streaming data

Discussion in 'other software & services' started by mr emu, Jul 1, 2003.

Thread Status:
Not open for further replies.
  1. mr emu

    mr emu Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    10
    I think what your'e doing is wonderful. I recently downloaded v.92 modem software and opened a flood of pop ups. My concern is I use streaming data for stock research on a daily basis. I need your wisdom as to which software to download.

    Thankyou !
     
  2. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Mr Emu,

    Welcome to Wilders!

    I'm unsure on what type of info you are looking for. Are you looking for software to combat PopUps or are your concerns more wide-ranging?

    On the PopUp side, I'm afraid I don't have much advice to offer accept to recommend Opera as a browser and set its preferences to deny popups. I don't know though if this would be feasible with your work however so I would use their software in shareware mode (which includes ads of its own) until you are sure.

    If I misunderstood your question please let us know. In the meantime hopefully others will offer their own suggestions.

    Regards,

    Dan
     
  3. scott

    scott Guest

    Hi Dan,

    Thanks for the quick response. My concern was related to blocking pop-ups and interferrence with streaming data which I use. I just downloaded Spybot and tested my streaming data and all seems to work. I just ran the immunize and the s&d after reading the tutorials. I did just get hit with another pop-up. Is this suppose to bplck pop-ups?
     
  4. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    No that is more intended to immunize your system against unauthorized changes to your IE settings (such as through Browser Hijacks) as well as to help guard against spyware.

    Just to be certain, by 'popups' you are speaking of an actual browser window popping up and not a MS Windows messagebox right?

    If this is happening on sites that used to not do this then there may be a problem. If you can give a few more details I might be able to better guide you.

    You indicated that the stuff started occurring after you loaded modem software? But you were on the internet before correct?
     
  5. scott

    scott Guest

    Sorry for the late response. The pop ups are not windows warning or error messages. In resopnse to your question, Yes, I have been active at my stock trading sites. These are primarily the only sites I visit. These pop ups, which all appear dead center of the screen, all started the moment I signed on with my new Broadxent V.92 PCI.
     
  6. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Can you please download and run HijackThis from

    http://www.tomcoyote.org/hjt/hijackthis.zip

    press the "scan" button and when finished do *not* try to fix anything yet as much of the stuff is necessary. Save the log and copy/paste the results here so we can see what needs to be deleted.

    Thanks
     
  7. scott

    scott Guest

    Thanks for the help and direction. Here is the data you requested. If this is not right, let me know. Again I truely appreciate this.
    Logfile of HijackThis v1.95.0
    Scan saved at 10:31:05 PM, on 7/7/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\essspk.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    C:\Program Files\MSN\MSNCoreFiles\msn6.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\scott\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://no/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: MktBrowser (HKLM)
    O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
    O9 - Extra button: Encarta Encyclopedia (HKLM)
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
    O9 - Extra button: Define (HKLM)
    O9 - Extra 'Tools' menuitem: Define (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://free.aol.com
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1101709eea8aaf7b1c02/netzip/RdxIE601.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://members.vectorvest.com/vvonline/Install/isetup.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37684.3445486111
    O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
     
  8. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hmm, well there is not much there. Before you fox anything you should close out of all windows except HijackThis. If you do not need the speakerphone capability of your modem then you can select

    O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe

    you should also select, in any case,

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://no/
    O15 - Trusted Zone: http://free.aol.com


    neither of these last two entries though would result in the behaviour you mention and the only thing present pointing to the install of modem software is the first entry. I would recommend removing all three and if you need to readd the speakerphone software you can restore it from the backup entry in HijackThis.

    Either way, once you have selected and fixed do a reboot and let us know how things stand as far as recurrent popups (if any)

    Thx

    Dan
     
  9. mr emu

    mr emu Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    10
    Hi Dan,
    Let me first say thankyou for your dedicated assistance.
    I checked off those 3 items mentioned in prior message. Upon start up today, I am getting slammed hard. Just a little while ago One of those terrorists snuck in and blocked my log off and when I came back I had 9-10 of those SOB's stacked upon each other. Well I could continue but you get the idea.
    Speaking of ideas, do you have any?

    I am sending a donation not because of anything other than I appreciate the support.
     
  10. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hmm,

    And you're certain that they are browser popups and not messenger popups?

    If you type in the following at the command prompt you will get an example messenger popup

    net send localhost This is a test popup

    (If you get no response to this command then the Messenger Service is already disabled). Keep in mind that the messenger spammers can and do change the titlebar of the window. Just in case, you may want to make sure that the Messenger Service is off and disabled from automatically starting. Not sure if it is the same in XP but on Win2K you can

    Right-click on My Computer

    Click Manage

    Click the plus sign next to Services and Applications

    Click on Services

    Scroll down to Messenger

    Right-click and go to Properties

    Set "Startup Type" to "Disabled"

    and if the "Service Status" is Started, press the "Stop" button.

