Constant "Messenger Service" warning popup windows

Our computer was recently attacked by a nasty virus, and after seeking professional help with change of system from MS Win ME to MS Win XP Professional v 2002, the computer still runs slow and constantly receives numerous popup "Messenger Service" warning windows with various messages.

The messages usually gave warning about our system, such as "windows has encountered an internal error" or that "the registry was being corrupted by virus infection". It then suggested that we visit certain websites, such as e-regclean.com, updatepatch.info, ms-repair.com, fixmyreg.com, etc to fix the problem.

Should we visit those recommended websites to fix the problem as suggested? Or are they computer viral messages that may lead us to more problems?

Please help. Our system is: MS Win XP Professional v 2002, Intel Pentium III processor 551 MHZ, 64.0 MB of RAM, free space 11.9 GB, total size 14.3 GB.

ThanKs!

 

Hi Chaslang, thanks for your reply.

After I posted my question, I made a search and found a previous post with similar problem with "Windows Messenger". I followed the directions to disable the "Windows Messenger" and the popups were gone. The next day I was able to use the computer without the popups, but the computer was still running slow. Then, the following day when my roommate attempted to turn on the computer it didn't start normally.

There was a black screen with paragraph of words, and two directions, i.e. to press F1 for set-up, and F2 for default something and continue. We didn't know what to do, so we decided to press F2.

Then the computer ran thru the check and came up with a screen that stated it couldn't find the printer. We then select certain choices given, and identified the printer from 2 choices given, and the computer came back to normal, but slow as usual.

No, I don't use "Windows Messenger".

Given that 64 Mb RAM is not acceptable, and given that I have anti-virus program such as Ad-Aware SE, Spy Sweeper, and MeAfee, would that slow down my computer even more if I download all the required tools?

Also, I've seen the results of HijackThis posted on the web-site, my roommate was concerned about sensitive and important files being posted out in the internet.


When I get home from the library, I'll follow your instructions and check back on this site for your reply to my questions.

Thanks again.

 

Hi Chaslang, I appreciate your quick response. I read thru the "READ ME FIRST BEFORE ASKING FOR SUPPORT.." and have some questions:

On "Getting Prepared" section, #1 it stated "Disable System... if you are infected. Our computer was once infected. After seeking professional help to have the problem fixed I am not sure whether the computer is still infected or not. So do I still follow instruction #1?

On the same section, #2 it stated "Network Security, Workstation Netlogon Services & Remote Procedure Call (RPC Helper.." Whate are they? Are they part of the XP system software? Also, the statement, "Only do this if you have the about:blan or home search hijack"> What are "about:blank" and "home search hijack". Are they virus programs? If they are how do I tell?

Sorry for being slow on this... but thanks so much for your help.

 

Hi Chaslang,
I did Step 1to 3 and am trying to download tools in step 4. I tried to create a folder on C:\ drive but do not know how to start. How to nagivate to C:\ folder.

Also, I tried to download one of the tools, it asked whether I want to open, or save, which should I choose. It also have a save to: desktop as default.

Another question, our computer already has Lavasoft Ad-Aware SE Personal, do I still download the Ad-Aware SE?

Thanks

 

Hi Chaslang,

I had followed and completed the relevant part of "READ ME FIRST BEFORE ASKING FOR SUPPORT...". There were no "Network Security Service", "Workstation Netlogon Servie", or "RPC Helper" found. So far I have been without any trouble.

Step 1 to 4 were completed. Not all steps were completed without problem.

When in safe mode I was not able to connect to the internect to perforem scan at Bitdefender and RavAntivirus. I had to run them in normal mode.

Step 4: CCleaner was installed and then manually deleted because when I ran RavAntivirus it identified CCleaner as infected. So I didn't use CCleaner. After that Ad-Aware, VX2 Cleaner, Stinger,Spybot S & D, Kill2Me, HSR reported no virus threat. CWshredder reported no "Coolwebsearch" not found in system.

When trying to run about:Blaster I was not able to open and install it. I clicked on the "reflist.dll" icon but didn't know which program to open it with. So, I didn't use about:Blaster.

