What is "regproscan"?

I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com and
download regproscan.exe. This last time the window is persistent and I can't stop it even with Task
Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.

Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting for an
answer.

Thank you.

Gualtier Malde

On Wed, 07 Feb 2007 13:02:03 -0800, Gualtier Malde wrote:

> I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com and
> download regproscan.exe. This last time the window is persistent and I can't stop it even with Task
> Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
>
> Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting for an
> answer.
>
> Thank you.

It sounds like spyware, try emptying out your browsers cache after your
scans. If you don't need cookies for any particular reason consider
setting your browser to accept them for current session only,

Regards,
--
Admin


* www.privacyoffshore.net (No Logs Internet Surfing)
* Anonymous Secure Offshore SSH-2 Surfing Tunnels

Admins

From: "Admins" <>


|
| It sounds like spyware, try emptying out your browsers cache after your
| scans. If you don't need cookies for any particular reason consider
| setting your browser to accept them for current session only,
|
| Regards,

Nope !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman

From: "Gualtier Malde" <>

| I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com
| and download regproscan.exe. This last time the window is persistent and I can't stop it
| even with Task Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
|
| Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting
| for an answer.
|
| Thank you.

It is a plain and simple con job in a NetBIOS Pop-Up form !

To disable the Windows Messenger Service, you can open a Command Prompt and type the
following commands...

sc stop Messenger
sc config Messenger start= disabled

A Router such as the Linksys BEFSR41 will also block this at the WAN/LAN interface and such
messages won't be seen on a LAN PC.

It also means two things...

You do NOT have WinXP SP2 installed
Your PC has NetBNIOS over IP exposed to the Internet.

If you had installed WinXP SP2 it would have done two things. Disabled the NT Messenger
Service and enabled the WinXP FireWall.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman

David H. Lipman wrote:
> From: "Gualtier Malde" <>
>
> | I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com
> | and download regproscan.exe. This last time the window is persistent and I can't stop it
> | even with Task Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
> |
> | Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting
> | for an answer.
> |
> | Thank you.
>
> It is a plain and simple con job in a NetBIOS Pop-Up form !
>
> To disable the Windows Messenger Service, you can open a Command Prompt and type the
> following commands...
>
> sc stop Messenger
> sc config Messenger start= disabled
>
> A Router such as the Linksys BEFSR41 will also block this at the WAN/LAN interface and such
> messages won't be seen on a LAN PC.
>
> It also means two things...
>
> You do NOT have WinXP SP2 installed
> Your PC has NetBNIOS over IP exposed to the Internet.
>
> If you had installed WinXP SP2 it would have done two things. Disabled the NT Messenger
> Service and enabled the WinXP FireWall.
>
For that and other reasons, after leaving this message I restored a clone backup. Messenger doesn't
seem to be active, but perhaps it is lying in wait.

I am a bit bummed by that news. I am not running XP but W2000 (I have one very important
dos-dependent database manager). OTOH I checked my Zone Alarm Pro and found that my firewall wasn't
set to max. It now is. How protective can I expect that to be?

If you can give me some help in the W2000 environment, I will appreciate it. I'll also post
pertinent text from your reply on the W2000 NG.

Thank you

Gualtier Malde

From: "Gualtier Malde" <>


| For that and other reasons, after leaving this message I restored a clone backup.
| Messenger doesn't seem to be active, but perhaps it is lying in wait.
|
| I am a bit bummed by that news. I am not running XP but W2000 (I have one very important
| dos-dependent database manager). OTOH I checked my Zone Alarm Pro and found that my
| firewall wasn't set to max. It now is. How protective can I expect that to be?
|
| If you can give me some help in the W2000 environment, I will appreciate it. I'll also
| post pertinent text from your reply on the W2000 NG.
|
| Thank you

Sorry, you failed t mention the OS and the number of WinXP platforms out-numbers Win2K so I
assumed WinXP.

No matter what Service Pack is installed, the NT Messenger Service is still enabled by
default.

However it still means you were not using a FireWall properly or using a NAT Router. In
either case, NetBIOS over IP was totally exposed to the Internet, as proven by the NetBIOS,
Messenger Service, Pop-Ups.

The SC.EXE command doe not come stock with Win2K. It is available in the NT Resource Kit or
by download. ftp://ftp.microsoft.com/reskit/win2000/sc.zip

Extract SC.EXE to the folder; %windir%\system32

Execute:

sc stop Messenger
sc config Messenger start= disabled

You don't have to use SC.EXE.
You can do it manually by executing; SERVICES.MSC

Find the MESSENGER service then stop it and then disable it.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman

Gualtier Malde wrote:

> For that and other reasons, after leaving this message I restored a clone backup. Messenger doesn't
> seem to be active, but perhaps it is lying in wait.

Nonsense. Or are you twisting the Windows Messenger Service with the
totally different software product "Windows Messenger"?

> I am a bit bummed by that news. I am not running XP but W2000 (I have one very important
> dos-dependent database manager).

Windows 2000 includes the Windows Messenger Service as well. So, why don't
you simply try to follow the mentioned steps?

> OTOH I checked my Zone Alarm Pro and found that my firewall wasn't
> set to max. It now is. How protective can I expect that to be?

Eh... not at all? Why do you expect a crappy child toy to provide any kind
of security protection?

Sebastian Gottschalk

On Wed, 07 Feb 2007 21:18:42 GMT, David H. Lipman wrote:

> From: "Gualtier Malde" <>
>
>| I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com
>| and download regproscan.exe. This last time the window is persistent and I can't stop it
>| even with Task Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
>|
>| Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting
>| for an answer.
>|
>| Thank you.
>
> It is a plain and simple con job in a NetBIOS Pop-Up form !
>
> To disable the Windows Messenger Service, you can open a Command Prompt and type the
> following commands...
>
> sc stop Messenger
> sc config Messenger start= disabled
>
> A Router such as the Linksys BEFSR41 will also block this at the WAN/LAN interface and such
> messages won't be seen on a LAN PC.
>
> It also means two things...
>
> You do NOT have WinXP SP2 installed
> Your PC has NetBNIOS over IP exposed to the Internet.
>
> If you had installed WinXP SP2 it would have done two things. Disabled the NT Messenger
> Service and enabled the WinXP FireWall.

Maybe but not for certain,
--
Admin


* www.privacyoffshore.net (No Logs Internet Surfing)
* Anonymous Secure Offshore SSH-2 Surfing Tunnels

Admins

From: "Admins" <>


|
| Maybe but not for certain,

No, not maybe, definitely for certain.

I have seen and replied to posts like this numerous times.

These are NetBIOS Pop-Ups spam scams. Nothing less, nothing more.
To assume that this is by software residing on the PC is a faux assumption.

The mere fact that he stated "Messenger Service" is the proof. The fact is this is a very
common ploy. The most important concept here is that if one receives a NetBIOS Pop-Up then
their PC's MS Networking is exposed to the Internet and the PC user has a higher probaility
of Internet worms buffer overflow exploitations and hack attempts.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman