Hi Phil - As Malke pointed out to you before, it is not sufficient to just
turn off Messenger Service.
If you get popups even when your browser is not connected to the Internet
with a title bar reading "Messenger Service", then these are most likely due
to open NetBios TCP ports 135, 139 and 445 and UDP ports 135, 137-138 and a
UDP port in the range of 1026-1029.. You really need to block these with a
firewall as a general protection measure. You can stop the popups by
turning off Messenger Service; however, this still leaves you vulnerable.
If you have an NT-based OS such as XP or Win2k, you should probably also
specifically block TCP 593, 4444 and UDP 69, 139, 445, and install the very
important 824146 patch from MS03-039, here:
http://support.microsoft.com/default.aspx?kbid=824146 to block the Blaster
worm as well as several other parasites.
See: Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904 which identifies reasons to
keep this service and steps to take if you do.
You can test your system and follow the 'Prevention' link to get additional
information here:
http://www.mynetwatchman.com/winpopuptester.asp Unless you have very good
reasons to keep this active, it should be turned off in Win2k and XP. Go
here and do what it says:
http://www.itc.virginia.edu/desktop/docs/messagepopup/ or, even better, get
MessageSubtract, free, here, which will give you flexible control of the
service and viewing of these messages:
http://www.intermute.com/messagesubtract/help.html Recommended.
(FWIW, ZoneAlarm's default Internet Zone firewall configuration blocks the
necessary ports to prevent this use of Messenger Service. I don't know the
situation with regard to other firewalls.)
Messenger Service is not per se Spyware or something that MS did wrong - It
provides a messaging capability which is useful for local intranets and is
also sometimes (albeit nowdays infrequently) used by some applications to
provide popup messages to users. However, it can also be (and now frequently
is) used to introduce spam via this open NetBios channel. For a single user
home computer, it normally isn't needed and can be turned off which will
eliminate the spam popups. This DOESN'T, however, remove the vulnerability
of having these ports open, when in fact they aren't needed, since they can
be perverted in other ways as well, some of which can be much more damaging
than just a spam popup.
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In