For the past couple of days I keep getting a message via Windows Messenger service wanting me to update to a newer version. Here is the link (http://www.microsoft.com/windows/messenger/). Why am I getting the every time a boot-up. I've disabled Windows Messenger Service yet I am still getting this damn pop-up. Any ideas???



Thanks,
Jason

See of there's an item referring to MSN messenger service in the Startup menu. If so, then uncheck it.

I've got nothing like that in my startup. I've also checked with msconfig too.

Sounds like it might be time for adaware/spybot and hijackthis.

I agree, MS doesn't send out those type of notices, this is a scam and suggests that you are probably already infected with something....

Thnaks guys for the info. I agree also that this stinks of a scam. I ran Hijackthis and here it is:

Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
F:\WINDOWS\System32\CTHELPER.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Documents and Settings\Jason Griffith\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reuters.com/home.jhtml
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27505f57228be9168002/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37943.9174537037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cab


Now I have no idea what any of this means. :o

Thnaks,
Jason

Jason1971 did you run adaware or spybot S&D before running HJT ? They are capable of removing automatically the netster adware with which you are infected with.

I ran Adware before running HJT...

Ok, please close all browsers and explorer windows, place a check beside the one listed in bold, and click *Fix checked*.

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27505f57228be9...ip/RdxIE601.cab <--Netster spyware

The following entry shows that you are running messenger , so I believe you will still be getting the popups.

F:\Program Files\Messenger\msmsgs.exe

If you don't use messenger, you can disable it by following the steps here (http://www.updatexp.com/disable-messenger-msn.html)

To disable messenger spam only link. (http://www.updatexp.com/disable-messenger-spam.html)

You didn't include the part that says what version of HJT you are using... Did you download the lastest copy?? It should be 1.97.7 and if it isn't, it may have missed some things. Also, you are running it from an Temp folder, you need to extract it to a permanent folder if you want to have the ability to restore changes if needed.

shanmuga,

I believe this F:\Program Files\Messenger\msmsgs.exe is MSN Messenger rather than Messenger Service, so it wouldn't produce those obnoxious popups...

You do have one item running from boot that can cause popups in its own right and that can be of the Update now variety.....

O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime

Go into QuickTime and disable the checks for updates, and any 'quick load" features.....

Thnaks guys. I followed the advise of just about everybody and now the problem, much like Clavin & Hobbs :D , is now gone.



Jason