I have a problem with a spyware that is using windows message service. I've tried alot of programs but nothing seems to detect it. I've tried:
Spyware doctor
Ad-Aware pro
Spyware search and destroy
I know it's using msssrv.exe in windir\system32 please check if this is a windows file or I can delete it. How can I get rid of it?

Well it looks like it is a McAfee file. So don't think I'd delete it. check this:


ModuleName : C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
Command Line : "C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe"
ProcessID : 1472
ThreadCreationTime : 12-26-2004 11:52:36 PM
BasePriority : Normal
FileVersion : 1.00.1117.0
ProductVersion : 1.00.1117.0
ProductName : McAfee AntiSpyware
CompanyName : Network Associates, Inc.
FileDescription : McAfee AntiSpyware RealTime Service
InternalName : MssSrv.exe
LegalCopyright : Copyright © 2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : MssSrv.exe

why in system32 and not in it's folder?

take a look at that
http://www.freewebs.com/ilyail3/spyware.bmp

That is an advertisement.

haha don't go to that place...

Go to Control Panel> Administrative Tools> Services and disable "Messenger"

Then use CCleaner (http://www.ccleaner.com/) and CWShredder (http://www.snapfiles.com/download/dlcoolwebshredder.html) for good measures.

Also try a2 Free (http://www.emsisoft.com/en/software/free/) or ewindo Free (http://www.ewido.net/en/)

What browser are you using ?

If you are getting messenger spam like that you either
a) have no firewall
b) have a crap firewall
c) haven't turned your firewall on
You can turn off the messenger service but a proper firewall wouldn't pass those packets anyway.

It's probably because I allowed almost everything to connect to the Internet but the main qustion is why I can't find it with all the anti-spam program?
and I have mcafee personal firewall.

This is what Microsoft says about it:
CAUSE
This issue may occur if you receive a net send message from someone who is using the Messenger service in Windows. The Messenger service is a Windows service that transmits net send messages and messages that are sent through the Alerter service between client computers and servers. For example, network administrators use Messenger service to send administrative alerts to network users. Windows and other software programs can also use the Messenger service. For example, Windows may use it to inform you when a print job is completed or when you lose power to your computer and switch to an uninterruptible power supply (UPS). Your antivirus program may use the Messenger service to send you notifications. The Messenger service is not related to your Web browser, e-mail program, Windows Messenger, or MSN Messenger. This issue may occur if the following conditions exist:

• The Messenger service is started.
• The Remote Procedure Call service is started.
• Inbound NetBIOS (NetBIOS over TCP/IP) and UDP broadcast traffic is turned on for your Internet connection.

RESOLUTION
To resolve this issue, install or turn on a firewall that blocks inbound NetBIOS and UDP broadcast traffic. The method that you use to resolve this issue depends on your operating system and how you connect to the Internet. The following sections provide examples of several different configurations and possible methods of resolution.
What this means is that this is a nice little program that comes with Windows which is intended for a most useful
purpose BUT the @$$%#!!s of the world have figured out how to abuse it and make it popup advertisement spam in your face.

The solution Microsoft presents will work. However, I recommend either disabling or completely removing the service.

To Disable Windows Messenger Service (http://www.dvdsqueeze.com/windowsmessage.htm) (instructions)

To Delete Windows Messenger Service (http://grc.com/stm/ShootTheMessenger.htm) (ShootTheMessenger Program you can download)

Microsoft Knowledgebase Article 330904 (http://support.microsoft.com/default.aspx?scid=kb;en-us;330904) (the quote is from this source)

:)

I use the ShootTheMessengerProgram on all my comps and new installs too, only in my work domain computer cant disable service, but I configure firewall to block ;)

Make a registry patch you know exactly what is happening that way.
________________________________________________________________
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"Start"=dword:00000004

________________________________________________________________
Not that I don't trust Steve Gibson, but I do wonder why he didn't just make a registry patch instead of a program - what was the point? Still say you should sort your firewall out though because there are exploits which can get through the same hole if you dont.

Moved this thread for our brand new Spyware section :)