Anilrgowda

Introduction

This page, targeted towards home users, discusses the basic steps needed from an user to stop Pop-ups, and the information to keep the system clean.
Credits

Part of the information in this page is collected from online sources, Microsoft site. Thanks and all credit due to the third-party sites referenced, and the authors for their part.
Pop-ups can be classified as follows:

• General browser pop-ups
• Messenger Service advertisements
• Pop-ups generated by adware and spyware

General browser pop-ups

These pop-ups can be prevented by installing a pop-up blocker. Often times, these new windows display advertising that can interfere with your ability to see the content on the page you're trying to read. Adding the AD related Domains to the Restricted Zone in Internet Explorer is a good idea. Refer to the following MS-KB articles to learn how to stop pop-ups from a particular webpage.

Prevent Pop-up Ad Windows When Browsing with Internet Explorer
A New Window Appears When You Visit Some Web Sites

Windows XP Service Pack 2 now includes a built-in Pop-up blocker. You can read more about this feature, in the following pages:

Block Pop-up Windows with Internet Explorer: Windows XP SP2
Export Internet Explorer Pop-up blocker settings

Always allow Pop-ups for secure sites (HTTPS) in Windows XP SP2



Messenger Service Advertisements

If the title bar reads as "MESSENGER SERVICE" with gray Ads, then it the famous Messenger SPAM. This is applicable only for Windows 2000 and Windows XP. The "Messenger Service" [different from Windows Messenger IM] is responsible for transmitting these text-based messages. While disabling the Messenger Service can stop the pop-up Ads, it's not sufficient in the security point of view. These messages arrive to your system because there is a way for someone to transmit data to your computer via TCP and UDP ports [UDP ports 135, 137, and 138; TCP ports 135, 139, and 445 137]. This means, some intruder can do nasty things on your computer with this port open.
The BEST and HIGHLY RECOMMENDED method to prevent these type of pop-up and to harden the security of your computer is to enable the Windows XP's Firewall and upgrade to Windows XP SP2. Windows XP SP2 turns off the Messenger Service by default, and enables the Windows firewall. This blocks the ports required for Messenger Service data transmission.
Enable the Firewall in Windows XP

For Windows XP SP2 systems:

If you're using Windows XP, and haven't updated to SP2, please do it immediately.

• Click Start, Run and type Firewall.cpl
• Select On (recommended) button, and click OK.

Never connect to internet without enabling the Firewall. Otherwise, there are fairly good chances your system gets infected. Finest example is the recent RPC NT Authority Shutdown caused by Blaster Worm, which infects "unpatched" and "unprotected" computers.
References

Messenger Service Window That Contains an Internet Advertisement Appears
Stopping Advertisements with Messenger Service Titles

Pop-ups generated by Ad-ware & Spyware

Spyware cause the same effect as general Browser pop-ups but they are usually powered by malware Browser Helper Objects, ActiveX controls which attaches to Internet Explorer and contacts the respective AD servers to fetch ADs through internet. This not only means waste of Internet bandwidth, but your private information may also be sent to someone. You need to treat any outgoing connection without your permission, as a 'security threat'.
Your Anti-virus software may not be fully capable of detecting spyware. Therefore, it's a good idea to scan your system using a good Anti-virus package and also with a good spyware removal utility. You must update the pattern files before scanning just like what you do for your anti-virus software. This ensures good detection.
Protection mechanisms

• Use HOSTS file to block unwanted AD servers and spyware sites
• Increase your browser security settings. Read the following pages to learn how to protect the system from parasites.

Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
(Site packed with full of security tips, advice to prevent parasites being installed)
Malware Defence - Setting the "Kill-Bit"
IE-SPYAD: Ad Blocking Resources

• Use an application-based firewall, such as Zone Alarm, Sygate etc. They alert you whenever an outgoing traffic by a new application is detected. By doing this, you are preventing dialers, Trojans accessing the internet. Give equal importance to the configuration of the firewall. Assume your firewall as the gatekeeper, and only allow programs that you want, to access the internet. You may then test the effectiveness of the Firewall (for inbound protection) using any of these websites. They scan your system for open ports and vulnerabilities and advice you what action to take.

grc.com/x/ne.dll?bh0bkyd2 | dslreports.com/scan | hackerwatch.org/probe

eneral Advisory

• Don't connect to internet without enabling firewall and Anti-virus software
• Increase the security settings in the browser so that Activex controls won't install automatically
• Visit http://windowsupdate.microsoft.com frequently and download all Critical Updates
• Subscribe to Microsoft Security Bulletin to know the vulnerabilities identified and the patches released
• Use HOSTS file to block unwanted websites
• Think twice before enabling an application to access the Internet if you use a third-party firewall. Gather information about a process / application name, if found suspicious.
• Keep yourself updated on Rogue/Suspect Anti-Spyware Products & Web Sites

Essential Tools (minimum required)

• Any good Anti-virus package. You may consider AVG
• A third-party firewall such as ZoneAlarm, Sygate.
• Spybot S&D
• Lavasoft Ad-Aware
• Spyware Blaster
• Google Toolbar to block pop-ups. Google Toolbar Privacy Policy