Messenger pop-ups

[Guest]

You state that Windows Defender is the latest version of MS Anti-Spyware.

Why can'nt I turn off MS Messenger services.
(Is is not listed in 'msconfig')

I am getting pop-ups from the moment I turn on my computer.
Even if I am not using Internet explorer.

I beleive they are from MS Messenger network services, But Defender does not
turn it off.

I have run AntiSpyware programs, AntiVirus programs, AntiAdware programs.
And still get pop-ups.

And ,yep, Defender dos'nt stop them......
Give me the good old MS AntiSpyware.

 

[Anonymous Bob]

You state that Windows Defender is the latest version of MS Anti-Spyware.

Why can'nt I turn off MS Messenger services.
(Is is not listed in 'msconfig')

<snip>

http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx

Bob Vanderveen

 

[Jupiter Jones [MVP]]

If you are getting those pop ups, that means you have no firewall or your
firewall is not working properly.
The correct fix for your problem is enable/install a firewall.

While disabling Messenger Service is not necessarily a bad idea, it only
covers your symptom and does nothing for the real problem of an insecure
computer.

 

[Bill Sanderson MVP]

If you are really getting messenger services popups, they are quite
distinctive--these are plain text message boxes.

Service Pack two for XP should disable this for you. Additionally any
firewall on your machine or network should also keep you from getting these
popups.

Please go to a command prompt and type:

sc qc messenger

You should see a result like this:
---
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: messenger
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME : LocalSystem
---------------------------------------------------
If indeed start-type is 'disabled' on your system, the messenger service is
not the cause of what you are seeing.


I think it is more likely that you have ad-producing spyware on your
system--possibly root-kit based. I've seen this myself on systems which got
a clean bill of health from both Windows Defender and Ewido and other
antispyware apps.

I'd recommend getting F-secure's Blacklight rootkit detector and checking
your system with it:

https://europe.f-secure.com/blacklight/try.shtml

If Blacklight finds hidden objects on your system, I'd recommend having it
do whatever it can to them--I was able to delete the stuff on the system I
saw by rebooting into safe mode immediately after Blacklight found hidden
files. I was then able to find and delete them manually.

This may be a bit too technical and complex, I'm afraid--lets check out
whether messenger is running, and if not, check out whether blacklight finds
hidden objects. Write back with those results and we'll see where to go
from there.

 

[Anonymous Bob]

If you are getting those pop ups, that means you have no firewall or your
firewall is not working properly.
The correct fix for your problem is enable/install a firewall.

While disabling Messenger Service is not necessarily a bad idea, it only
covers your symptom and does nothing for the real problem of an insecure
computer.

I wouldn't argue with that. ;-)

It sounds as if this system might already be infected. Perhaps some online
scans are in order.

Bob Vanderveen

 

[Guest]

You may turn off messenger service through Control Panel | Administrative
Tools | Services.

It is generally a good idea to disable ALL risky and superfluous services to
help harden your system against compromise. There is a long list of such
services near the bottom of either of the two pages indicated in my sig.

Another way to disable Messenger Service is to run "ShootTheMessenger" from
Steve Gibson's grc.com. You may also use a tweaking tool such as XQDC's
X-Setup (use version 6.3 if you wish to avoid the trial expiration in later
releases).

 

[Jupiter Jones [MVP]]

Avery good way to stop the Messenger Service ads.
But the real issue of an unprotected computer remains if there is no
firewall or an improperly configured firewall.

 

[Guest]

You are preaching to the chior regarding firewalls.

However, firewalls alone do not a secure system make. (A closed port is as
good as open to a clever intruder. All ports MUST be stealthed!)

From the text to which I had referred "Crazylegs":

"It is always best to place your system behind a NAT-enabled hardware
firewall or router. These are inexpensive safeguards (<$50) that further
isolate your system from the outside world. Even when no hardware firewall
is present, you MUST enable a software firewall, such as that included with
Windows XP and many anti-threat software bundles. Test the firewall using
Sygate SOS. All ports tested must be identified as either STEALTH or BLOCKED
to ensure safety."

Unfortunately, the entire 25-step recommendation is far too lengthy (not to
mention boring) to list here.

--
Scott D

Internet Security: http://SecorConsulting.net/pages/security.html
CIS Benchmark: http://SecorConsulting.net/pages/benchmark.html

 

[Guest]

I have all your messages, and thank you for the replies.

The computer has Windows XP own firewall enabled.
My home network has a router with built in hardwired firewall.

F-secure blacklight found nothing.

 

[Guest]

You didn't mention whether your problem had been resolved. I expect that had.

I would not stop with just one scan, however. I routinely employ a daily
rotation of a-squared, bitdefender, CA, ewido, F-secure, Kspersky, McAfee,
Panda, and Trend online threat scanners, in addition to resident processes
(on productions systems). I am a bit less "paranoid" about my home systems,
since I use them infrequently.

That ought to keep you busy for a while. ;-)