Ad Popups in messenger

Discussion in 'Windows Update' started by Laurie Johnson, Oct 7, 2003.

  1. I have software placed into my computer without my
    knowledge or approval and I'm told they are there because
    of messenger. I can't locate messenger but I know it's in
    here somewhere. Spyware programs are not effective in any
    way. Can someoen help me please before I go nuts with
    these even offers to seel me illicit drugs
    and I don't think it's the kind of thing kids should see

    Laurie Johnson
    Laurie Johnson, Oct 7, 2003
    1. Advertisements

  2. Laurie Johnson

    Jim Byrd Guest

    Hi Laurie - There are currently two classes of things going on that are
    causing people popup difficulties. If you get popups even when your browser
    is not connected to the Internet with a title bar reading "Messenger
    Service", then these are most likely due to open NetBios TCP ports 135, 139
    and 445 and UDP ports 135, 137-138 and a UDP port in the range of
    1026-1029.. You really need to block these with a firewall as a general
    protection measure. You can stop the popups by turning off Messenger
    Service; however, this still leaves you vulnerable. If you have an NT-based
    OS such as XP or Win2k, you should probably also specifically block TCP
    593, 4444 and UDP 69, 139, 445, and install the very important 823980 patch
    from MS03-026, here: to block
    the Blaster worm..

    See: Messenger Service Window That Contains an Internet Advertisement
    Appears which identifies reasons to
    keep this service and steps to take if you do.

    You can test your system and follow the 'Prevention' link to get additional
    information here: Unless you have very good
    reasons to keep this active, it should be turned off in Win2k and XP. Go
    here and do what it says: or, even better, get
    MessageSubtract, free, here, which will give you flexible control of the
    service and viewing of these messages: Recommended.

    (FWIW, ZoneAlarm's default Internet Zone firewall configuration blocks the
    necessary ports to prevent this use of Messenger Service. I don't know the
    situation with regard to other firewalls.)

    Messenger Service is not per se Spyware or something that MS did wrong - It
    provides a messaging capability which is useful for local intranets and is
    also sometimes (albeit nowdays infrequently) used by some applications to
    provide popup messaages to users. However, it can also be (and now
    frequently is) used to introduce spam via this open NetBios channel.
    For a single user home computer, it normally isn't needed and can be turned
    off which will eliminate the spam popups. This DOESN'T, however, remove the
    vulnerability of having these ports open, when in fact they aren't needed,
    since they can be perverted in other ways as well, some of which can be much
    more damaging than just a spam popup.

    If you're getting a lot of popups while surfing, then the following may be

    Popups - The best way to start is to get Ad-Aware 6.0, Build 181 or later,
    here: Update and run this
    regularly to get rid of most "spyware/hijackware" on your machine.

    Another excellent program for this purpose is SpyBot Search and Destroy
    available here: SpyBot Support Forum here: I recommend
    using both normally. After fixing things with SpyBot S&D, be sure to re-boot
    and rerun SpyBot again and repeat this cycle until you get a clean "no red"

    Then, there are a variety of third party "Popup Killers" available. I
    normally use AdShield, which, if you maintain its Block List every now and
    then, almost totally stops this. In addition, it stops a variety of
    ads/banners/etc. (particularly spyware like doubleclick) on pages I access.
    This is probably all you'll need; however, I've also investigated a program
    called webwasher which appears to be very good, but decided that AdShield
    was sufficient. At the bottom of this post, you'll find a list provided
    courtesy of bc_acadia of a number of free popup blockers with links.

    ****** NOTE: As of 28 Apr 03 AdShield appears to have partnered with a new
    reseller, and AdShield is no longer free. There is a trial version of
    AdShield3; however, IMO it is seriously crippled in not being able to import
    or export block lists and I think for reasonable utility one would have to
    go to the full version. While I don't normally recommend non-free software,
    I personally will continue to use AdShield3, since I think it is the best
    currently available combined Popup/Ad/Malware blocker, but you should be
    aware of the fact that it now costs, ($29.95), whereas the earlier versions
    upon which I based my original recommendation were free, although not nearly
    as capable as the AdShield3 release. I've included below links to both the
    older free version and the new paid version. You'll have to investigate and
    make your own choice in the matter. *******

