What is "regproscan"?

Discussion in 'Computer Security' started by Gualtier Malde, Feb 7, 2007.

  1. I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com and
    download regproscan.exe. This last time the window is persistent and I can't stop it even with Task
    Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.

    Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting for an
    answer.

    Thank you.
    Gualtier Malde, Feb 7, 2007
    #1
    1. Advertising

  2. Gualtier Malde

    Admins Guest

    On Wed, 07 Feb 2007 13:02:03 -0800, Gualtier Malde wrote:

    > I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com and
    > download regproscan.exe. This last time the window is persistent and I can't stop it even with Task
    > Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
    >
    > Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting for an
    > answer.
    >
    > Thank you.


    It sounds like spyware, try emptying out your browsers cache after your
    scans. If you don't need cookies for any particular reason consider
    setting your browser to accept them for current session only,

    Regards,
    --
    Admin


    * www.privacyoffshore.net (No Logs Internet Surfing)
    * Anonymous Secure Offshore SSH-2 Surfing Tunnels
    Admins, Feb 7, 2007
    #2
    1. Advertising

  3. David H. Lipman, Feb 7, 2007
    #3
  4. From: "Gualtier Malde" <>

    | I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com
    | and download regproscan.exe. This last time the window is persistent and I can't stop it
    | even with Task Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
    |
    | Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting
    | for an answer.
    |
    | Thank you.

    It is a plain and simple con job in a NetBIOS Pop-Up form !

    To disable the Windows Messenger Service, you can open a Command Prompt and type the
    following commands...

    sc stop Messenger
    sc config Messenger start= disabled

    A Router such as the Linksys BEFSR41 will also block this at the WAN/LAN interface and such
    messages won't be seen on a LAN PC.

    It also means two things...

    You do NOT have WinXP SP2 installed
    Your PC has NetBNIOS over IP exposed to the Internet.

    If you had installed WinXP SP2 it would have done two things. Disabled the NT Messenger
    Service and enabled the WinXP FireWall.


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Feb 7, 2007
    #4
  5. David H. Lipman wrote:
    > From: "Gualtier Malde" <>
    >
    > | I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com
    > | and download regproscan.exe. This last time the window is persistent and I can't stop it
    > | even with Task Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
    > |
    > | Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting
    > | for an answer.
    > |
    > | Thank you.
    >
    > It is a plain and simple con job in a NetBIOS Pop-Up form !
    >
    > To disable the Windows Messenger Service, you can open a Command Prompt and type the
    > following commands...
    >
    > sc stop Messenger
    > sc config Messenger start= disabled
    >
    > A Router such as the Linksys BEFSR41 will also block this at the WAN/LAN interface and such
    > messages won't be seen on a LAN PC.
    >
    > It also means two things...
    >
    > You do NOT have WinXP SP2 installed
    > Your PC has NetBNIOS over IP exposed to the Internet.
    >
    > If you had installed WinXP SP2 it would have done two things. Disabled the NT Messenger
    > Service and enabled the WinXP FireWall.
    >

    For that and other reasons, after leaving this message I restored a clone backup. Messenger doesn't
    seem to be active, but perhaps it is lying in wait.

    I am a bit bummed by that news. I am not running XP but W2000 (I have one very important
    dos-dependent database manager). OTOH I checked my Zone Alarm Pro and found that my firewall wasn't
    set to max. It now is. How protective can I expect that to be?

    If you can give me some help in the W2000 environment, I will appreciate it. I'll also post
    pertinent text from your reply on the W2000 NG.

    Thank you
    Gualtier Malde, Feb 7, 2007
    #5
  6. From: "Gualtier Malde" <>


    | For that and other reasons, after leaving this message I restored a clone backup.
    | Messenger doesn't seem to be active, but perhaps it is lying in wait.
    |
    | I am a bit bummed by that news. I am not running XP but W2000 (I have one very important
    | dos-dependent database manager). OTOH I checked my Zone Alarm Pro and found that my
    | firewall wasn't set to max. It now is. How protective can I expect that to be?
    |
    | If you can give me some help in the W2000 environment, I will appreciate it. I'll also
    | post pertinent text from your reply on the W2000 NG.
    |
    | Thank you

    Sorry, you failed t mention the OS and the number of WinXP platforms out-numbers Win2K so I
    assumed WinXP.

