Messenger Service 1

[jediwarrior]

Hi all,

I tried to submit a question before but don't know where it went, so I'll try again.
I am working on a problem where I had to format a hard drive because it wouldn't boot up. I formatted it and reloaded WIN XP.I did this for a friend and he took care of loading everything else on it. Now he is getting errors from a 'Messenger Service' saying there are 55 critical system errors and download

http://www.registryalert.net,

and another popup that says system registry s corrupt and go to 'tocleanpc.com and yet another one telling them to go to

http://www.clean32.com.

I put PC-Cillin and loaded Spybot S&D and scanned their system. How is this popup comming up all the time? and what is Messenger Service?
I can't believe their is a problem since the hard drive is formatted and I loaded WINXP right from the CD.
Any help would be greatly appreciated.

Thanks,
Jediwarrior

 

[TomCologne]

The Messenger service is hardly ever needed, just disable it & those pop ups will be history.

More about services:

http://www.theeldergeek.com/services_guide.htm

TomCologne

 

[joebest]

you're always best off to install winxp sp2 before going online after a reinstall as it removes the majority of the vulnerabilities like the one your friend is afflicted with.
search for a windows xp service pack 2 redistributable for future re-installs.

 

[kmcferrin]

The messenger service is mainly used for communications between computers. However, there is a way to use it to cause a message to pop up on a PC that only has a plain text message and an OK button. Four or five years ago spammers started using it to spam messages out to internet connected PCs. For 99% of home users they can just turn off the messenger service without any problems.

To do so, right-click on My Computer and select Manage. In the tree on the left side of the window expand Services and Applications, and then select Services. In the right-hand pane scroll down until you see "Messenger". Double-click on messenger, then click the "Stop" button to stop the service. Then just above that, click the drop-down box labelled "Startup type" and select "Disabled". Then click OK and close the window.

 

[dglienna]

It was turned ON by default in W2K. Can't tell you how many 'viruses' I've 'cleansed' doing this.

-David
2006 & 2007 Microsoft Most Valuable Professional (MVP)
2006 Dell Certified System Professional (CSP)

 

[smah]

The only problem with the Messenger Service is when it's opened to the internet. When open to the internet, anyone can send these messenger messages (disguised as advertisements, virus infection notices, or whatever). However, the big concern is not the messages themselves or that the service is running - the implication when someone is getting these messenger pop-ups is that there is no firewall or it's incorrectly configured!

 

[jlockley]

That's messenger spam. I've never been able to get a handle on it with a firewall. Never respond to pop ups. Disable Messenger.

 

[kmcferrin]

While I agree that it's bad to respond to popups, with the Messenger service spam clicking OK is harmless since there's no code involved.

Blocking it with a firewall should be easy. Just make sure that your block all of the usual Microsoft networking ports (135, 137-139, and 445 - all of which should be blocked anyway) along with 1024-1028.

Microsoft doesn't list specific port numbers for the ports used at 1024 and higher, but most of the spam is using the 1024-1028 range. If you want you can block more ports than that you can (and probably should anyway).

Even if you turn of the Messenger service (which is the easy fix) you should still be blocking these ports.

 

[Bigbc1224]

Hey try this link

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

I had came across a computer with a similar problem and it cleared off the phony "you have virus" alert.

 

[Bigbc1224]

Sorry i forgot to add a link to the page that gives you general insstructions for the program

http://siri.geekstogo.com/SmitfraudFix.php

Sorry about the double post.