Messenger Service SPAM intrussion

J

Jonathan

Hi there,
I am getting SPAM sent to me in little pop-up MESSENGER SERVICE windows...
This feels like a real intrussion... spamming me with email is one thing but
causing an internal XP Messenger window to pop up...

Now, I realise that if my firewall was funning this would more than likely
be blocked. As it is my firewall has been causing my computer to crash with
a TCPIP.SYS error (blue screen etc). I am in the process of sorting that
out...

But aside from that I am sure I should be able to turn off the ability for
people to send me SPAM on the Messenger Service (whatever that is)... Any
ideas?

Thanks,


Jonathan
 
J

Jason Haynes

At the run prompt type services.msc. Scroll down to messenger and double
click it. Stop the service and change the startup type to disabled. I'm not
sure what the problem is with your firewall. If it's XP's firewall that
gives you trouble, I would suggest a third party firewall like ZoneAlarm
(www.zonelabs.com) or Sygate personal firewall (www.sygate.com).
 
P

purplehaz

Get your firewall fixed first. You should never go online without a firewall
enabled. If the xp one isn't working for you, try a third party one like
Zone Alarm. Once a firewall is enabled the messenger service pop up ads will
stop, plus it will stop certain viruses and trojans.
To turn off the messenger service goto, control panel, administrative tools,
services, find messenger, right click, properties, hit the stop button, set
startup type to manual or disabled.
 
C

Chris Lanier

Sure, but you still really do need a firewall, and firewall. the one built
into XP, norton, zone alarm, Tiny, sygate, etc.

to just disable the service goto Control Panel>.Admin Tools>>Services>>Find
"Messenger" turn to Disable.

NOTE: again this does not solve the problem of the traffic still getting
into your PC.
 
S

Steve Parry [MVP]

Jonathan said:
Hi there,
I am getting SPAM sent to me in little pop-up MESSENGER SERVICE
windows... This feels like a real intrussion... spamming me with
email is one thing but causing an internal XP Messenger window to pop
up...

Now, I realise that if my firewall was funning this would more than
likely be blocked. As it is my firewall has been causing my computer
to crash with a TCPIP.SYS error (blue screen etc). I am in the
process of sorting that out...

But aside from that I am sure I should be able to turn off the
ability for people to send me SPAM on the Messenger Service (whatever
that is)... Any ideas?

Thanks,


Jonathan
Click to expand...

As you pointed out you really should be using a firewall, if the built
in XP one is giving trouble (and that in itself is suspicious ... are
your antivirus files up to date?) then look at some of the free ones ...
I use Kerio and find it works well.

However in answer to your post to stop the messenger service

Start
Run
type
services.msc
click OK

navigate to Messenger service
double click on it to open the properties and set
it to disabled and stop the service.

or

temporary relief can be obtained by just going to

Start
Run
type
net stop messenger
click OK

but the service will restart at boot up :blush:)
 
W

Willit

Get a fire wall or turn on the built-in one.

or

If They say "Messenger Service" in the top frame. There
are Several ways to do it.

Disable Method: Start > Run > Type "services.msc" >ok ,
on the services and applications find "Messenger" and
right click on it and choose properties choose "Disable"
in the middle Apply > ok.

or

Start Method : goto Start > Run > Type "msconfig" on the
Start Config. Menu go to Services Tab , go down the list
to "Messenger" uncheck, apply> ok re-boot. you will get a
warning when you re-boot >ok Done.

or

If you don't want it or need it or the Alerter Service
Delete it. Most don't, unless you are on a network, other
than your own. The Alerter Service is used on a network to
send virus alerts. You have to be on a network before
either have any use.

To Delete the Messenger Service:

Go to Start/Run/CMD and type in: sc delete messenger.
Reboot.

or

Or go to Start/Run/Regedit and go to this key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
Messengerservice Delete Key. You can export it in case you
want it again,
then delete. Reboot
 
B

Brian

Disabling the Messenger Service is really a head in the
sand approach to this issue. Using a firewall to block
these open ports is the better way to solve this issue. I
myself use Mcafee firewall and since installing have not
had these pop-ups.

Brian
 
J

Jonathan

Hi there,
I have now found a few other posts talking about this issue... so I think I
have sorted it out.

Regards,

Jonathan
 
L

Larry

A quick and dirty say of disabling messenger is to go to the c:\Program
Files folder and rename the Messenger folder to Messenger.die :) You will
get a warning in your logs (If you ever actually look at them) every time
you boot that windows can't find messenger (boo hoo), but that's a small
price to pay. There are other ways as well but nothing faster than this one!