    No matter what Service Pack is installed, the NT Messenger Service is still enabled by
    default.

    However it still means you were not using a FireWall properly or using a NAT Router. In
    either case, NetBIOS over IP was totally exposed to the Internet, as proven by the NetBIOS,
    Messenger Service, Pop-Ups.

    The SC.EXE command doe not come stock with Win2K. It is available in the NT Resource Kit or
    by download. ftp://ftp.microsoft.com/reskit/win2000/sc.zip

    Extract SC.EXE to the folder; %windir%\system32

    Execute:

    sc stop Messenger
    sc config Messenger start= disabled

    You don't have to use SC.EXE.
    You can do it manually by executing; SERVICES.MSC

    Find the MESSENGER service then stop it and then disable it.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Feb 8, 2007
    #6
  7. Gualtier Malde wrote:

    > For that and other reasons, after leaving this message I restored a clone backup. Messenger doesn't
    > seem to be active, but perhaps it is lying in wait.


    Nonsense. Or are you twisting the Windows Messenger Service with the
    totally different software product "Windows Messenger"?

    > I am a bit bummed by that news. I am not running XP but W2000 (I have one very important
    > dos-dependent database manager).


    Windows 2000 includes the Windows Messenger Service as well. So, why don't
    you simply try to follow the mentioned steps?

    > OTOH I checked my Zone Alarm Pro and found that my firewall wasn't
    > set to max. It now is. How protective can I expect that to be?


    Eh... not at all? Why do you expect a crappy child toy to provide any kind
    of security protection?
    Sebastian Gottschalk, Feb 8, 2007
    #7
  8. Gualtier Malde

    Admins Guest

    On Wed, 07 Feb 2007 21:18:42 GMT, David H. Lipman wrote:

    > From: "Gualtier Malde" <>
    >
    >| I am getting windows from "Messenger Service" telling me to go to www.registrycleaner.com
    >| and download regproscan.exe. This last time the window is persistent and I can't stop it
    >| even with Task Manager. I've posted a screenshot of the windows on ftp://ftp.eskimo.com/u/c/chuckb/download/.
    >|
    >| Can anyone help me with this. I'm going to do an ad-aware and spybot scan while waiting
    >| for an answer.
    >|
    >| Thank you.
    >
    > It is a plain and simple con job in a NetBIOS Pop-Up form !
    >
    > To disable the Windows Messenger Service, you can open a Command Prompt and type the
    > following commands...
    >
    > sc stop Messenger
    > sc config Messenger start= disabled
    >
    > A Router such as the Linksys BEFSR41 will also block this at the WAN/LAN interface and such
    > messages won't be seen on a LAN PC.
    >
    > It also means two things...
    >
    > You do NOT have WinXP SP2 installed
    > Your PC has NetBNIOS over IP exposed to the Internet.
    >
    > If you had installed WinXP SP2 it would have done two things. Disabled the NT Messenger
    > Service and enabled the WinXP FireWall.


    Maybe but not for certain,
    --
    Admin


    * www.privacyoffshore.net (No Logs Internet Surfing)
    * Anonymous Secure Offshore SSH-2 Surfing Tunnels
    Admins, Feb 11, 2007
    #8
  9. From: "Admins" <>


    |
    | Maybe but not for certain,

    No, not maybe, definitely for certain.

    I have seen and replied to posts like this numerous times.

    These are NetBIOS Pop-Ups spam scams. Nothing less, nothing more.
    To assume that this is by software residing on the PC is a faux assumption.

    The mere fact that he stated "Messenger Service" is the proof. The fact is this is a very
    common ploy. The most important concept here is that if one receives a NetBIOS Pop-Up then
    their PC's MS Networking is exposed to the Internet and the PC user has a higher probaility
    of Internet worms buffer overflow exploitations and hack attempts.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Feb 11, 2007
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page