Deceptive Business: registrycleanerxp.com

My firewall logs are always full of random things mostly from virus infected zombie machines trying to spread the latest and greatest malware. Whenever I see something strange going on, I just forward the port in question to a linux box and then use netcat or ethereal to capture the traffic. I always see a lot of connection attempts to UDP ports 1026-1028, the windows messenger service. Not MSN Messenger, but thet net msg service that can be used to display a dialog box on your computer. This service is disabled by default on Windows XP Service Pack 2.

Registrycleanerxp.com
These guys use what I call the mafia protection scheme. The mafia, at least as portrayed in films and television, may send two guys to your store to rough things up. Then they'll send another two guys forcing you to pay up for protection. Registrycleanerxp.com scans the internet looking for unfirewalled machines running the windows messenger service . They cause your machine to open a dialog box that contains the following:

REGISTRY DAMAGED AND CORRUPTED.

To FIX this problem:
Open Internet Explorer and type: www.registrycleanerxp.com
Once you load the web page, close this message window

After you install the cleaner program you will not receive any more reminders or pop-ups like this.

VISIT www.registrycleanerxp.com IMMEDIATELY!

So they cause your computer to display this message box with quite some frequency, and want to sell you their product to get rid of it. Further more, the messages come from random machines, likely to be infected zombies. A visit to their website shows this hilarious customer review on the side.

Mark,
I appreciate you finding a solution to my Messenger Service popup problem, it was coming to a point where I couldn't use the internet. The registry cleaner fixed over 100 problems, and my computer runs so much FASTER!!

Obviously this guy, if the review is genuine (unlikely), took the bait. See for yourself here.