Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pop Up Ads.

Status
Not open for further replies.
dfgu

dfgu

IS-IT--Management
Oct 25, 2001
125
US
Hi All,
I'm not sure why, but recently, a lot of pop up ads have been showing up on my server out of nowhere. I do not know how to stop this. Apparently, its a pop up not from the web, but just like a normal window, and I just click on "ok" to get rid of them. It is also only appearing on my Windows 2000 servers, not on my NT servers. Any suggestions on how to get rid of this?

Thanks.

 
Sort by date Sort by votes
These programs usually install themselves when you install other shareware/freeware programs. For example Kazaa or BearShare. There are a few things you can do. First off, you can download Lavasoft ad-aware, this will find most ad/spyware running your your PC. Also, you hinted that the add wasn't an Internet Explorer window, in that case, when the window pops up, bring up the task manager and look to see what the process name is. (go to the application tab, right click on the app for the popup, and click "Go To Process"). This will give you a big clue into what it is. You can then search for this executable on your HD, Registry, and Startup folder. Also, it may have an uninstall, so also check Add/Remove programs for anything unusual.
 
Upvote 0 Downvote
Messenger Service Popups, I never even thought of that. I couldn't imagine letting a windows server sit on the inetnet without any kind of firewall, or without disabling a bunch of services. There is just no reason for everyone to have that kind of access to a server.

By default I block the first 1024 tcp/udp ports, and only open ones I need.
 
Upvote 0 Downvote
Incidentally, these Messenger Service popups can also come up on domain clients connected to a 2k server connected to the internet, theyre not only limited to the server.
 
Upvote 0 Downvote
"These programs usually install themselves when you install other shareware/freeware programs. For example Kazaa or BearShare."

I haven't installed any of those programs and it still shows up. Using Norton firewall and there isn't anything that I can find in the options to stop it unless I block specific ports.
 
Upvote 0 Downvote
battmain, what shows up?

The popup window. I'm going to try the solution listed by serecyn. Not sure why I didn't think of that. [hammer] I've gotten three popups already this morning.
 
Upvote 0 Downvote
If your are getting popup messages that means netbios and/or RCP are not blocked to the internet. Am I the only one that see's this as a security problem? If you are getting these messages, don't just stop the messenger service, get a firewall to protect your server or start filtering ports. Just my opinion though...
 
Upvote 0 Downvote
Is there a way to track the source IP of anyone that sends these over the internet once it hits the local server? -Ovatvvon :-Q
 
Upvote 0 Downvote
A firewall would probably be able to log the source IP.

Ash.
 
Upvote 0 Downvote
This taken from your previous posting

You could do a netstat right after you see the message and try to find it that way. Depending on how they are sending the message you would see connections on UDP ports 137, 138, or TCP ports 135, 139, 445

Only other way I can think of is with some kind of firewall. I use RedHat linux with iptables myself. With that, I can log access to certain ports. You could probably use something as simple as ZoneAlarm to find the source IP address. Either way, you should have some kind of firewall.
 
Upvote 0 Downvote
I tried installing the trial version of zone alarm. However it blocked my web sites from being available on the internet. Even while making all settings to the lowest available setting (including opening ALL ports) or shutting them off...or closing the program altogether, it still blocked the web sites from being accessable on the internet.

Is there something I did wrong? (I find it hard to believe since I exited the program and it still did it) Or is it not intended for web servers? -Ovatvvon :-Q
 
Upvote 0 Downvote
I'm not sure about how to configure ZoneAlarm. I myself have never used it. But I believe you have to tell zonealarm wich executables will be allowed to use the internet. If I get a chance I'll install it and play around.

Later,
Dan
 
Upvote 0 Downvote
Seems the fix posted by serecyn worked for me...I had tried to block the ports using Norton Firewall, but it didn't help. It's been a while since a popup has shown up.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Scparks
  • Locked
  • Question
Trouble with setting up a SMTP Relay to Office 365
Replies
0
Views
352
Scparks
Scparks
lacked
  • Locked
  • Question
problem with windows update on windows server 2016
Replies
1
Views
408
maybeimaleo
maybeimaleo
maybeimaleo
  • Locked
  • Question
Is There a Best Windows OS to Upgrade a CA Server to?
Replies
5
Views
568
maybeimaleo
maybeimaleo
MoJHK
  • Locked
  • Question
ESXI server upload problem
Replies
3
Views
363
hairlessupportmonkey
hairlessupportmonkey
kjv1611
  • Locked
  • Question
New Client Picks Up Old Client IP Address, Both now Share?
Replies
4
Views
359
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top