PDA

View Full Version : neocron, spam and xp backdoor access



Atomik
23-11-02, 08:20
As some of you may know Ive been having problems with spam windows appearing while playing neocron. The ad (selling a method to make easy money) would appear causing neocron to minimize. After closing the ad window and enlarging neocron from the task bar it would always display "fatal runtime error" and shutdown. This has happened several times at least and only while playing neocron. How were annoying spam windows being sent to me while I was in game? The last incident occured minutes ago but this time the ad was a little different. In the text I noticed a line containing "webpopup has sent you this message..." so I searched for webpopup using yahoo. Webpopup is actually a program others can use to send you ads through an obscure open connection feature in xp. This connection is open by default and somehow uses windows messenger...even when messenger is shutdown. The search listed many sites but I only clicked on one as it had the info I needed. The site is (exactly as I saw it in the address bar): http://www.monroeworld.com/pchelp/xptweaks.php Once there scroll down to number 16. There you will find the quick, easy steps to stop and disable this connection which I have copied and typed below:

a. Right click on MY COMPUTER
b. Select MANAGE
c. Select SERVICES AND APPLICATIONS
d. Double click SERVICES
e. Find MESSENGER service (alphabetical order)
f. Right click MESSENGER and select PROPERTIES
g. Hit STOP
h. Select DISABLED from START TYPE menu
i. Hit OK

I was shocked to discover it had always been on. Maybe you will never find yourself in the situation I was in but at least you have the knowledge to turn this feature off if you want to. I, for one wouldn't want a backdoor open for others to take advantage of. There are other goodies on that page. I hope this info is useful.

Cass
23-11-02, 08:58
BUMP!!!

Thanks, I needed that.

I've been getting the same thing for a while now, although only once every couple days. I can't believe that's enabled by default. Amazing.

SigmaHex
23-11-02, 09:03
Thnx this problem has been bugging me for awhile, well not that much because I know how its simply done and its totaly harmless to your computer, but in some cases this show's that your computer NETBIOS port's are open (which is extremly easy for people to get into your comp) but no one keeps me from my NeoCrack!

Aegir
23-11-02, 09:35
Is this the netbios spam message that I've been hearing about as the new apocalypse of pop-ups?

jvilnis
23-11-02, 09:46
Yep. Nothing more annoying than working away and suddenly you have this window full of spam staring you in the face and disrupting your thought processes!

J.

Syncro
23-11-02, 10:26
And people wonder why .NET was such a problem for so many people. ;)

There used to be some info and links to more info on www.tweakxp.com pertaining to small security tweaks for Windows XP.

I seem to have misplaced all of my better security links... Crap. :eek: 8| :mad: :confused:

Codename: V
23-11-02, 10:52
You, sir, are a gentleman and a scholar. I've been wanting to get rid of those pop-ups for a while now.

L0b0
23-11-02, 11:00
Thanx pally...I will FOREVER be in your debt!

"For he's a jolly good fellow..."


LoBo

ultrad
23-11-02, 13:15
Good work on the info atomik *thumbs up*

Berzerker
23-11-02, 13:20
I Made a post about this weeks ago.

link (http://neocron.jafc.de/showthread.php?s=&threadid=28187&highlight=Annoying)

Baron Saturday
23-11-02, 13:25
Thanks alot i was wondering how i was getting them but couldnt figure out how to stop them i new it was messenger but i thought i had stopped it didnt realise you did it that way :D

MrLOL
23-11-02, 14:36
Originally posted by Atomik
This connection is open by default and somehow uses windows messenger...even when messenger is shutdown.

*snip*

I was shocked to discover it had always been on. Maybe you will never find yourself in the situation I was in but at least you have the knowledge to turn this feature off if you want to.

The service that you refer to is Windows Messenger Service. It is not however the same thing as the default windows messenger that ships with XP. With the little green guy in your system Tray.

Its effectively net send and enables you to be messaged by other pple on your network, and unfortunately some have found a way to send it over the net too.

