What is Messenger Service?

What is Messenger Service?: Posted by Steve Freides on September 24th, 2003; After being away from my desk for a while, I came back to my XP machine
and saw window on the screen with the title "Messenger Service", saying
"Message from NetPopUp to You on <date/time>" - it was an advertisement
from www.netpopup.net, telling me I could click on OK to close the
window - yeah, right!

How the hell is such a thing possible, and what do I do to make sure it
never happens again?

I looked in the Task List and, sure enough, I have one application
running, and it's named Messenger Service.

Thanks in advance.

-S-; Posted by Rob B on September 24th, 2003; Start, run, type
net stop messenger

It's just a built in messenger client for windows.

"Steve Freides" <steve@fridayscomputer.com> wrote in message
news:3F71CF79.FD8B971D@fridayscomputer.com...; Posted by Mcploppy © on September 24th, 2003; Steve Freides bashed at the keyboard and said :

*SYMPTOMS*
A Messenger service window that contains an Internet advertisement appears.
The text in the advertisement is similar to the following text:

Messenger Service
Message from source to your_computer_name.ISP_name on date time
Message Text
These messages are also called "messenger spam."

*CAUSE*
This issue occurs if you are sent a *net send* message by someone who is
using the Messenger service in Windows.
The Messenger service is a Windows service that transmits net send messages
and messages that are sent through the Alerter service between client
computers and servers.
For example, the Messenger service can be used by network administrators to
send administrative alerts to network users.
The Messenger service can also be used by Windows and other software
programs.
For example, Windows may use it to inform you when a print job is completed
or when you lose power to your computer and switch to a uninterruptible
power supply (UPS). Your antivirus program may use the Messenger service to
send you notifications. The Messenger service is not related to your Web
browser, e-mail program, Windows Messenger, or MSN Messenger.

This issue may occur if the following conditions exist:
The Messenger service is started.
The Remote Procedure Call service is started.
Inbound NetBIOS (NetBIOS over TCP/IP) and UDP broadcast traffic is turned on
for your Internet connection.

*RESOLUTION*
To resolve this issue, install or turn on a firewall that blocks inbound
NetBIOS and UDP broadcast traffic. The method that you use to resolve this
issue depends on your operating system and how you connect to the Internet.
The following sections provide examples of several different configurations
and possible methods of resolution.
You Connect to the Internet Directly
If you use a single computer that is connected to the Internet directly (by
using a cable modem, a DSL modem, or a dial-up modem, for example), install
a firewall and block inbound NetBIOS and UDPbroadcast traffic on your
computer.

*YOU ARE RUNNING WINDOWS XP*
If you are running Windows XP and connect to the Internet directly (by using
a cable modem, a DSL modem, or a dial-up modem, for example), install
Windows XP Service Pack 1 (SP1) and turn on Internet Connection Firewall
(ICF). By default, the installation of Windows XP SP1 allows Internet
Connection Firewall (ICF) to block all incoming traffic (unicast, multicast,
and broadcast). For additional information about this change in ICF blocking
behavior in Windows XP SP1, click the following article number to view the
article in the Microsoft Knowledge Base:
329928 ICF Now Blocks Unsolicited Inbound Unicast, Multicast, and Broadcast
Traffic

*WORKAROUND*
To work around this issue, turn off the Messenger service. To do so, follow
these steps:
Click Start, and then click Control Panel (or point to Settings, and then
click Control Panel).
Double-click Administrative Tools.
Double-click Services.
Double-click Messenger.
In the Startup type list, click Disabled.
Click Stop, and then click OK.

*NOTE*
If the Messenger service is stopped, messages from the Alerter service
(notifications from your antivirus software, for example) are not
transmitted. If the Messenger service is turned off, any services that
explicitly depend on the Messenger service do not start, and an error
message is logged in the System event log.
For this reason, Microsoft recommends that you install a firewall and
configure it to block NetBIOS and RPC traffic instead of turning off the
Messenger service.

*MORE INFORMATION*
The Messenger service uses UDP ports 135, 137, and 138; TCP ports 135, 139,
and 445; and an ephemeral (that is, short-lived) port number greater than
1024.

In addition to preventing net send messages, a firewall can also protect
your computer from other malicious attacks over the Internet.

