope this helps. if not post back.
     
    Last edited: Sep 1, 2005
  15. rawr

    rawr Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    128
    Location:
    Illinois, U.S.A
    Re: HELP! Re: Real Registry problem or something else? Please help

    After going into Start > Control Panel > Services, find Messenger, double-click on it and change 'Startup-type' to disabled. Then re-boot your system..
     
  16. Hoyles

    Hoyles Guest

    Thanks for the link Snowbound. You Rock!

    I was pestered by those pop-ups and tried everything.
    NO spyware scanner picked it up. I ran a dozen!
    Even the biggies like Spybot Search & Destroy and Ad-Aware.

    Also, PC scans featured on Microsoft's site failed to pick it up, as did Norton, McAfee, etc... because it's not a virus, it's simply a "Message".... ugh

    Anyways, I'm devoting serious time and energy into getting the solution to these messages out to masses of people.

    Thanks again!
     
Loading...
Thread Status:
Not open for further replies.