If you are on a network you can exploit this feature on windows 98 machines using winpopup, which is exactly the same thing

spam "you suck" to your house mates across the network using win popup hehe

CoderJ
23-11-02, 15:43
Unfort, some of us actually use the messenger service on our local nets.

The better solution is to use your firewall (you have a firewall, right?) to block 139 (like you should).

If you don't have a firewall or port 139 blocked to the internet, you better have a good reason before I come beat you with the "please backdoor into my system and sodomize me" stick. :D

Really though, if you don't have a firewall, ZoneAlarm is good. No link on me atm (I'm at work).

chucklez
23-11-02, 19:37
damn...thanks for the info. i've been getting these damn things for months...i thought it was some more of kazaa's ad crap. oops. haha...u just made my online life much more pleasent.;)

--chucklez

Hippieman
23-11-02, 20:29
I havent had this problem yet but thank you for telling. Norton Anti Virus alone with its rescribe messages minimizes Neocron enough. Anyone know how to get rid of this message?

Atomik
23-11-02, 21:13
I logged in today to discover I've been made sticky...kewl. A little addition to my previous post: This will not eliminate all spam pop ups only those sent thru webpopup messenger which uses that backdoor most people don't know about. I'm afraid some people will think I'v tried to dupe them since they will continue to receive pop ups from net sites so I wanted to let everyone know only certain spam will be affected.

mrjam
23-11-02, 21:27
Try this cutie:

http://security.kolla.de/

It cleans all that cookies from porn sites you visit you viciuos Runners.

I also use Lavasoft's Ad-ware from:

Advertisemet bots removal utility (http://www.lavasoft.de/)

Very good both of them. easy to use. good luck :)

furobaniiku
23-11-02, 21:27
THanks for that info i am glad to know that some of the pop ups may not pop up. But is there a way to do the same thing to Internet Explorer i ouuld go in there, but i am not the type of person to go in and screw with my windows.

demon-surge
23-11-02, 21:40
Yeah I was going to mention Ad-ware. Anyone that doesnt have it should get it, unless spam and shit gets you off. Anyone with kazaa (this is so massively old news) should just delete it. There are better programs like direct connect (www.neo-modus.com) that dont have shit like http://www.cydoor.com/Cydoor/ that kazaa has. It basically shoots target ads at you, and stuff like b3d (an optional install that you have to unselect yourself, so if you just installed kazaa really fast, chances are you have it) which is basically the same thing but worse. Regardless, running ad-ware should get rid of most of it (while it cant do anything for cydoor).


Originally posted by mrjam
Try this cutie:

http://security.kolla.de/

It cleans all that cookies from porn sites you visit you viciuos Runners.

I also use Lavasoft's Ad-ware from:

Advertisemet bots removal utility (http://www.lavasoft.de/)

Very good both of them. easy to use. good luck :)

VerbalPEZ
23-11-02, 22:02
Does AdAware rid this one?

AdAware rocks for all you guys who want to get rid of stuff like this but I don't know if it handles this one yet...

Nostromo
24-11-02, 00:34
kazaa users ,,,,,,,,


uninstall kazaa

run ad-aware

find kazaa-lite (no spyware)

install and use





*repeat*
no spyware


or you could just get a good news account and leech everything you ever wanted off the newsgroups :)

Aegir
24-11-02, 07:33
I agree, I used a bunch of p2ps (still do), but finally got rid of Kazaa (tried patching it but that screwed it up). I downloaded Kazaa lite and it works great. Of course we're only talking about legal files here.

Hippieman
24-11-02, 07:36
Originally posted by Aegir
I agree, I used a bunch of p2ps (still do), but finally got rid of Kazaa (tried patching it but that screwed it up). I downloaded Kazaa lite and it works great. Of course we're only talking about legal files here.

I'm sure.;)

Dim
24-11-02, 21:48
Originally posted by Aegir
Of course we're only talking about legal files here.

