Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > What is "regproscan"?

Reply
Thread Tools

What is "regproscan"?

 
 
Gualtier Malde
Guest
Posts: n/a
 
      02-07-2007
I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com and
download regproscan.exe. This last time the window is persistent and I can't stop it even with Task
Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.

Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting for an
answer.

Thank you.
 
Reply With Quote
 
 
 
 
Admins
Guest
Posts: n/a
 
      02-07-2007
On Wed, 07 Feb 2007 13:02:03 -0800, Gualtier Malde wrote:

> I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com and
> download regproscan.exe. This last time the window is persistent and I can't stop it even with Task
> Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
>
> Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting for an
> answer.
>
> Thank you.


It sounds like spyware, try emptying out your browsers cache after your
scans. If you don't need cookies for any particular reason consider
setting your browser to accept them for current session only,

Regards,
--
Admin


* www.privacyoffshore.net (No Logs Internet Surfing)
* Anonymous Secure Offshore SSH-2 Surfing Tunnels
 
Reply With Quote
 
 
 
 
David H. Lipman
Guest
Posts: n/a
 
      02-07-2007
From: "Admins" <(E-Mail Removed)>


|
| It sounds like spyware, try emptying out your browsers cache after your
| scans. If you don't need cookies for any particular reason consider
| setting your browser to accept them for current session only,
|
| Regards,

Nope !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      02-07-2007
From: "Gualtier Malde" <(E-Mail Removed)>

| I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com
| and download regproscan.exe. This last time the window is persistent and I can't stop it
| even with Task Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
|
| Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting
| for an answer.
|
| Thank you.

It is a plain and simple con job in a NetBIOS Pop-Up form !

To disable the Windows Messenger Service, you can open a Command Prompt and type the
following commands...

sc stop Messenger
sc config Messenger start= disabled

A Router such as the Linksys BEFSR41 will also block this at the WAN/LAN interface and such
messages won't be seen on a LAN PC.

It also means two things...

You do NOT have WinXP SP2 installed
Your PC has NetBNIOS over IP exposed to the Internet.

If you had installed WinXP SP2 it would have done two things. Disabled the NT Messenger
Service and enabled the WinXP FireWall.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
Gualtier Malde
Guest
Posts: n/a
 
      02-07-2007
David H. Lipman wrote:
> From: "Gualtier Malde" <(E-Mail Removed)>
>
> | I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com
> | and download regproscan.exe. This last time the window is persistent and I can't stop it
> | even with Task Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
> |
> | Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting
> | for an answer.
> |
> | Thank you.
>
> It is a plain and simple con job in a NetBIOS Pop-Up form !
>
> To disable the Windows Messenger Service, you can open a Command Prompt and type the
> following commands...
>
> sc stop Messenger
> sc config Messenger start= disabled
>
> A Router such as the Linksys BEFSR41 will also block this at the WAN/LAN interface and such
> messages won't be seen on a LAN PC.
>
> It also means two things...
>
> You do NOT have WinXP SP2 installed
> Your PC has NetBNIOS over IP exposed to the Internet.
>
> If you had installed WinXP SP2 it would have done two things. Disabled the NT Messenger
> Service and enabled the WinXP FireWall.
>

For that and other reasons, after leaving this message I restored a clone backup. Messenger doesn't
seem to be active, but perhaps it is lying in wait.

I am a bit bummed by that news. I am not running XP but W2000 (I have one very important
dos-dependent database manager). OTOH I checked my Zone Alarm Pro and found that my firewall wasn't
set to max. It now is. How protective can I expect that to be?

If you can give me some help in the W2000 environment, I will appreciate it. I'll also post
pertinent text from your reply on the W2000 NG.

