How did this arrive?

botheredbothered Manchester UK
edited September 2003 in Science & Tech
I was just posting on S-M when this popped up. I just binned it but with a router and Zone alarm pro, How did it get here?

bothered.

Comments

  • Geeky1Geeky1 University of the Pacific (Stockton, CA, USA)
    edited September 2003
    Welcome to the wonderful world of Windows Messenger Service spam. Just close it and forget about it.
  • danball1976danball1976 Wichita Falls, TX
    edited September 2003
    Thats a good reason why I started to disable the windows messenger system in services way back in March or April when it started.
  • FAH_WWFAH_WW Training in Indianapolis, IN
    edited September 2003
    Well the better approach imho would be to install a firewall, or enable the XP firewall ;)

    Free ones are available, work well, and will stop the messenger spam, it will stop blast infections (generally) and it will just make it less likely you'll get infected with the usual nasties ;)

    blackice/zone alarm/XP built-in. All free. With the XP one, you may find you have to reboot to actually make the settings stick.

    At work, I use it as the IT guy refuses to make the UPS messages directed to him as opposed to the whole universe.... He runs a daily load test, which causes these messages to be broadcast. The first thing you have to do when logging in is to clear hundreds of messages on a machine that's been running (say FAH) for ages ;)

    Stopping the messenger service is effective, but not recommended as it can be used by windows itself sometimes.
  • EMTEMT Seattle, WA Icrontian
    edited September 2003
    That's interesting, any ports forwarded from the router? DMZ? If none of the above maybe it's on the local network :scratch:

    The solution I've always used is to disable the service... I hadn't heard Windows used it for anything... can you elaborate FAH_WW?
  • mmonninmmonnin Centreville, VA
    edited September 2003
    I ALWAYS disable the piece of crap. Quickest, easiest way to stop it.
  • CyrixInsteadCyrixInstead Stoke-on-Trent, England Icrontian
    edited September 2003
    bothered said
    but with a router and Zone alarm pro, How did it get here?
    FAH_WW said
    Well the better approach imho would be to install a firewall, or enable the XP firewall ;)

    blackice/zone alarm/XP built-in. All free.

    bothered has Zone Alarm Pro, so how did it get past? I would have thought that a firewall would not block a messenger message as that is all it is - there is no possibility to attach a virus or anything.

    Also, on first install if Zone Alarm is anything like Norton Internet Security (I have this) it will scan the computer and come up with a massive list of progs that access the Internet.

    One of these I would imagine would be the Windows Messenger service and so would probably be auto-configured for permitted access.

    In this case I'd say bothered is best off disabling the service.

    ~Cyrix
  • HawkHawk Fla Icrontian
    edited September 2003
    Get xp AntiSpy and you can turn off messenging and a bunch of other crap too. Latest ver. is 3.72. Get the top one, it's english & deutsch ver. http://www.xp-antispy.org/
  • SlickSlick Upstate New York
    edited September 2003
    To disable the messenger service go to start -> run -> type services.msc -> scrool down until you find the service named 'messenger' -> right click and select properties -> Stop the services and also set the start up type to disabled so it doesn't start up again when you reboot. :)
  • mcwcmcwc Vancouver, BC Member
    edited September 2003
    Here's another good program to kill the windows messenger service from grc.com.

    Shoot The Messenger Info
    Shoot The Messenger Download
  • FAH_WWFAH_WW Training in Indianapolis, IN
    edited September 2003
    The messenger service-based stuff should be blocked by a firewall as it's incoming, uninitiated from your box, traffic. So unless it's using a DNS or DHCP port which is trusted, it should block it :|

    Very worrying if it doesn't block it...

    Have a look at http://www.grc.com - you'll find extensive info on pretty much all ports below 1023 there :D

    (soz me lazy :D)
  • ArmoArmo Mr. Nice Guy Is Dead,Only Aqua Remains Member
    edited September 2003
    Start > control pannel > Admin tools > Services > Messanger > Startup type: Manual, Stop transmiting > drink beer > sleep > work > drive around > get some pr0n > look at pr0n > sleep some more
  • Mt_GoatMt_Goat Head Cheezy Knob Pflugerville (north of Austin) Icrontian
    edited September 2003
    Install a FIREWALL!!!!
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited September 2003
    Armogeddon00 said
    Start > control pannel > Admin tools > Services > Messanger > Startup type: Manual, Stop transmiting > drink beer > sleep > work > drive around > get some pr0n > look at pr0n > sleep some more
    Cured my marriage, too.;D

    (better off, but you could do better...)
  • SpinnerSpinner Birmingham, UK
    edited September 2003
    bothered said
    I was just posting on S-M when this popped up. I just binned it but with a router and Zone alarm pro, How did it get here?

    bothered.

    I got that exact same Message, twice! just the other day. And I run Norton Internet Security. Also, I don't know whether it is relevant or not but I, after receiving those Messages detected two trojan horses on my rig.

    I think it was probably just a conincidence, but I would say you should run a virus scan before you do anything else.
  • EMTEMT Seattle, WA Icrontian
    edited September 2003
    If the messenger port isn't forwarded and he's not in the DMZ it may very well be a trojan on the network or the local computer. That would explain getting past the router.
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited September 2003
    Just turn the service off and stop worryin' about it.