A good firewall an be obtained from www.zonelabs.com

HTH
--
Mcploppy ©

{ Remove both MyShoes to email me}
{ Homepage: http://tinyurl.com/bbel }
{ Local Radio: http://tinyurl.com/j1vi }
{ Download Messenger 6 http://tinyurl.com/h7co }; Posted by °Mike° on September 24th, 2003; On Wed, 24 Sep 2003 18:27:13 +0100, in
<bksk3v$5cp9p$1@ID-201331.news.uni-berlin.de>
Mcploppy © scrawled:

Why didn't you just post a link to the source, instead of all 118 lines?
You should also have quoted your source.

Messenger Service Window That Contains an Internet
Advertisement Appears
http://support.microsoft.com/default.aspx?kbid=330904

<snip>

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html; Posted by °Mike° on September 24th, 2003; You should install a firewall, since the messenger service
uses ports 137-139 (NETBIOS), which should be blocked by your
firewall.

To prevent the Messenger service from starting automatically,
open the Services panel by typing...

services.msc /s

....into the Start / Run box.
In the right-hand pane highlight 'Messenger'.
Right click and choose 'Properties'.
Click the 'Stop' button.
From the 'Startup Type' drop down, choose 'Disabled' or 'Manual'.
'Apply / Ok'.

More information:

Messenger Service Window That Contains an Internet
Advertisement Appears
http://support.microsoft.com/default.aspx?kbid=330904

Windows Messages
http://www.jmu.edu/computing/security/info/winmsg.shtml

How to stop Messenger SPAM Disable Windows Messenger
Service
http://www.auburn.edu/oit/security/m...erService.html

How to Prevent Windows Messenger from Running on a Windows
XP-Based Computer
http://support.microsoft.com/default.aspx?kbid=302089

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/p...e/stopspam.asp

Disable-Remove Windows Messenger
http://www.dougknox.com/xp/utils/xp_mess_disable.htm

Firewalls:
------------
Outpost
http://www.agnitum.com/products/outpost/

Sygate
http://soho.sygate.com/products/shield_ov.htm

Zone Alarm
http://www.zonelabs.com/

On Wed, 24 Sep 2003 13:08:09 -0400, in
<3F71CF79.FD8B971D@fridayscomputer.com>
Steve Freides scrawled:

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html; Posted by Patrick on September 24th, 2003; Steve Freides wrote:
Thiere is a small (free) utility at link below that will turn off/on the
'Messenger Service', it is though as it's name implies only hideing a
symptom of poor security. (plenty details on page).
http://grc.com/stm/ShootTheMessenger.htm

Another (free) utility that will block/unblock the ports used my 'Messenger
Service'
http://grc.com/unpnp/unpnp.htm

Both of above utilitys can reside on your Desktop (or not at all) and need
no installation.; Posted by Steve Freides on September 24th, 2003; What's the difference between going through admin tools or running
services.msc and going into msconfig and disabling it there? The OS
seems to like doing it either of the first two ways but doing it through
MSCONFIG gets you all sorts of dire warnings about running a
non-standard setup.

TIA, and thank you both for the helpful information. I had trouble with
MS' firewall and other software here so it's disabled, and ZoneAlarm,
Tiny, or similar will be installed on my machine shortly.

-S-

"°Mike°" wrote:; Posted by °Mike° on September 24th, 2003; Going the services.msc is quicker... msconfig is a diagnostics
tool only, and should not be used to disable programs, where
possible.

On Wed, 24 Sep 2003 13:49:07 -0400, in
<3F71D913.4231A676@fridayscomputer.com>
Steve Freides scrawled:

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html; Posted by DaveW on September 24th, 2003; If you want to use a firewall to block the messages, the
"ephemeral (that is, short-lived) port number greater than
1024" mentioned in a previous message, is at this time,
ports 1026 and 1027.

"Steve Freides" <steve@fridayscomputer.com> wrote in message
news:3F71D913.4231A676@fridayscomputer.com...

Similar Posts

Signing in to Messenger Service failed because the service is not (MSN Messenger) by pipmicky
Messenger Service (Microsoft Windows) by -----------------
messenger service pop up (Security & Administration) by butterfly
Re: Messenger Service (Computers & Technology) by °Mike°
Messenger Service (Computers & Technology) by JOHN