:D LOL :D

Yeah we're talking about legal files :rolleyes:
(Just being a smartass :), but actually, we're not talking about files, just filesharing programs):p

demon-surge
24-11-02, 22:15
Kazaa is only good when you are looking for really well known files usually. I seriously cant stress just how good direct connect is when you are looking for movies or programs. Man this morning I ran across a guy with like 20 gigs of comics. Like spiderman 1-300, punisher 1-300, thor 1-500, batman 1-300, etc with every page scanned and made a jpg (roughly about 20kb each). The time that would take is fucking insanity. So weird how big of a geek some people really are. Plus its not files renamed to trick other people for some weird reason. That always pissed me off with kazaa.

enablerbr
25-11-02, 00:46
Atomik thnx for the tip. thats been bugging me for ages. i've been trying to find how to turn that b***** thing off.:D

Edit: Aegir oh you mean like our IRC talking.:angel:

MisterMojo
25-11-02, 03:51
popup ads outta be illegal. Cuz half of them are adware where these sites put little programs on your site to track your computer and send you messages and shit. If you get the program adware you can get rid of most of them

Know what's really annoying? I used to get a popup that came on during games that was a little something like

"Hate internet popups!?

Well buy program xxx and you will never be bothered by annoying web ppups again!!!"

That pissed me off so bad.

Braingasim
25-11-02, 05:25
What is really funny is when you run Ad-Aware is screws up Kazaa. Just a hint about it.... I suggest WinMX, but there are a few goodies out there that also dont have spyware.

Aegir
25-11-02, 15:40
enablerbr, I know, I'm in irc under my other alias a lot :D.

Freezer
25-11-02, 15:42
Does anyone know of a good link or know enough about the underlying p2p protocols to explain them to me? Gnutella, Napster, etc. (I also read something about ISIS or IRIS in wired... no clue what that is though). I just wanted to know which networks connect to each other and what programs point to what networks.

eeprom
25-11-02, 19:04
You also need to block TCP port 135 to keep out those winpopup things.

What I do, though, is have my router send logs to my machine and I check the time it was recieved and the port recieved from (it's almost always 135)

Then I simply get the contact info for the owner of the IP address (i.e. the ISP) and contact the abuse email address. If I remember correctly, many ISPs have a no-spam rule built into their ToS.

As for Ad-Aware, it doesn't screw up KaZaA if you know what to put on the ignorelist for the program. I just use KaZaA lite, anyway. Same great taste, none of the filler :D

I seriously recommend eDonkey2000, though. I have never found a more cool protocol in my life.

Hikari
26-11-02, 00:03
Originally posted by Braingasim
What is really funny is when you run Ad-Aware is screws up Kazaa. Just a hint about it.... I suggest WinMX, but there are a few goodies out there that also dont have spyware.

The edonkey network is great for those large files you're looking for. You know... neocron ISOs and such *nods*. But don't use edonkey, use emule - http://emule-project.net - Its a better client than edonkey has.

SigmaDraconis
26-11-02, 00:21
I used to use winpopup to spam everyone on the school computers till they added a DOS script to startup that searches and deletes winpopup :\ guess they didnt like my bit of fun

kbmg
26-11-02, 00:40
Originally posted by Hippieman
I havent had this problem yet but thank you for telling. Norton Anti Virus alone with its rescribe messages minimizes Neocron enough. Anyone know how to get rid of this message?

last time i got a popup from norton like that i had just upgraded my system and it couuldn't read subscription data i went to www.SARC.com typed in my error message in thier serch function and it told me how to remove it.

if your expired you should rescribe and or upgrade norton it is the most useful program out there

Ithaqua
26-11-02, 06:32
here's a fun little thing...