    Once this is done the above test command should not work.

    Please let me know whether or not this is a possibility. If it is not, I am going to ask Pieter to take a look at the thread to see what I might have missed.

    Thanks!

    Dan
     
  11. mr emu

    mr emu Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    10
    Thanks Dan. I am not all that adepth at some terminology. The pop ups do have windows messenger on them. I guess this is what you meant. I have disabled the messenger svc. ( yes it is the same with xp) and stopped the service status.

    I sent an e-mail to the web-meister. Let me know.
     
  12. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    My apologies, I should have contrived to make the question clearer earlier, especially as this is such a common issue. I believe this will take care of the problem, but I will keep an eye out on this thread in case you get any return "visits"

    Regards,

    Dan
     
  13. mr emu

    mr emu Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    10
    No appologies necessary. I sometimes allow myself to be a little intimidated because of my limited years on a computer. Ah but the old German who once stated "we get too soon old and too late smart" missed it again. I just found a smart man.
     
  14. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Hey just out of curiosity I checked in there on my own "messenger service" which I have never looked at before but I've enever had a msg yet... Wondered before (think I asked Spy1) if I could actually just be that lucky.. Mine is on automatic but I left it there so far since Sygate must be blocking any such attempts on me or something.
     
  15. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Detox,

    Yes, as long as the firewall is blocking the requisite NetBIOS ports you don't need to stop the service but as most people don't really need it and as there are too many firewall differences to easily explain how to address the issue that way the disabling of the service works well :)

    The main port that the messenger spammers use is UDP 135 but they have been known to use some of the other NetBIOS ports

    Regards,

    Dan
     
  16. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Yes, most of the Messenger based advertising spam is going out as UDP port 135, though NET SEND can function using NetBIOS UDP port 137 and TCP port 139. There is a good analysis of this over at myNetWatchman.

    Detox, unless you lowered your Sygate firewall, or allowed Generic Host Process for Win32 Services permission to act as a server, you'd be protected. Most firewalls in default configuration protect against this. Heck, even the built-in XP ICF blocks this.

    In fact, the people who are probably the safest, and least likely to mess up a configuration to allow these messages through, are those who are on a NAT router in a standard "out of the box" configuration.

    This success of this Messenger stuff just goes to show how many people have no firewall or router based protection in place.
     
  17. mr emu

    mr emu Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    10
    hey Dan. Now that I have disabled the messenger, Will this affect the modem-on-hold announcement when calls come in.
     
  18. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi mr. emu

    No that is completely different. The only legitimate use for the messenger service is for sending and receiving impromptu notices across the network (for example, a domain admin might announce via messenger that one of the servers is due to go down at a certain time for maintenance).

    You should see no adverse impact from disabling the service.

    Regards,

    Dan
     
  19. mr emu

    mr emu Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    10
    Hi Dan, Mixed reviews. The pop-ups are gone Thank You. The modem-on-hold is down. Any sugestions?
     
  20. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    okay, the

    O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe

    entry we removed from the registry earlier may be needed for that function. If you could close out of all programs and then launch (but do not yet scan) HijackThis. Then

    Press on the "Config" button

    Goto "Backups" tab

    Highlight the above-mentioned entry

    Press "Restore"

    Once this is done please do a reboot and let us know how things are.

    Thx

    Dan
     
  21. mr emu

    mr emu Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    10
    Hey Dan,
    I went ahead and r/reloaded the v.92 software. My not so simple but effective means to remedy the situation.

    Thanks for all the help.
    Plz send link for donations!
     
  22. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi mr. emu,

    While I am very glad we were able to assist you in this matter we do not accept donations at this time. However, you might consider passing the word to some of your friends and colleagues regarding this forum.

    I hope to see you around here in the future (not that I am willing any bad karma on your machine, you understand :D )

    Warm Regards,

    Dan
     
  23. mr emu

    mr emu Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    10
    Thank you kindly! You can count on my referals!
     
  24. mr emu

    mr emu Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    10
    Hey Dan,
    I'm pop up free and damn proud of it. That was a lot of effort.

    In the FYI department. In my effort to resolve the issue, I had downloaded ad aware. There was a definite interruption in the streaming data. Just thought you might be interested.
     
  25. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    interesting, mr. emu, can you elaborate on that a little?

    Was it just having AdAware installed that caused the interruption, or scanning with it , or was it only while the AdWatch component was running?

    TIA,

    Dan
     
Loading...
Thread Status:
Not open for further replies.