    Here are a number of AdShield-related links: - AdShield1.2 (free) - AdShield1.2
    (free) -
    AdShield1.2 (free) - AdShield1.2 (free) - AdShield3 - (Mike Burgess' .txt Block List
    for AdShield) - Mike Burgess' Zipped Block List
    for AdShield - Recommended) (lists a number of blocklists) (brian's blocklist in .abl
    format) (brian's blocklist in .txt
    format) (40,000 pornsites
    blocked - *VERY* large list - use at your own risk) (chrismyden's blocklist in .abl
    format) (Eric Howes AGNIS
    for AdShield block list - Recommended) (BTW, Eric's site contains a wealth
    of very valuable information about all aspects of net security - Very Highly

    There's also a new AdShield forum here:

    Here's a good AdShield test site, courtesy of siljaline: "Make ***SURE***
    you have your block scripted popups enabled>>>> [Warning this URL
    opens a multitude of Browser windows almost instantly]" - Webwasher

    Additionally, some people have recommended Popup Stopper and PopupBuster,
    but they have also been reported or experienced to cause perceived problems
    for some people with "normal" links in IE6 such as Google search results and
    links from OE. Some proponents of PopupBuster assert, however, that this is
    normal operation for this program under
    certain circumstances which can be overridden if necessary. YMMV Another
    "Proxy" type blocker similar to Webwasher and Proxomitron but supposedly a
    bit easier to configure is Privoxy here:

    Also, if you're comfortable allowing changes to the registry, there is an
    approach, IE-SPYAD, using the restricted sites list which can be used for
    scripted popups. I use this and it works very well. See here:

    There is additonal information about setting up and using AdShield, and
    about using the Restriced Zone (and an additional list) here: and some of the Frequently Asked
    Questions (FAQ's) about AdShield here:

    Lastly, ZoneAlarmPro3/4 has added provisions for stopping adds/popups,
    handling cookies, web bugs, and scripting/ActiveX components in addition to
    it's firewall functionality. Not free, but I have used it with my other
    AdBlocking stuff (AdShield, etc.) turned off as a test, and it appears to be
    very good indeed. So far I've experienced no problems at
    all with it set in its High Security modes for Ads although others have
    reported the need to temporarily turn it off to reach some sites. Also,
    Agnitum's Outpost Firewall supports a plug-in for this: "Pre-configured to
    block most banner advertisement. Can be configured manually or by simply
    dragging and dropping unwanted banners into the Ad Trashcan." I
    have no experience as to how effective it is, but I have received a
    favorable report.

    There's good information about hijacking in general and fixes available for
    specific hijackers here:

    bc_acadia's list:

    "Some popup blockers. All of these are 100% pure freeware, no trial
    periods. Some of these do more than just handle popups.

    Internet Organizer:
    AdCruncher Proxy:
    Free Surfer:
    Window Shades:
    AdShield (my personal favorite):
    Proxomitron (has learning curve):
    For those who don't want third party stuff, your own pc's built-in
    host file: and and

    Here is a review of 61 popup killers, not all of them are free:"

    NOTE that this site also contains a good, comprehensive series of popup
    killer tests. Some good additional tests are also available here:

    Finally, there's a new class of hijacker using Window's Messenger Service
    (not Instant Messaging, BTW) that I discussed at first.

    you might want to consider installing the SpywareBlaster and SpywareGuard
    here to help prevent this kind of thing and other malware from happening in
    the future: (Prevents malware Active
    X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
    memory load - but keep it updated) The latest version as of this writing
    will prevent installation or prevent the malware from running if it is
    already installed, and it provides information and fixit-links for a variety
    of parasites. (Monitors for attempts to
    install malware) Both Very Highly Recommended.

    Perhaps these will help.

    Please respond in the same thread.
    Regards, Jim Byrd, MS-MVP

    Jim Byrd, Oct 7, 2003
    1. Advertisements

  3. Laurie Johnson

    Frank Guest

    Frank, Oct 7, 2003
  4. Laurie, you can disable the Messenger Service in your your
    Services Control panel. Stop it, then set it to Manual
    statrt or Disabled. Provided you do not use Messenger for
    anything, doing this should not be a problem.

    Also, you can downloaad SpyBot, a freeware program written
    by Patrick Kolla of Germany. I've used it quite a bit and
    it works well to remove known ad software and other
    annoyances like the one you described.

    Good luck
    Kevin McKenna, Oct 7, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.