1. Navigate to C:\windows\inf\
2. Open sysoc.inf
3. find msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7 in the file and take out the word hide so the line would look like msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,,7
4. Close the file and save it
5. Now go to the Add and remove programs applet in the control panel and you will be able to uninstall windows messenger.
6. Make sure to click on the add remove windows components button.

bye bye windows messenger!

now isn't that a nice trick?:angel:

Hikari
26-11-02, 06:45
Even better:

Start -> Run:

RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove


Tah Dah~

ShootinStar
26-11-02, 08:35
The Messenger service that you so lovingly disabled is a critical part of Windows NT domains. Luckily, most of you aren't part of an NT domain (Active Directory) The Messenger service is mainly used for administrative alerts; when a computer goes down or has a fault it sends an alert to all the administrators on the network. It is also used to transmit small bits of login information, although it is not necessary for that function. It's most definitely not a 'backdoor' of any sort, and if you were within a properly set up network, NetBIOS (Port 139) would most likely be blocked on the router(s) connecting your network to the WAN (Most likely Internet) Hope this clears things up a bit.

EDIT - I forgot to say that the Messenger service has *nothing at all* to do with Windows Messenger. It has been and will be present in every version of Windows NT, from NT 1.0 to 5.1;2600 (XP) Also, Winpopup uses the same service, however it will not work on any DOS based machine (Win1.0-WinME) without the Winpopup executable loaded in memory, and even then it won't pop anything up, but will just make the winpopup window blink.

{MD}GeistDamnit
26-11-02, 08:47
Originally posted by Berzerker
I Made a post about this weeks ago.

link (http://neocron.jafc.de/showthread.php?s=&threadid=28187&highlight=Annoying)

:D Thanks to everyone on this thread and yours man!

This crap has been bothering me for 2 months now :(
I thought I would never figure it out :mad:

Freezer
29-11-02, 05:01
Found some links on IRIS if anyone's interested:
http://iris.lcs.mit.edu/ - MIT's homepage on the project, plenty of other links from there.

MRS.CMBW
29-11-02, 15:15
You can download ZoneAlarm (which works for WIN98 as well as XP) at www.zonelabs.com
It is freeware and works absolutely great once it is set up. You should use your pc for a couple of hours, until it is all set up. This way you will not get any pop up windows during play.

§anJ
02-12-02, 13:38
ah thx, I thought it was a neocron popup at first.

Nice work dude

Kiers
02-12-02, 21:42
Don’t want to sound like an Arse on my first post :lol: but why cant the Neocron Minimise bug be fixed?? :confused: ok there would still be annoying pop-ups, but some times u just want to leave the game in the background like (for me) when my parents walk in the room and see me not doing homework but playing Neocron a quick ALT+TAB would work a treat.

Strange why its ONLY Neocron that has this problem o_O


ok hope I didn’t come across as an arse :D

Albinonewt
02-12-02, 22:29
Good job! That has been annoying the hell out of me. Each time i was kicking myself because i thought i had remembered to turn off the messenger. Now i know i hadn't forgotten!

]v[ortice
03-12-02, 00:33
Thank you very much kind sir!

/me buys you a pint!

I would like you all to know that this sort of rubbish is not confined to XP and has bugged me on my Win2k system!

I'm gonna try and find zone alarm now :)

Reevalot
03-12-02, 05:03
Just closed mine thanks Atom.

Talsworthy
03-12-02, 21:16
Before everyone gets excited :) I have had my MSN popups disabled for some time. I have a good selection of fatal errors in an evening. Usually when syncing to another zone or after a while of playing or for whatever random reason it feels the need to error.

Just wanted to make sure the developers don't think the fatal error issue is resolved because it sure isn't here :)

I am however using XP (512MB RAM)

Miles

comlink
07-12-02, 13:05
Originally posted by ShootinStar
The Messenger service that you so lovingly disabled is a critical part of Windows NT domains. Luckily, most of you aren't part of an NT domain (Active Directory) The Messenger service is mainly used for administrative alerts; when a computer goes down or has a fault it sends an alert to all the administrators on the network. It is also used to transmit small bits of login information, although it is not necessary for that function. It's most definitely not a 'backdoor' of any sort, and if you were within a properly set up network, NetBIOS (Port 139) would most likely be blocked on the router(s) connecting your network to the WAN (Most likely Internet) Hope this clears things up a bit.

