|
|
 |
|
|
Pages: 1
How to Disable Messenger Services
(Click here to view the original thread with full colors/images)
Posted by: Shalome
In Microsoft's default configuration, there is a little program called Messenger Services. This is a bit different from the MSN Messenger, which is commonly used to chat.
Unscrupulous people have discovered that they can use Messenger Services to send advertisements and spam to vulnerable machines on a network. A box will pop up on your screen with the text "Messenger Services" at the top, but the text will be an ad for a product or service -- interrupting whatever you're doing on the computer at the time!
To make sure this doesn't happen to you, just take the following steps:
Disabling the Messenger Service
You can disable the Messenger service, although doing so may result in Windows not being able to alert you to some conditions (like some print spooler, anti-virus, and event logger status messages if you access these services from a network server).
Windows 2000
1. Click Start -> Programs -> Administrative Tools -> Services
2. Scroll down and highlight "Messenger"
3. Right-click the highlighted line and choose Properties.
4. Click the STOP button.
5. Select Disable or Manual in the Startup Type scroll bar
6. Click OK
Windows XP
1. Click Start -> Control Panel
2. Click Performance and Maintenance
3. Click Administrative Tools
4. Double click Services
5. Scroll down and highlight "Messenger"
6. Right-click the highlighted line and choose Properties.
7. Click the STOP button.
8. Select Disable or Manual in the Startup Type scroll bar
9. Click OK
For Windows 95, 98, and ME:
Windows Messaging Service is not installed on Windows 95, 98, or ME. Instead, those OSs come with Winpopup, which acts in a similar way, but is a program rather than a service.
To get rid of Winpopup:
1. Click Start > Search (or Find) > Find Files or Folders.
2. Search for the winpopup.exe file.
3. Right-click on the winpopup.exe file and rename it to "winpopup.bad" (or whatever fun file extension you can think of).
4. Click Yes if prompted.
5. Restart the computer.
OR
1. Go to your Control Panel -> Add/Remove Programs -> Windows Setup -> Accessories
2. Scroll down to the bottom of the list.
3. Uncheck the Winpopup.
Blocking Network Access to the Messenger Service
Blocking access to the service is complicated because it can communicate over multiple protocols, and it shares a port mapper with other applications. Blocking all the possible ports will disable the ability of other computers to send you messages, but it will also disable other services. The most common service that may be affected is Windows file sharing. If you want to share a folder on your computer to the network, this ability may be affected. If you don't want to share a folder across your network, blocking these ports is suggested as a way to improve overall security:
Block access to ports 135, 137-139, and 445. The default configuration of the Internet Connection Firewall shipped with Windows XP will block these ports. Windows NT, 2000, and XP TCP/IP security and filtering options in the network control panel can also be used to block ports. If you have a personal firewall (like BlackICE or ZoneAlarm) you can configure it to block inbound traffic on those ports.
Possible issues with blocking Messenger ports:
- Microsoft Outlook clients can talk to Microsoft Exchange servers on TCP 135
- Windows file sharing requires TCP 139 or 445 depending upon OS
- Server operators, managed networks, and people with custom applications should take great care with blocking ports. Domains and trusts require several of these ports for authentication and other things.
- Some third party applications, particularly management oriented ones may require TCP 135
- Windows Media Technology (also known as NetShow) uses TCP 135 for the Windows Media Administrator and Windows Media Encoder
- According to Microsoft, "Microsoft Office suite and other applications are DCOM aware. You may disable functionality that is in use by blocking ports."
- UDP 137 is needed for netbios name resolution. It and port 138 may be needed for access to netbios resources on the network.
- Some RPC based services exist on high ports (those greater than 1024). It may be possible that those services can be accessed and exploited directly bypassing the mapper on 135.
Posted by: Hackenslacker
How do you send a message to these machines?
Posted by: Outlaw
With the "net send" command.
Posted by: Freak
So this totally disables MSN messenger?
Posted by: Shalome
No, it disables Microsoft Messenger Services. It has nothing to do with MSN Messenger.
MSN Messenger is the program you send instant messages/chat with, and it has an icon in your systray. Microsoft Messenger Services is a network-aware service that runs in the background unless you disable it.
Like Outlaw said, you have to use the "net send" command to send out a pop-up message over the network. They are separate programs that have nothing to do with each other.
Posted by: Freak
Thanks for clearing that up.
Posted by: gez95
Thanks very much for this advice on disabling messenger service. I'm a complete newbie and it worked!
Posted by: dangerous
I get various pop-up ads that take up the entire screen with only a scroll bar on the right side (no tool bar, no way to close it). Most often, they are from www.topsearcher.com. The only way to close it is to use ctrl-alt-delete. Then it's necessary to "restore my active desktop." I tried your solution, but it didn't work. It seems as though I get it each morning when I open Internet Explorer, but ususally only the first time after I turn on my computer. Any ideas how I can rid myself of this annoyance?
Posted by: Canis Lupus
First of all, your problem is not the same as the problem Shalome has posted the guide for ... this is not a guide to get rid of pop-up "ads", it's a guide to get rid of pop-up "messages" sent through a network...
First of all, what is the first page your browser loads when you start it up? Chances are, that page is the one with the pop-ups ... so change your default homepage to Yahoo or something. Second, disable active desktop - it does more harm than good...
Posted by: Hackenslacker
 Quote:
Originally posted by dangerous
I get various pop-up ads that take up the entire screen with only a scroll bar on the right side (no tool bar, no way to close it). Most often, they are from www.topsearcher.com. The only way to close it is to use ctrl-alt-delete.
|
Alt-F4 closes the the front window.
Posted by: Shalome
dangerous, it sounds like you need to run an anti-spyware/adware program on your computer.
Some websites automatically download "adware" to your computer, causing things like automatic pop-ups, changing your default webpage, adding links to your Bookmarks...
A program like Ad-Aware from Lavasoft will find and delete the adware/spyware that sneaks itself onto your computer. I highly recommend it!
Posted by: A Kelly
Shalome, Thanks, there's gotta be something else... I'm running Win98SE on a "stand alone" machine and have long ago deleted Winpopup.exe. Additionally, I run ZoneAlarm 24/7 and Spybot S&D and Adaware weekly. Whenever I surf the 'net Pop! a new window's been opened with BS advertising. Will the popup blocker you suggested hog CPU resources?
Posted by: Heathen
I suggest you switch browsers and see if that helps.
Try Mozilla or my fave Opera. Both of these browsers have built in pop-up blockers. I've not seen on since I switched to Opera 18 months ago 
Posted by: yog-sothoth
I just had the same troubles with topsearcher.com - i got rid of it after using a nice little tool called CWShredder which you can find here:
http://www.spywareinfo.com/~merijn/cwschronicles.html
postings in other boards suggested that i change/delete some entries in my registry, but i'm not really familiar with operating deep within the bowles of my registry so i was quite happy and thankful when i found CWShredder 
Oh - if you're unsure what is causing the problem get yourself the tool HijackThis (download at http://www.spywareinfo.com/~merijn/index.html)
and post the logfile in a board which is dedicated to solving probs like these:
http://forums.techguy.org/forumdisp...p?s=&forumid=54
or http://forums.spywareinfo.com/index.php?showforum=11
|
|
|
|
|
