Messenger service

[deepak_vsoni]

when i boot my system after a few minutes a dialog box appears
Messenger Service
A spyware has been detected on your system
Visit www.win-fix.com to scan your computer
what is this and how do i eliminate this spyware

[vysakh]

Spybot SnD
Ad Aware

[swatkat]

do u have Win-Fix installed in ur System? this win-fix is rogue anti spyware , u uninstall it....

also scan ur computer with SpyBot SnD and AdAware...
http://security.kolla.de/
http://www.lavasoftusa.com/software/adaware/

and post an HijackThis log file.....

learn how to use HijackThis here...
http://www.thinkdigit.com/forum/viewtopic.php?t=15729

[deepak_vsoni]

thanks for the sugesstion but the messenger service dialog box shows up everytime i connect to internet and also another problem is there LSA Shell problem the system shutdowns in 1 minute automatically i checked for the sasser virus but my system is not infected by it so whats the problem this happens whenever i shutdown zonealarm firewall when it was on it blocked intrustions from some hyd.vsnl.net whats the reason for this?

[tuXian]

Hey the other day I was discussing about the messenger service is my IP address post.

Its actually a spam and no spware may actually exist. Adware, spybot cant do anything for this.

The solution lies in the disabling of this service.

For more read this thread completely cuz I think the messenger related stuff is on second page.

http://www.thinkdigit.com/forum/viewtopic.php?t=15687

[deepak_vsoni]

Logfile of HijackThis v1.99.1
Scan saved at 8:15:11 AM, on 3/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\MULTIM~1\MMKBD.exe
D:\PROGRA~1\NORTON~1\navapw32.exe
D:\Program Files\Google\Gmail Notifier\gnotify.exe
D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
D:\Program Files\Tata Indicom Wireless Internet Service\TataIndicomDialer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\LeechGet 2004\LeechGet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthisfolder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Multimedir KBD] D:\PROGRA~1\MULTIM~1\MMKBD.exe
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TataIndicomStartUp] C:\Program Files\Tata Indicom Wireless Internet Service\TataIndicomStartUp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download using LeechGet - file://D:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://D:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://D:\Program Files\LeechGet 2004\\Parser.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: PhoenixNet - {bbc42520-8fca-11d9-90cc-a54362263672} - http://www.seqdl.com/servlets/Redir?BID=65457&CID=9875 (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1110333562910
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB996048-AA30-4459-BB85-5430FED63403}: NameServer = 203.197.12.30 202.54.6.50
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

[rajkumar_personal]

Spybot S&D is the ultime solution for UR prob !!!

[tuXian]

how can spybot remove messenger service related messages is big question to me? I dont think so it will help.

[crorepathi]

download Shoot the messenger...
No spyware...it is spam
http://grc.com/stm/ShootTheMessenger.htm

[theraven]

log file seems clean
ur HJT is out of date tho