EDIT - I forgot to say that the Messenger service has *nothing at all* to do with Windows Messenger. It has been and will be present in every version of Windows NT, from NT 1.0 to 5.1;2600 (XP) Also, Winpopup uses the same service, however it will not work on any DOS based machine (Win1.0-WinME) without the Winpopup executable loaded in memory, and even then it won't pop anything up, but will just make the winpopup window blink.

I thought I posted something along these lines a page back?

Edit: Whoops, just thought I did. Good post!

c0tt0n*m0uth
09-12-02, 16:54
very nicely done man, i kept getting that also along with my friend if he doesnt read the thread i will have him read it today. it sure stopped that crap.....i still wonder if we will get the "fatal runtime error" still. o well 1 down a few more bugs to go...

Atomik
09-12-02, 23:27
No...this will not stop the fatal runtime error bug....I get that occasionally but I haven't seen a pop-up while playing neocron since that backdoor was disabled. I'm glad to have helped so many with that problem.

Chapel
09-01-03, 00:41
The free version of Zonealarm contains adware, and running Ad-Aware causes a registry error that will lockup your comp during bootup.

Purgus
09-01-03, 22:04
Just curious..

Have the XP pro and Win2k Pro users checked their Event Log to see if an error description lists?

I was monitoring my Fatal Runtimes and foudn that This happens when the master server is trying to keep you connected.

It feels like a time out.

Also I get these errors in times of heavy lag. Got booted like 12 times in 2 hours.. but I kept loggin back in..

Had to get my drones back.

Thor58
01-04-03, 22:28
If anyone has been having problems in general with pop ups (not in neocron) i suggest Ad-aware it is v. effective at getting rid of annoying pop-ups/cookies.

roadkill
10-05-03, 02:52
dude I needed this thanks

REMUS
12-06-03, 11:46
yeah awesome man thanks for this i would never of found it :D

Lord Cypher
27-07-03, 19:44
rofl

You all make me laught..Why would anyone have that crap enabled anyway

Mighty Max
27-07-03, 19:57
erm, to short message in a network ?

Not all networks are those little thingies. Some goes over more then one building. And the net send service is still one of the fastest while it is independend from servers.

Very nice if you have to administrate such a net ....

notneo
24-09-03, 16:21
thanks m8 this has been a real annoying problem ,speacialy when fighting a grim chaser lol

deeg
30-01-04, 16:13
I’m sure someone has mentioned this, but a good point is worth stressing.

The Messenger service should be disabled always. Even on (and possibly especially on) any network, including NT and 2000. There is no need for this service. The service has been highlighted as a potential security hole by many sources. Try searching the Symantec website for info on this. The Messenger service can potentially allow someone to run code on your computer by taking advantage of one of the many buffer overruns in Windows (although this may have been patched by now). God bless Macrosoft…

At the very least, disabling the Messenger service will free up a little memory and resources on your machine.

I’m no security expert and am just passing on information that I have read.

(btw, if someone can give me a practical use where the Messenger service has to be used and no other utility will do the job, then I’d love to hear it. This is not a taunt; I genuinely would like to know.)

Mighty Max
30-01-04, 16:29
To inform 2000+ ppl of an upcoming server maintenance in an company. Those ppl run several OS. Windows, MacOS, BeOS, PC-DOS, MS-DOS, OS/2, Solaris etc ...

Try to find a tool that supports all. Net send does.

(Tho the used port is blocked by all routers that reaches out of the company-network)

deeg
30-01-04, 20:36
Thanks for pointing that out, I didn't even considder multi-O/S networks. Cheers.

da_pimp
24-02-04, 19:45
lol i could have told you that becaue its spyware using the open port that is used for net send messenger service which is useless but still on by default for some reason

lol you'd thing that they would just turn it off because anyone one that uses net send would know enough to enable that service