How did this arrive?

bothered

I was just posting on S-M when this popped up. I just binned it but with a router and Zone alarm pro, How did it get here?

bothered.

Geeky1

Welcome to the wonderful world of Windows Messenger Service spam. Just close it and forget about it.

danball1976

Thats a good reason why I started to disable the windows messenger system in services way back in March or April when it started.

FAH_WW

Well the better approach imho would be to install a firewall, or enable the XP firewall

Free ones are available, work well, and will stop the messenger spam, it will stop blast infections (generally) and it will just make it less likely you'll get infected with the usual nasties

blackice/zone alarm/XP built-in. All free. With the XP one, you may find you have to reboot to actually make the settings stick.

At work, I use it as the IT guy refuses to make the UPS messages directed to him as opposed to the whole universe.... He runs a daily load test, which causes these messages to be broadcast. The first thing you have to do when logging in is to clear hundreds of messages on a machine that's been running (say FAH) for ages

Stopping the messenger service is effective, but not recommended as it can be used by windows itself sometimes.

EMT

That's interesting, any ports forwarded from the router? DMZ? If none of the above maybe it's on the local network

The solution I've always used is to disable the service... I hadn't heard Windows used it for anything... can you elaborate FAH_WW?

mmonnin

I ALWAYS disable the piece of crap. Quickest, easiest way to stop it.

CyrixInstead

bothered said
but with a router and Zone alarm pro, How did it get here?

FAH_WW said
Well the better approach imho would be to install a firewall, or enable the XP firewall

blackice/zone alarm/XP built-in. All free.

bothered has Zone Alarm Pro, so how did it get past? I would have thought that a firewall would not block a messenger message as that is all it is - there is no possibility to attach a virus or anything.

Also, on first install if Zone Alarm is anything like Norton Internet Security (I have this) it will scan the computer and come up with a massive list of progs that access the Internet.

One of these I would imagine would be the Windows Messenger service and so would probably be auto-configured for permitted access.

In this case I'd say bothered is best off disabling the service.

~Cyrix

Hawk

Get xp AntiSpy and you can turn off messenging and a bunch of other crap too. Latest ver. is 3.72. Get the top one, it's english & deutsch ver. http://www.xp-antispy.org/

Slick

To disable the messenger service go to start -> run -> type services.msc -> scrool down until you find the service named 'messenger' -> right click and select properties -> Stop the services and also set the start up type to disabled so it doesn't start up again when you reboot.

mcwc

Here's another good program to kill the windows messenger service from grc.com.

Shoot The Messenger Info
Shoot The Messenger Download

FAH_WW

The messenger service-based stuff should be blocked by a firewall as it's incoming, uninitiated from your box, traffic. So unless it's using a DNS or DHCP port which is trusted, it should block it :|

Very worrying if it doesn't block it...

Have a look at http://www.grc.com - you'll find extensive info on pretty much all ports below 1023 there

(soz me lazy )

Armo

Start > control pannel > Admin tools > Services > Messanger > Startup type: Manual, Stop transmiting > drink beer > sleep > work > drive around > get some pr0n > look at pr0n > sleep some more

Mt_Goat

Install a FIREWALL!!!!

profdlp

Armogeddon00 said
Start > control pannel > Admin tools > Services > Messanger > Startup type: Manual, Stop transmiting > drink beer > sleep > work > drive around > get some pr0n > look at pr0n > sleep some more

Cured my marriage, too.;D

(better off, but you could do better...)

Spinner

bothered said
I was just posting on S-M when this popped up. I just binned it but with a router and Zone alarm pro, How did it get here?

bothered.

I got that exact same Message, twice! just the other day. And I run Norton Internet Security. Also, I don't know whether it is relevant or not but I, after receiving those Messages detected two trojan horses on my rig.

I think it was probably just a conincidence, but I would say you should run a virus scan before you do anything else.

EMT

If the messenger port isn't forwarded and he's not in the DMZ it may very well be a trojan on the network or the local computer. That would explain getting past the router.

Thrax

Just turn the service off and stop worryin' about it.

Having a router with blocked ports does NOT stop incoming traffic. There are many programs out there that can create TCP/IP tunnels right to your door. Net meeting is one.

Necropolis

mtgoat said
Install a FIREWALL!!!!

bothered said
I was just posting on S-M when this popped up. I just binned it but with a router and Zone alarm pro, How did it get here?

bothered.

