'accidentally' was looking at IP packets, & found curious thing..
that looks like advertising.. i dld-ed program & will test it.

look in attachment packet dump..

Actually, from what I recall, that's pretty common. It's a msg to the messenger service on windows which will pop up a message box with the appropriate information. Spammers etc use it to peddle their warez, and can also be used to annoy people etc.

ep, RepearRegistryPro found 157 errors, register for fix them...

This is a form of fraud, I've encountered it before - there is an adware program out there that hi-jacks your computer and won't let you boot to a normal screen, it issues a bogus system failure that directs you to download a particular spyware program for (a small amount - but it adds up) money, that will "fix" your system - a friend in the down-under ran into it.

The sad part is it's probably easier to pay for the prog. rather than try and manually remove the offending malware.

SiGiNT

http://www.spywareguide.com/txt_messengerspam.html

Chances are, what you saw is that type of thing (which I tried to explain above.)

Howdy,

This piece of shit stunt has been going on for a while.
All they do is change the port trying to get access.

Yes it is kind of bad. There is worse.
This is just another reason to make sure you close all un-neccesary ports.

Of course, mom always said never click on any pop-ups you did not ask for .
Uncle Woodmann

STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.....Windows has found 47 CRITICAL SYSTEM ERRORS!....To fix the errors please do the following:..1. Download Registry Repair from: hxxp://www.ms-fix.com..2. Install Registry Repair..3.Run Registry Repair..4. Reboot your computer..FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!...

-Web address edited to avoid a direct link-

This is not the same as hawking diplomas - the download is probably free but gawd knows what the hell it puts on your system - at the very least a recurring nag to pay for the utility.

SiGiNT

Howdy,

The link comes from China.
If you look at all the bullshit associated with this it is all based in China.
But, it could also all be spoofed. Believe it or not, this shit still happens.

There is no reason why something legit needs to pop up and request port 1026.

Hey, wait just a minute. I was wrong. Please click on any pop-up that happens to show up on your screen. I am sure they are all legit .

Luv you all, OBC

Yes, I've seen that and similar messages while packetlogging, but I guess they can be ignored if port 1026 isn't open and doesn't have a service running on it. Unless they're coming in huge amounts and flooding the network, they're more or less harmless.

sorry, i'm turbo lamer, so not use messengers, icq, mirk etc..
because not guess, for what are packets..

Howdy,

It is not related to the instant messenger, It is related to a service called messanger that is not related to windows.
You can set this service to disable. In the run box type services.msc and have at it.
It will tell you how you are about to disable this and that blah blah blah.

Basically, if you dont click on the pop-up you will be safe.

Woodmann

It is indeed related to Windows (it is an operating system service), but not to instant messengers.

It's intended to be used for broadcasting administrative alerts on NT/2k/2k3 domains. If you want to see it in action, bring up a command line and try:

net send <your computer name or username> <Text message to display>

I use it here at work to broadcast a message to my account any time that my cluster fails a resource group over to another node, so that I know something has gone wrong. Belkin's UPS monitoring software will also use the messenger service to broadcast messages like "Power failure! UPS is operating in battery mode", or something like that.

We used to have lots of fun with this high school. We would do something like:

net send * A critical error has occured in module "system32". Windows cannot continue. Please save any open files and reboot your computer.

Then we would sit back and watch all the people in the computer lab that fell for it. Ahhh, good times.

Hehe, 0wning the computer lab (and entire school network for that sake) in high school, those were the days...

Yes. By college, of course, I was far too mature for these sorts of low-brow pranks

Still, the siren-song of using "net send" in a computer lab for evil instead of good was too great to be entirely resisted. There was this one brand-new two story open computer lab which housed about 300 computers counting both floors. They were reasonably well secured, inasmuch as users couldn't install software, etc. Me, another guy, and this girl who looked just like Sigourney Weaver had just gotten out of a programming class we were all taking. We stopped by the computer lab for some reason I can't remember. But while we were there, we ran into the guy's roommate and his roommate's girlfriend. His roommate was annoyed that he couldn't install ICQ on the lab computers and he wanted to chat with his girlfriend. Why he didn't just go sit next to her I'll never understand.

Anyway, we helpfully demonstrate for him how to send a message to her with the "net" command. The computers were all cryptically named with a fairly lengthy alpha-numeric string. But each computer had its name written on one corner of the case in black magic marker, so it wasn't hard to figure out who was who. He starts sending a few messages and thinks we're pretty clever for finding a way to cheat the system. But, he's obviously not much of a typist, and typing the cryptic computer name over and over again is giving him some trouble. He's about to send a slightly crude message to his girlfriend when we helpfully suggest that if he's sending a message to the same computer twice in a row, he can save some time by just replacing the computer name with *

It was both mean and immature, I admit. But the cascading chorus of 300 machines around and above you all making the default "ding" sound at once was well worth it