Question: Finding strange advertisment/prompts messages on my computer while on the internet. How do I get rid of them?
These messages are a result of a Windows 2000/XP bug I guess you could say. Microsoft made a service for the Windows 2000/XP operating system(s) called Messenger. This service was designed so Network Administrators could communicate with other computers or clients on a Internal LAN/WAN without the use of any type of third party service like ICQ/AIM/Skype. Sounds promising huh? Well sure it does, how could this cause any problems for me while I'm surfing the net?
The answer is because Microsoft had the genius idea to leave this service turned on by default. This means anytime someone installs the Windows 2000/XP Operating System that their messenger service has been enabled without them even knowing. Therefore, spammers around the world just make little programs to flip though well known ISP IP Address ranges and send out their spam messages. Sure this is obvious not as effective as email spam because the user who was spammed is unable to single click a link and must type it in their web browser themselves to see the spammers message.
The step by step solution on how to fix this so these errors halt! ->
1. Click Start -> Programs -> Administrative Tools -> Services
2. Scroll down and highlight "Messenger"
3. Right-click the highlighted line and choose Properties.
4. Click the STOP button.
5. Select Disable or Manual in the Startup Type scroll bar
6. Click OK
1. Click Start -> Control Panel
2. Click Performance and Maintenance
3. Click Administrative Tools
4. Double click Services
5. Scroll down and highlight "Messenger"
6. Right-click the highlighted line and choose Properties.
7. Click the STOP button.
8. Select Disable or Manual in the Startup Type scroll bar
9. Click OK
For Windows 95, 98, and ME:
Windows Messaging Service is not installed on Windows 95, 98, or ME. Instead, those OSs come with Winpopup, which acts in a similar way, but is a program rather than a service.
To get rid of Winpopup:
1. Click Start > Search (or Find) > Find Files or Folders.
2. Search for the winpopup.exe file.
3. Right-click on the winpopup.exe file and rename it to "winpopup.bad" (or whatever fun file extension you can think of).
4. Click Yes if prompted.
5. Restart the computer.
1. Go to your Control Panel -> Add/Remove Programs -> Windows Setup -> Accessories
2. Scroll down to the bottom of the list.
3. Uncheck the Winpopup.
Blocking Network Access to the Messenger Service
Blocking access to the service is complicated because it can communicate over multiple protocols, and it shares a port mapper with other applications. Blocking all the possible ports will disable the ability of other computers to send you messages, but it will also disable other services. The most common service that may be affected is Windows file sharing. If you want to share a folder on your computer to the network, this ability may be affected. If you don't want to share a folder across your network, blocking these ports is suggested as a way to improve overall security:
Block access to ports 135, 137-139, and 445. The default configuration of the Internet Connection Firewall shipped with Windows XP will block these ports. Windows NT, 2000, and XP TCP/IP security and filtering options in the network control panel can also be used to block ports. If you have a personal firewall (like BlackICE or ZoneAlarm) you can configure it to block inbound traffic on those ports.
Possible issues with blocking Messenger ports:
- Microsoft Outlook clients can talk to Microsoft Exchange servers on TCP 135
- Windows file sharing requires TCP 139 or 445 depending upon OS
- Server operators, managed networks, and people with custom applications should take great care with blocking ports. Domains and trusts require several of these ports for authentication and other things.
- Some third party applications, particularly management oriented ones may require TCP 135
- Windows Media Technology (also known as NetShow) uses TCP 135 for the Windows Media Administrator and Windows Media Encoder
- According to Microsoft, "Microsoft Office suite and other applications are DCOM aware. You may disable functionality that is in use by blocking ports."
- UDP 137 is needed for netbios name resolution. It and port 138 may be needed for access to netbios resources on the network.
- Some RPC based services exist on high ports (those greater than 1024). It may be possible that those services can be accessed and exploited directly bypassing the mapper on 135.
Feel free to leave comments or ask questions though the comments section of this blog.
Feel free to add content to this blog title and register an account!