General discussion

Locked

Registry error Pop-ups on Windows2000 using dial-up modem connection

By rgrBen ·
Immediately after installing windows 2000 professional OS and installing USRobotics 5660a modem to connect to my ISP (installed this from their provided CD) I started getting this error reminder that my registry is corrupted and need patch to fix. I reinstalled windows2000 and still get it using same dial-up modem and ISP.

Here is the surprise, my son has a wireless cable ISP, when we use it, There is no error whatsoever popping up at all reminding registry problems. I have installed/ran zone alarm(free),ad-aware, spybot-SD, and updated to the latest windows 2000 profesional windows update. Still getting these pop-ups error messages. Here are most of them showing up after every ok response:(i've seen 7 after 15 min break)
reg-patch.com ...this asked for $19.95 to fix errors
after visiting that website.
winregfix32.com, fixyourreg.com, fixregistryerrors.com,
fixregnow.com, regmaster.com.
And this one, so far is not on registry->swipespy.com
saying privacy is in danger, browser
infected with spyware, adware, and
thiefware.

I have ran also online scan from trendmicro/housecall virus scan and has not detected virus or even TROJANS. What will I do to remove these unwanted pop-ups.
I only get this when connected to dial up modem. My son is moving out soon, and we found, it doesnt get it when using his cable ISP road runner internet connections. Also seems like problem associated/connected to the Connection Manager program cmmn32.exe used when using dial up modem.

I would appreciate if anyone knows anything how to fix this problem or ideas what to do to eliminate it. I'm using 500mhz celeron processor. My AVG antivirus program doesnt detect anything on it.

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

I've seen these. They're hoaxes.

by stress junkie In reply to Registry error Pop-ups on ...

These are a malicious broadcast using the Microsoft Messenger service. I've been reading these for many months by sniffing the network. Every couple of months the URL changes. If you look up the URL it is usually a couple of months old. I suspect that the domains that are being registered for this use corporations' names without their knowledge. In other words I think that it would be as if I registered a domain and said that it was for IBM or some other company that doesn't even know me.

I just captured this one. It only took about four seconds of sniffing the network to see this. Here is the data:

Message [truncated]: STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.\n\nWindows has found 38 CRITICAL SYSTEM ERRORS!\n\nTo fix the errors please do the following:\n1. Download Repair Registry Pro from: http: //www.pcregistryfix.com\n2. Install

Apparently the message was divided between two packets. This is just the first packet. If I had waited for the next packet then we would see the entire message. Notice that I've put a space in the URL so that it won't appear to be a valid link in this post.

So now we know that you made a huge mistake believing this message. What do you do? The only thing that you can do is to format your system disk and reinstall from scratch.

Next time be suspicious of messages saying that you have to install some patch from some unknown URL. At least do a whois search of the domain to see if it belongs to Microsoft. Even then it may be a hoax.

When you reinstall your OS you should turn off the Microsoft Messenger Service before you connect to the Internet.

Or be really smart and switch to Linux. :-)

Collapse -

How Can these Be?

by rgrBen In reply to I've seen these. They're ...

These are just hoaxes, wow, U did get one of the same messages and websites I originally indicated popping up every so often and U said took U only 4 seconds sniffing the network? That's great, glad to know that it's not really a valid registry problem. How did U find out about them, did U use google to sniff them that quick? Maybe i can learn this technique. :)

Quote-"The only thing that you can do is format your system disk and reinstall from scratch"Unquote

What I didn't mention on my first post,so as to simplify my presentation,let me add now here.
I have another machine (AMD, k6,233 mhz, 2 gb HDD)that I freshly partitiond 100% capacity, then NTFS formatted it before installing windows 2000.This 2nd machine I'm reporting will be my working desktop (500 mhz celeron processor, 6.4 GB hdd(just got it from ebay for $15.50 w/S&H),Did partitioned same, then formatted it with Fat32,and when installing win2000 it formatted it again 2nd time. Going straight to the point since u suggested starting from scratch->formatting and installing. I did these actually 1 time on old machine and 2times on 2nd machine after getting those pop-up errors. I just confirmed again on old machine that it get same errors & it does as frequent as the other one. All these time the common thing between the 2 are the same US robotics modem 5660A, and same dial-up ISP. It gets it as soon as I connected to the internet. NOT with using Cable internet connection nor when its not connected & idling. The 2nd machine I loaded lots of program direct from their websites already, using my son's cable ISP via LAN cable hookup: mirc, msn mssngr, yahoo messenger, all microsoft updates, hello, spybot,ad-aware,avg without getting any of that pop-up errors until i then hook it up in my room and use dial-up modem & my own ISP.

So I came to my final Q: Good it's a hoax so it gets into my machine via the Microsoft Messenger Service vulnerabilities. Is there a work around this, and how do U turn it off? Can I just turn it off after boot before connecting using my ISP program shortcut icon instead of reformatting once again the 4th time? (and wipe out all the programs i already have on it, ouchhhh)

U'r an angel if U have another trick under U'r
sleeves so to speak..hehe (jk). that will save me precious time,,, whoever! THANKS, i will call U StressSaver instead!! :)

Collapse -

Thanks for the nice words.

by stress junkie In reply to How Can these Be?

If you didn't follow the instructions then you are ok. I think that this depends on the social engineering vulnerability to which all software is vulnerable. In other words they are powerless if you ignore this message. I've analyzed the packets. They only have a message, no virus is actually in the message. So if you DIDN'T install their virus/patch then you are safe. Just ignore the messages.

I may have mistakenly understood that you had followed the instruction. If you just see the message and ignore it you are safe.

