PORONO Pop ups - why are they popping up all of a sudden??

PORONO Pop ups - why are they popping up all of a sudden??

Post by siljalin » Mon, 13 Oct 2003 02:59:42



siljaline MS MVP IE/OE

(Please reply to group, as reply address is invalid, so that we can all benefit)

"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous six *** -year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

PORONO Pop ups - why are they popping up all of a sudden??

Post by Kems » Mon, 13 Oct 2003 08:29:42

IE was working just fine until a few nights ago... not sure
why these pop ups keep coming on... HOW CAN I STOP THESE??


PORONO Pop ups - why are they popping up all of a sudden??

Post by Joe72 » Mon, 13 Oct 2003 08:41:14

Your PC is probably loaded with spyware that is also hogging resources.
There is an excellent article about spyware in PC Magazine:

http://www.yqcomputer.com/ ,4149,978170,00.asp

Their Editor's Choice is Spybot for spyware removal. It's free.



PORONO Pop ups - why are they popping up all of a sudden??

Post by Jim Byr » Mon, 13 Oct 2003 08:49:42

i Kemss - There are currently two classes of things going on that are
causing people popup difficulties. If you get popups even when your browser
is not connected to the Internet with a title bar reading "Messenger
Service", then these are most likely due to open NetBios TCP ports 135, 139
and 445 and UDP ports 135, 137-138 and a UDP port in the range of
1026-1029.. You really need to block these with a firewall as a general
protection measure. You can stop the popups by turning off Messenger
Service; however, this still leaves you vulnerable. If you have an NT-based
OS such as XP or Win2k, you should probably also specifically block TCP
593, 4444 and UDP 69, 139, 445, and install the very important 823980 patch
from MS03-026, here: http://support.microsoft.com/?kbid=823980 to block
the Blaster worm..

See: Messenger Service Window That Contains an Internet Advertisement
Appears http://support.microsoft.com/?id=330904 which identifies reasons to
keep this service and steps to take if you do.

You can test your system and follow the 'Prevention' link to get additional
information here:
http://www.mynetwatchman.com/winpopuptester.asp Unless you have very good
reasons to keep this active, it should be turned off in Win2k and XP. Go
here and do what it says:
http://www.itc.virginia.edu/desktop/docs/messagepopup/ or, even better, get
MessageSubtract, free, here, which will give you flexible control of the
service and viewing of these messages:
http://www.intermute.com/messagesubtract/help.html Recommended.

(FWIW, ZoneAlarm's default Internet Zone firewall configuration blocks the
necessary ports to prevent this use of Messenger Service. I don't know the
situation with regard to other firewalls.)

Messenger Service is not per se Spyware or something that MS did wrong - It
provides a messaging capability which is useful for local intranets and is
also sometimes (albeit nowdays infrequently) used by some applications to
provide popup messaages to users. However, it can also be (and now
frequently is) used to introduce spam via this open NetBios channel.
For a single user home computer, it normally isn't needed and can be turned
off which will eliminate the spam popups. This DOESN'T, however, remove the
vulnerability of having these ports open, when in fact they aren't needed,
since they can be perverted in other ways as well, some of which can be much
more damaging than just a spam popup.

If you're getting a lot of popups while surfing, then the following may be

Popups - The best way to start is to get Ad-Aware 6.0, Build 181 or later,
here: http://www.lavasoftusa.com/support/download/. Update and run this
regularly to get rid of most "spyware/hijackware" on your machine.

Another excellent program for this purpose is SpyBot Search and Destroy
available here: http://security.kolla.de/ SpyBot Support Forum here:
http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi I recommend
using both normally. After fixing things with SpyBot S&D, be sure to re-boot
and rerun SpyBot again and repeat this cycle until you get a clean "no red"

Then, there are a variety of third party "Popup Killers" available. I
normally use AdShield, which, if you maintain its Block List every now and
then, almost totally stops this. In addition, it stops a variety of
ads/banners/etc. (particularly spyware like doubleclick) on pages I access.
This is probably all you'll need; howev