Spywaer Popup, Messenger Service

[Phil]

I have one spywaer left getting into my computer. The
popup Heading is Messenger Service. I have the latest
version McAfee security with Spywear protection running.
It pops up about every 5 Min while I'm online. Can
anybody Help

 

[Guest]

Try this,
Control Panel/Admin Tools/Services
Scroll down to Messenger and DISABLE it
Then reboot and problem should be gone.

 

[Malke]

Try this,
Control Panel/Admin Tools/Services
Scroll down to Messenger and DISABLE it
Then reboot and problem should be gone.

Actually, the symptom will be gone but the OP will have masked his real
problem which is that he isn't running a firewall. He should check in
his Mcafee security center or whatever they call it and either enable
the Personal Firewall or get a different firewall. Sygate and ZoneAlarm
make free ones.

Malke

 

[Paul Webster]

Must agree this is the answer to that particular problem, it comes abou
from a coruption within a XP utility that is intended for networ
administrators to post messages accross a network.

Start/Control Panel/Admin Tools/Services
Scroll down to Messenger double click on it, on start up type selec
DISABLE, on service status click 'stop', click 'appply', 'ok,
Then reboot and problem should be gone.

 

[Guest]

Thanks, but i do have McAfee personal firewall however
this spy was in before i loaded it, and their bug scan and
restore did not fix it. But Disabling Messenger stopped
it, Thanks Phil

 

[Malke]

Thanks, but i do have McAfee personal firewall however
this spy was in before i loaded it, and their bug scan and
restore did not fix it. But Disabling Messenger stopped
it, Thanks Phil

That's great, but you still have malware on your computer; it just can't
access the Internet. Try cleaning up your computer with Spybot Search &
Destroy and Ad-aware. Both apps are free and you can get them at
www.majorgeeks.com. Update the apps and scan with them in Safe Mode.

Malke

 

[Jim Byrd]

Hi Phil - As Malke pointed out to you before, it is not sufficient to just
turn off Messenger Service.


If you get popups even when your browser is not connected to the Internet
with a title bar reading "Messenger Service", then these are most likely due
to open NetBios TCP ports 135, 139 and 445 and UDP ports 135, 137-138 and a
UDP port in the range of 1026-1029.. You really need to block these with a
firewall as a general protection measure. You can stop the popups by
turning off Messenger Service; however, this still leaves you vulnerable.
If you have an NT-based OS such as XP or Win2k, you should probably also
specifically block TCP 593, 4444 and UDP 69, 139, 445, and install the very
important 824146 patch from MS03-039, here:
http://support.microsoft.com/default.aspx?kbid=824146 to block the Blaster
worm as well as several other parasites.


See: Messenger Service Window That Contains an Internet Advertisement
Appears http://support.microsoft.com/?id=330904 which identifies reasons to
keep this service and steps to take if you do.

You can test your system and follow the 'Prevention' link to get additional
information here:
http://www.mynetwatchman.com/winpopuptester.asp Unless you have very good
reasons to keep this active, it should be turned off in Win2k and XP. Go
here and do what it says:
http://www.itc.virginia.edu/desktop/docs/messagepopup/ or, even better, get
MessageSubtract, free, here, which will give you flexible control of the
service and viewing of these messages:
http://www.intermute.com/messagesubtract/help.html Recommended.

(FWIW, ZoneAlarm's default Internet Zone firewall configuration blocks the
necessary ports to prevent this use of Messenger Service. I don't know the
situation with regard to other firewalls.)

Messenger Service is not per se Spyware or something that MS did wrong - It
provides a messaging capability which is useful for local intranets and is
also sometimes (albeit nowdays infrequently) used by some applications to
provide popup messages to users. However, it can also be (and now frequently
is) used to introduce spam via this open NetBios channel. For a single user
home computer, it normally isn't needed and can be turned off which will
eliminate the spam popups. This DOESN'T, however, remove the vulnerability
of having these ports open, when in fact they aren't needed, since they can
be perverted in other ways as well, some of which can be much more damaging
than just a spam popup.


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

 

[Bruce Chambers]

I have one spywaer left getting into my computer. The
popup Heading is Messenger Service. I have the latest
version McAfee security with Spywear protection running.
It pops up about every 5 Min while I'm online. Can
anybody Help

This type of spam has become quite common over the past couple of
years, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you most definitely open to other threats, such as the Blaster,
Welchia, and Sasser Worms that still haunt the Internet. Install and
use a decent, properly configured firewall. (Merely disabling the
messenger service, as some people recommend, only hides the symptom,
and does little or nothing to truly secure your machine.) And
ignoring or just "putting up with" the security gap represented by
these messages is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Whichever firewall you decide upon, be sure to ensure UDP ports 135,
137, and 138 and TCP ports 135, 139, and 445 are all blocked. You
may also disable Inbound NetBIOS over TCP/IP). You'll have
to follow the instructions from firewall's manufacturer for the
specific steps.

You can test your firewall at:

Symantec Security Check
http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT

Security Scan - Sygate Online Services
http://www.sygatetech.com/

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is not the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Bruce Chambers]

Try this,
Control Panel/Admin Tools/Services
Scroll down to Messenger and DISABLE it
Then reboot and problem should be gone.

I realize that you're trying to help, and that such an intent is
commendable, but please don't post potentially harmful advice.

Merely disabling the messenger service, as you suggest, is a
dangerous "head in the sand" approach to computer security that leaves
the PC vulnerable to threats such as the W32.Blaster.Worm.

The real problem is _not_ the messenger service pop-ups; they're
actually providing a useful service by acting as a security alert. The
true problem is the unsecured computer, and your only advice, however
well-intended, was to turn off the warnings. Was this truly helpful?

Equivalent Scenario: You over-exert your shoulder at work or
play, causing bursitis. After weeks of annoying and sometimes
excruciating pain whenever you try to reach over your head, you go to
a doctor and say, while demonstrating the motion, "Doc, it hurts when
I do this." The doctor, being as helpful as you've been, replies,
"Well, don't do that."

The only true way to secure the PC, short of disconnecting it from
the Internet, is to install and *properly* configure a firewall; just
installing one and letting it's default settings handle things is no
good. Unfortunately, this does require one to learn a little bit more
about using a computer than used to be necessary.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Guest]

Thanks for that Bruce, I wonder if you can help me with my problem 2 posts up
from this one, concearning my fonts and menu problems.