    Having a router with blocked ports does NOT stop incoming traffic. There are many programs out there that can create TCP/IP tunnels right to your door. Net meeting is one.
  • NecropolisNecropolis Hawarden, Wales Icrontian
    edited September 2003
    mtgoat said
    Install a FIREWALL!!!!
    bothered said
    I was just posting on S-M when this popped up. I just binned it but with a router and Zone alarm pro, How did it get here?

    bothered.

    Sorry, couldnt help myself :D
  • FAH_WWFAH_WW Training in Indianapolis, IN
    edited September 2003
    NetMeeting is blocked on my router ;) It's only when you open ports such as the NetMeeting ones that you get this problem ;)
  • EnverexEnverex Worcester, UK Icrontian
    edited September 2003
    Geez, how many people in this thread didnt even bother reading the first post, Jesus Christ people, do yourself and everyone else a favor and read the damn thread.

    Firstly he said he was behind a router (so it shouldnt be able to get through regardless)
    Secondly he said he IS running a Firewall (another reason it shouldnt have got through)
    And thirdly he didnt ask how do disable the service as I am sure Bothered already knows how to.

    Sorry, but something had to be said as this is basically a thread with completely useless responses.

    Bothered: Check to see if you have opened port 135 on your Router for some reason, or if a DMZ to your machines LAN address is set up on the Router.
    Also check to see if Zone Alarm has for some reason either kept port 135 open or has allowed the Messenger service access to the net.

    NS
  • FAH_WWFAH_WW Training in Indianapolis, IN
    edited September 2003
    Urm - have you read it yourself m8 ? That's basically what we said to a very large extent. I refer to the posts regarding routers which open ports based on uPnP/Netmeeting, the post just above yours regarding by EMT which is basically stating the exact same thing as you.

    Also, whether the messenger service has access to the net or not makes NO difference at all, as that's only outgoing...

    Doesn't look to me like you've read it nor understand the question. Swearing won't help either...

    Sorry if this response may sound harsh, but then you're asking for it.
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited September 2003
    Which is why I also noted that plenty of programs out there can initialize a TCP/IP tunnel straight to the destination computer. I use such a thing to allow filesharing through both my router and any destination router. Firewall or not, NAT or not.

    Secondly.

    He may not have ASKED how to disable the service, but most certainly it will never get through again if the service is not on to receive it. So the point of asking or not is moot.
  • FAH_WWFAH_WW Training in Indianapolis, IN
    edited September 2003
    Thrax: I couldnt agree more ;)
  • JimboraeJimborae Newbury, Berks, UK New
    edited September 2003
    Thrax: I couldnt agree more :)
    Second that :thumbup

    Slightly off topic but FAH_WW, you is just down/up the road from me. I'm in Newbury, about 15mins down the A34 :)

    Regards

    Jim
  • FAH_WWFAH_WW Training in Indianapolis, IN
    edited September 2003
    Jimborae: visit the CMF as well ;) hehe :D - depends on traffic on the A34 though LOL :D:D Nice to meet ya ;)
  • CyrixInsteadCyrixInstead Stoke-on-Trent, England Icrontian
    edited September 2003
    A34? Newbury? Christ! That's wayyyy down south. The A34 goes up through Birmingham, passes next to Stoke-on-Trent and carries on right through Manchester.

    Weird, so if I got on the A34 at Stoke, I could go and visit one of you two.

    Wow, what along normal road!

    ~Cyrix
  • SpinnerSpinner Birmingham, UK
    edited September 2003
    In a nutshell then :rolleyes2, if you want to stop it from happening again, then remove the Messenger service (see the tweaks and tricks thread). But if you still want to use it, don't know whether you do, but I sure as hell do, you'll just have to put up with the occasional ad/trojan/pointless popup coming at ya from through your firewall, router and what have ya.

    This thread could have been so much shorter.

    /me chuckles for no apparent reason
  • JimboraeJimborae Newbury, Berks, UK New
    edited September 2003
    Cyrix, the A34 is one of the oldest roads in the UK goes back to Norman days, being the main route North & South until the advent of motorways in the twentieth century.

    See, ask about pop ups. Learn about road history. Weird nes pas. ;)

    Jim
  • EMTEMT Seattle, WA Icrontian
    edited September 2003
    Thrax said
    Which is why I also noted that plenty of programs out there can initialize a TCP/IP tunnel straight to the destination computer. I use such a thing to allow filesharing through both my router and any destination router. Firewall or not, NAT or not.

    Hate to admit it but I've never heard of this. I'm interested - do you have a link for more info?
  • LeonardoLeonardo Wake up and smell the glaciers Eagle River, Alaska Icrontian
    edited September 2003
    this is basically a thread with completely useless responses

    Good then, as I now have license to reveal my ignorance on this subject.... then, maybe not.
    Hate to admit it but I've never heard of this. I'm interested - do you have a link for more info?

    Well, you know where your next unsolicited pop-up is coming from! :eek2:
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited September 2003
    Netmeeting establishing a TCP/IP tunnel

    It's annecdotal evidence of course, but I've done several port scans on both the routers I have in sequence, and port 3000 is entirely blocked on both. Port 3000 is, consequently, the port I have determined for file transfer in ICQ/AIM/mIRC. Before dialing a false IP with NetMeeting, file transfer never occurrs. After dialing said IP, file transfer works appropriately.

    Furthermore, ports others have enabled for the reception of files in their programs are fully capable of receiving my sent files, even when the ports are blocked by default, and unopened on their routers.

    It's pretty solid evidence, in my opinion. Feel free to pwn me though. If I'm wrong, hey, I'm wrong. :)
Sign In or Register to comment.