Also, till you get your firewall problems straightened out, turn on the
built in one! XP Comes with a minimal but fairly effective firewall.
Certainly should be on at minimum any time you connect to the net, even to
DL updates from MS.

Larry
 
L

Larry

Ooops! I'm sorry, you were talking about the other messenger service!
Well there's freebie for the MS Messenger anyway :)

And still turn on that built in firewall!

Larry
 
J

Jonathan

Hi...
Thanks for that.
This is what I have done.

RE. Firewall... Was using Outpost Firewall 2.0...
For some reason on a dial-up connection it crashes my computer when browsing
some sites/pages etc.
Thanks for the suggestions in that regard though..


Jonathan
 
J

Jonathan

Hi there...

Okay... Okay!!! Wowzer... The message is coming through loud and clear...
"Turn on a firewall" !!
I agree... I agree...

Yes... I have been using a firewall since the days when AtGuard was first
released (later bought up by Symantec and used as the basis for the Norton
Firewall) quite some years ago - long before most non-corporate users even
knew what a firewall was... long before they were even all the necessary for
home users (I mainly used it way back then because it stripped out
advertisements which was great). I have had one or another FW on ever since
then... (5+ years I would say)... So yes, I agree wholeheartedly... vital to
have one - thanks for the urging to put one on.

JUST TO EXPLAIN MY SITUATION...
My prob was that the FW of my choice (Outpost by www.agnitum.com) started to
crash my computer. It's by far the best FW I have found with incredible
features and logging etc etc but since it started crashing the computer I
have been looking for a way to sort it out. I am loathed to switch to
another brand in the mean time because that prevents me from testing Outpost
each time I get a potential solution to the problem.
I have now put the XP firewall back on in the mean time.

Thanks for all the many answers.
I have also now disabled messenger service... partly to avoid the spam
if/when I have no firewall running and also because it sounds like a waste
of resources too.

Regards,

Jonathan
 
B

Bruce Chambers

Greetings --

Frankly, if your firewall isn't working properly, you're wisest
course of action would be to disconnect the machine from the Internet
until you get it fixed. Doing anything else is exceedingly foolish,
given today's well-publicized Internet environment.

This type of spam has become quite common over the past year, and
unintentionally serves as a valid security "alert." It demonstrates
that you haven't been taking sufficient precautions while connected to
the Internet. Your data probably hasn't been compromised by these
specific advertisements, but if you're open to this exploit, you may
well be open to other threats, such as the Blaster Worm that recently
swept cross the Internet. Install and use a decent, properly
configured firewall. (Merely disabling the messenger service, as some
people recommend, only hides the symptom, and does almost nothing to
truly secure your machine.) And ignoring or just "putting up with"
the security gap represented by these messages is particularly
foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
K

Kevin Davis³

Disabling the Messenger Service is really a head in the
sand approach to this issue. Using a firewall to block
these open ports is the better way to solve this issue. I
myself use Mcafee firewall and since installing have not
had these pop-ups.
Click to expand...

There is great risk in leaving the Messenger Service running if you
don't need it...

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-043.asp

http://www.infoworld.com/article/03/10/28/HNmessengeroff_1.html
 
P

purplehaz

Kevin Davis³ said:
There is great risk in leaving the Messenger Service running if you
don't need it...

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-043.asp

http://www.infoworld.com/article/03/10/28/HNmessengeroff_1.html
Click to expand...
I love how the "turn the messenger service off" people never give the whole
story. If you use a firewall no one can exploit the messenger service
whether it's on or off. Disabling the service is just an added security.
Enabling a firewall is the correct solution. If your firewalled there is no
exploit possibility without compromising the firewall first. Yes it's a good
idea to disable if you don't need it, I'm just saying the correct answer to
stopping messenger service ads is the firewall approach. Right from that kb
article:
a.. Messages are delivered to the Messenger service via NetBIOS or RPC. If
users have blocked the NetBIOS ports (ports 137-139) - and UDP broadcast
packets using a firewall, others will not be able to send messages to them
on those ports. Most firewalls, including Internet Connection Firewall in
Windows XP, block NetBIOS by default.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Messenger Service spam problems again 3
Messenger service does not work 4
How to disable "Messenger Service"? 13
O.T. Live Messenger will not update Skype software 6
pop up city 4
.NET Messenger Service 1
Messenger service 8
Windows Messenger Service 14

Top