Ad-aware SE was already in my system (desktop) and I upgraded it with VX2 Cleaner Plug-in. Spbot, SpywareBalster, and MeAfee Aver Stinger was downloaded to desktop prior to receiveing your post on how to create a new folder.

Finally, I also uninstall my Spysweeper and McAcfee because they took too much disk space. I replaced them with Antivir.

So far, everything seems to run smoothly. If there is anything that I need to go back and re-do, please let me know. I was new to all these and it was nerve wrecking trying to figure out every steps that didn't came up according to indtruction.

Thanks a lot for your help.

 

My initial problem was about constant popups "Messenger Service" windows that warned of infected or currupted system. At that time there were no problem with other malware problem after it was fixed by a professional (where he switched my OS from WinME to Win XP Pro. Although the computer was running slow, I guess that could be attributed to the small RAM size (64 MB).

Now the "Messenger Service" popup problem is gone after I had disabled it. And when I followed the instruction "READ ME FIRST BEFORE ASKING FOR SUPPORT..." as suggested, the only infected program reported was "ccsetup123" something like that. I then quickly deleted the program.

Now that you told me that CCleaner is not infected and to reinstall and run it, I did just that. But when I tried to run and update it, my computer began to run slower and I kept getting a message from Task Manager window that said the program was not responding and whether to report problem to MS. Again, I quickly unistall the program and did a disk cleanup and defragmentation.

The result was that 10 files were reported not able to be defragmented. It was listed as 1 KB \Documents and Settings\Neal\ntuser.dat.LOG.

I tried to do Win updates but were unsuccessful.

I also found some files that I'm not sure what were they for listed as:
ModemLog_LucentWinModem
KB828741
KB834707-IE65P1-20040929.091901
KB835732
KB842773
Q329115

I saved them in a floppy disk and deleted the files from my computer.

Other than that my computer appears to run ok for now.

 

Hi Chaslang,
Last night the ccsetup.exe file was still hidden in my system despite having been unistalled. When I did the disk cleanup and defrag, the % free space was 81%. Before I reinstalled CCleaner it was at 82%.

So I spent the whole night thru the morning trying to figure out what happened to the other 1% storage space. I deleted some files, and it still was at 81%. So I went back and re-do the steps in "READ ME FIRST BEFORE ASKING FOR SUPPORT...".

Result: Ad-Aware found I critical object and 9 non-criticals. I did the quarantine and removal, and the % free space increased to 83 %. And now the computer runs fine.

 

Hi Chaslang,
My previous post was partially completed when my keyboard just stopped working. I checked the device and the driver in the system and it said the device was working properly. But yet when I tried to type nothing came up, not even in wordpad. So, I did a sys restore to get it work.

Anyway, on your prior post, regarding the validity of license of the installed Win XP by the professional who fixed our computer, I really don't know. I don't know much about the technicality of computer except to point and click and type. I'm now just beginning to learn all these thru your siteand the "Howsatuffworks" in the internet.If it is not legit, can we switch back to our original WinME version? Or could we use an entirely diffent OS such as Unix?

Regarding the disk space before deleting ccsetup.exe I did clean up all the internet files including the offline filesand deleted all cooking in the internet option. I also did a manual one by one cookie file delete (about 15 to 20 of them) in the system folder which I found in C:. Even after that the Ad-ware identified the 1 critical object as some kind of tracking cookie.

I know my CP is old but I didn't know any better when I sought professional help to fix the viral problems. I already spent too money to have it fixed and it was running ok at that time except for the constant "messenger service" windows popups that was bothering me. I've lost my job since June and I'm not able to spent any more money for upgrade of RAM especially with recent cash donation to Katrina disaster relief from my raining day fund.

I think now that the problem of "messenger service" window popups is gone, and the computer is running fairly good speed, I'm not going to risk it for any more trouble to attempt the HJT log.

I wish some people would go after those virus and malware creating criminals. They are nothin good but the scum of the earth.

I thank you and this great site for all your help!