Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Messenger Service Virus?

Status
Not open for further replies.
zoeythecat

zoeythecat

Technical User
May 2, 2002
1,666
US
Hi All,

Weird messages came up on several workstations in my environment on Friday October 18 around 10PM. The following 2 messages would appear:

(1) "Messenger Service" - Message from Programmerpoof to * on 10/18/2002 10:39PM. "Programmer/Hackerpoof loves you! Eat shit now!

(When you click ok to the above message you get the next message)

(2) Message from programmerpoof. "Can you guess who did this?"

* Anyone who was logged in on Friday 10/18 got this message. When the users shutdown/restart their computers on Saturday the message did not reappear.

* I contacted Network Associates and I researched Symantecs website. No one knows anything about it. Is this something I should be worried about? If anyone knows about this could you give me any insight on how to clean the workstations that are infected.

Thanks in advance

 
Sort by date Sort by votes
Hi zoeythecat;

"Is this something I should be worried about?"

Anytime you receive a message with wording such as that,it is a cause for concern. The "Bad Guy" is not just out there on the internet, he could be sitting at the desk next to yours.
Was this an email message?, popup window? , network broadcast?

Ed


Please let me know if the suggestion(s) I provide are helpful to you.
Sometimes you're the windshield... Sometimes you're the bug.
smallbug.gif
 
Upvote 0 Downvote
Hi Eguy,

Thanks for your response. This was a popup message. You could not get rid of it. You would click ok, then the 2nd message would popup. It was not an "Email Message". When users logged in this morning they seen this popup message. And it would stay there. The only recourse was to reboot but it has not reappeared. I don't think it was a broadcast message. So something to do with the date Friday 10/18/2002. How can I determine if this is a virus or not? I don't know if someone inside our school (I work for a private school) created a script and did something funny on the network or what not. Our servers are protected.

Thanks,
Zoe
 
Upvote 0 Downvote
Hey the message you got is NOT a virus. It is someone on a computer near you or on the same network sending it. At my school we ran Win2k and we used to send messages that way as pranks. It is really easy. However trying to figure out who it is, is a lot trickier...not impossible though.

Here is what the person does.

Start > Settings > Control Panel > Administrative Tools > Computer Management > Action > All Tasks > Send Console Message.

Then they type their message in the message box and away it goes.

A way to find out who it is, it to go to Network places...ehh..i think..somewhere you can see who is connected to the network. Most likely you will see 'proggramerproof' in there. Take note of who else is in there then single out the person who is not logged in as their own logon.

By the way..the person has to change their computer name to 'programmerproof' in order for the name to show up. Otherwise their regular logon name would appear. Changing the cpu name however requires a reboot.

I hope this helps.
 
Upvote 0 Downvote
Sounds like you got hit with Messenger Service!

If the above solution doesn't fix you, do the following:

Start > Settings > Control Panel > Adminstrative Tools > Services

Scroll down the list to "Messenger" and double-click it. Under "Startup Type" select disabled. This turns off the Messenger Service on the computer.

The message was being sent to you via the NetSend command. For example:

Netsend xxx.xxx.xxx.xxx (your IP address) Hello there

This would display "Hello There" on your computer screen.
 
Upvote 0 Downvote
Eguy, snip6969, accessdabbler,

Thanks so much for your replies. You have been more help to me than Network Associates and the knowledgebases I was researching to find something out about this message. I did not think it was a virus but everyone else in my environment thought it was so that is why I was researching this as a virus because I have never seen this before. Now I know it was someone inside our network playing a prank. Guess it will be a good policy to disable the messenger service campus wide. I did not realize how easy this can be done.

Thanks again, you are all lifesavers!!!!

Zoey
 
Upvote 0 Downvote
This was NOT necessarily someone inside your network that sent the message!

Go to this website to read more about this security hole in Messenger Service:


I had the same message appear on my screen as the website shows and I'm sure that ZoneAlarm (free version) was running at the time.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dik
  • Locked
  • Question
Virus
Replies
15
Views
976
dik
dik
pjw001
  • Locked
  • Question
Latest Windows Update - End of Service
Replies
2
Views
3K
pjw001
pjw001
javierdlm001
  • Locked
  • Question
The User Profile Service service failed the sign-in...
Replies
2
Views
247
Beilstwh
Beilstwh
_Larry_
  • Locked
  • Question
Cant Start Remote Desktop Services (error 126)
Replies
4
Views
637
_Larry_
_Larry_
AndrewArgus
  • Locked
  • Question
WMI Service won't Start 2
Replies
5
Views
987
cdogg
cdogg

Part and Inventory Search

Sponsor

Back
Top