Sorry, couldnt help myself

FAH_WW

NetMeeting is blocked on my router It's only when you open ports such as the NetMeeting ones that you get this problem

Enverex

Geez, how many people in this thread didnt even bother reading the first post, Jesus Christ people, do yourself and everyone else a favor and read the damn thread.

Firstly he said he was behind a router (so it shouldnt be able to get through regardless)
Secondly he said he IS running a Firewall (another reason it shouldnt have got through)
And thirdly he didnt ask how do disable the service as I am sure Bothered already knows how to.

Sorry, but something had to be said as this is basically a thread with completely useless responses.

Bothered: Check to see if you have opened port 135 on your Router for some reason, or if a DMZ to your machines LAN address is set up on the Router.
Also check to see if Zone Alarm has for some reason either kept port 135 open or has allowed the Messenger service access to the net.

NS

FAH_WW

Urm - have you read it yourself m8 ? That's basically what we said to a very large extent. I refer to the posts regarding routers which open ports based on uPnP/Netmeeting, the post just above yours regarding by EMT which is basically stating the exact same thing as you.

Also, whether the messenger service has access to the net or not makes NO difference at all, as that's only outgoing...

Doesn't look to me like you've read it nor understand the question. Swearing won't help either...

Sorry if this response may sound harsh, but then you're asking for it.

Thrax

Which is why I also noted that plenty of programs out there can initialize a TCP/IP tunnel straight to the destination computer. I use such a thing to allow filesharing through both my router and any destination router. Firewall or not, NAT or not.

Secondly.

He may not have ASKED how to disable the service, but most certainly it will never get through again if the service is not on to receive it. So the point of asking or not is moot.

FAH_WW

Thrax: I couldnt agree more

Jimborae

Thrax: I couldnt agree more

Second that :thumbup

Slightly off topic but FAH_WW, you is just down/up the road from me. I'm in Newbury, about 15mins down the A34

Regards

Jim

FAH_WW

Jimborae: visit the CMF as well hehe - depends on traffic on the A34 though LOL Nice to meet ya

CyrixInstead

A34? Newbury? Christ! That's wayyyy down south. The A34 goes up through Birmingham, passes next to Stoke-on-Trent and carries on right through Manchester.

Weird, so if I got on the A34 at Stoke, I could go and visit one of you two.

Wow, what along normal road!

~Cyrix

Spinner

In a nutshell then :rolleyes2, if you want to stop it from happening again, then remove the Messenger service (see the tweaks and tricks thread). But if you still want to use it, don't know whether you do, but I sure as hell do, you'll just have to put up with the occasional ad/trojan/pointless popup coming at ya from through your firewall, router and what have ya.

This thread could have been so much shorter.

/me chuckles for no apparent reason

Jimborae

Cyrix, the A34 is one of the oldest roads in the UK goes back to Norman days, being the main route North & South until the advent of motorways in the twentieth century.

See, ask about pop ups. Learn about road history. Weird nes pas.

Jim

EMT

Thrax said
Which is why I also noted that plenty of programs out there can initialize a TCP/IP tunnel straight to the destination computer. I use such a thing to allow filesharing through both my router and any destination router. Firewall or not, NAT or not.

Hate to admit it but I've never heard of this. I'm interested - do you have a link for more info?

Leonardo

this is basically a thread with completely useless responses

Good then, as I now have license to reveal my ignorance on this subject.... then, maybe not.

Hate to admit it but I've never heard of this. I'm interested - do you have a link for more info?

Well, you know where your next unsolicited pop-up is coming from!

Thrax

Netmeeting establishing a TCP/IP tunnel

It's annecdotal evidence of course, but I've done several port scans on both the routers I have in sequence, and port 3000 is entirely blocked on both. Port 3000 is, consequently, the port I have determined for file transfer in ICQ/AIM/mIRC. Before dialing a false IP with NetMeeting, file transfer never occurrs. After dialing said IP, file transfer works appropriately.

Furthermore, ports others have enabled for the reception of files in their programs are fully capable of receiving my sent files, even when the ports are blocked by default, and unopened on their routers.

It's pretty solid evidence, in my opinion. Feel free to pwn me though. If I'm wrong, hey, I'm wrong.