Thank you

 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      02-08-2007
From: "Gualtier Malde" <(E-Mail Removed)>


| For that and other reasons, after leaving this message I restored a clone backup.
| Messenger doesn't seem to be active, but perhaps it is lying in wait.
|
| I am a bit bummed by that news. I am not running XP but W2000 (I have one very important
| dos-dependent database manager). OTOH I checked my Zone Alarm Pro and found that my
| firewall wasn't set to max. It now is. How protective can I expect that to be?
|
| If you can give me some help in the W2000 environment, I will appreciate it. I'll also
| post pertinent text from your reply on the W2000 NG.
|
| Thank you

Sorry, you failed t mention the OS and the number of WinXP platforms out-numbers Win2K so I
assumed WinXP.

No matter what Service Pack is installed, the NT Messenger Service is still enabled by
default.

However it still means you were not using a FireWall properly or using a NAT Router. In
either case, NetBIOS over IP was totally exposed to the Internet, as proven by the NetBIOS,
Messenger Service, Pop-Ups.

The SC.EXE command doe not come stock with Win2K. It is available in the NT Resource Kit or
by download. ftp://ftp.microsoft.com/reskit/win2000/sc.zip

Extract SC.EXE to the folder; %windir%\system32

Execute:

sc stop Messenger
sc config Messenger start= disabled

You don't have to use SC.EXE.
You can do it manually by executing; SERVICES.MSC

Find the MESSENGER service then stop it and then disable it.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
Sebastian Gottschalk
Guest
Posts: n/a
 
      02-08-2007
Gualtier Malde wrote:

> For that and other reasons, after leaving this message I restored a clone backup. Messenger doesn't
> seem to be active, but perhaps it is lying in wait.


Nonsense. Or are you twisting the Windows Messenger Service with the
totally different software product "Windows Messenger"?

> I am a bit bummed by that news. I am not running XP but W2000 (I have one very important
> dos-dependent database manager).


Windows 2000 includes the Windows Messenger Service as well. So, why don't
you simply try to follow the mentioned steps?

> OTOH I checked my Zone Alarm Pro and found that my firewall wasn't
> set to max. It now is. How protective can I expect that to be?


Eh... not at all? Why do you expect a crappy child toy to provide any kind
of security protection?
 
Reply With Quote
 
Admins
Guest
Posts: n/a
 
      02-11-2007
On Wed, 07 Feb 2007 21:18:42 GMT, David H. Lipman wrote:

> From: "Gualtier Malde" <(E-Mail Removed)>
>
>| I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com
>| and download regproscan.exe. This last time the window is persistent and I can't stop it
>| even with Task Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
>|
>| Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting
>| for an answer.
>|
>| Thank you.
>
> It is a plain and simple con job in a NetBIOS Pop-Up form !
>
> To disable the Windows Messenger Service, you can open a Command Prompt and type the
> following commands...
>
> sc stop Messenger
> sc config Messenger start= disabled
>
> A Router such as the Linksys BEFSR41 will also block this at the WAN/LAN interface and such
> messages won't be seen on a LAN PC.
>
> It also means two things...
>
> You do NOT have WinXP SP2 installed
> Your PC has NetBNIOS over IP exposed to the Internet.
>
> If you had installed WinXP SP2 it would have done two things. Disabled the NT Messenger
> Service and enabled the WinXP FireWall.


Maybe but not for certain,
--
Admin


* www.privacyoffshore.net (No Logs Internet Surfing)
* Anonymous Secure Offshore SSH-2 Surfing Tunnels
 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      02-11-2007
From: "Admins" <(E-Mail Removed)>


|
| Maybe but not for certain,

No, not maybe, definitely for certain.

I have seen and replied to posts like this numerous times.

These are NetBIOS Pop-Ups spam scams. Nothing less, nothing more.
To assume that this is by software residing on the PC is a faux assumption.

The mere fact that he stated "Messenger Service" is the proof. The fact is this is a very
common ploy. The most important concept here is that if one receives a NetBIOS Pop-Up then
their PC's MS Networking is exposed to the Internet and the PC user has a higher probaility
of Internet worms buffer overflow exploitations and hack attempts.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Advertisments