I discovered these by sniffing the network while I'm on line. You can use any network sniffer. I use Ethereal which has a version that runs on Windows if you are interested. Ethereal is free software. You can find it at www.ethereal.com

You can disable Microsoft Messenger service by opening the Control Panel, opening Services, then find the Messenger service and set it to disabled. Then just manually stop the service that is currently running or reboot the machine. Note that my W2K disk is not in a machine right now so I may have missed a step in finding the Services control panel but it's easy to find.

Stress Saver eh? Thanks. You made me smile. :-)

Collapse -

MS Messenger Service disabled, what's the hitch?

by rgrBen In reply to Thanks for the nice words ...

(Quote)"If you didn't follow the instructions then you are ok. I think that this depends on the social engineering vulnerability to which all software is vulnerable. In other words they are powerless if you ignore this message. I've analyzed the packets. They only have a message, no virus is actually in the message. So if you DIDN'T install their virus/patch then you are safe. Just ignore the messages.
I may have mistakenly understood that you had followed the instruction. If you just see the message and ignore it you are safe."(Unquote)

U said before that these messages are hoax which means they are not really a treat to the registry, just the irritations of popping-up everytime. Fine, but then U said above, if "U didnt install their virus/patch then U are safe" I'm not too sure how I installed that patch and also this statement" if i had follow the instruction.?? U mean the first time I got the message if I have left it alone and ignored it, it would not have planted that virus/patch that will then start the pop-ups one after the others? Like x-outing or OK'ng it would be the trigger to plant their repeated popping-ups? Am I right on this?,,Hmmm I did noticed tonite that when I left the message, there was no succeeding pop-ups until I, X or Ok'd it out, Neat! I did hear a sound when the next pop-up message comes up..but seems like its at the back of the first one, & can't come out till the one before it was let go.

Congrats, StressSaver man :), I think I found that Messenger but not without effort-> control panel/admin Tools/Services/Messenger/properties/Startup: either auto, manual, disable. Yeahh...
Here is the results. In auto I got pop-ups more than when in manual, but on disable,,NO MORE POP-UPS before or after reboot. It says Messenger transmit net send and alerter service messages between clients and servers.

So what's the hitch, does this means I wont get any valid alert messages, like what are those?Haha, so glad I thought this is a fix but then again it killed something else I would assume, so this brings me back to U'r first suggestion.
Format and reinstall win2000 from scratch.
Seriously, my friend, what will I watch if I decided to do that once again so I dont get those irritating pop-ups, since leaving one message do gets on top of any active windows. It can't be minimized even by clicking on desktop icon @ the lower tray & dont know where to hide it.It's beyond IGNORE!

I guess I have to turn off messenger service after installation is complete, before connecting to the internet using my dial up modem. What happened when I turn it back auto or manual.. say i get it again, ignore it.. will it die there and then nevermore, the 2nd time around? I can only hope so!

Collapse -

Secure your computer via GRC

by schell In reply to MS Messenger Service disa ...

Go to GRC.com to read up on this and other vulnerabilities in W2K and XP. Owner Steve Gibson has free utilities for closing 3 holes in these OS's. "ShootTheMessenger" disables that service; this is where your "alerts" are coming in. Then ddisable DCOM with Gibson's "Dcombobulator", and finaly disable Universal Plug'nPlay with "unpnp".
Spread the word.

Collapse -

THANKS Schell and all the Others here!

by rgrBen In reply to Secure your computer via ...

I went to that website U indicated, yes additional informations not only for working around the problem I reported here, but also the Spinrite program for HDD problems.
Didnt even know Spinrite is created by Steve Gibson, but I used that HDD utility program before, kinda expensive but i guess when the harddisk and it's content need to be saved, anyone
will spend up to several hundred $$ to recover it.It's $89 as against several hundreds $!

THANKS AGAIN , Schell et,al

Collapse -

starting from scratch

by ip_fresh In reply to Registry error Pop-ups on ...

Going straight to the point since u suggested starting from scratch->formatting and installing. I did these actually 1 time on old machine and 2times on 2nd machine after getting those pop-up errors. I just confirmed again on old machine that it get same errors & it does as frequent as the other one. All these time the common thing between the 2 are the same US robotics modem 5660A, and same dial-up ISP. It gets it as soon as I connected to the internet.

Davis,
http://www.blueairnews.com/

Collapse -

These depend

by Dr Dij In reply to Registry error Pop-ups on ...

not only on msgr svc enabled but you're PC directly on net.

So if you put a cable router between the two, the packets will hit the cable router and be ignored as they don't address your pc but the cable router. They're about $25, can use for DSL or cable broadband.

Not sure if you can use them with dialup.

Collapse -

modem problem

by htmlman In reply to Registry error Pop-ups on ...

It sounds like problems with the instalation soft ware. The cd could be corupted.
Have you tried going to the manifacturer's site and down loaded the application from them?
As for the spy ware I would google for AdAware SE. It is free for home use and works well.

Collapse -

Correct Lead to this Problem!

by rgrBen In reply to modem problem

Here is the correct lead to this problem that I gathered, suggested by StressJunkie(first on it), another guy from TEk-Tips.com (where I posted this same problem)and now by eric.h. But the guy from Tek-Tips.com has this reference from MS itself recognizing this problem with MS Messenger Service.

http://support.microsoft.com/default.aspx?scid=kb;en-us;330904
http://www.microsoft.com/windows2000/techinfo/administration/communications/msgrspam.asp

So after I panicked at the start of this post, on our Thread here and at Tek-tips.com it bear fruit for those who are not knowledgeable(as me) or have not come across this problem and now I feel better U guys have helped a lot and the others who will happen to read our postings here who will be helped by this 'revelation' so to speak.

After I disabled MS messenger service for a while and then went to manual that pop-ups no longer appear for a long while now..no sweat, I'm really glad.

Only proves: "Knowledge is power... Two minds are better than one ! :)"

Thanks guys

Back to Security Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums