January 28th, 2005, 15:13 PM
I have a problem with a spyware that is using windows message service. I've tried alot of programs but nothing seems to detect it. I've tried:
Spyware search and destroy
I know it's using msssrv.exe in windir\system32 please check if this is a windows file or I can delete it. How can I get rid of it?
January 28th, 2005, 15:21 PM
Old and Cranky
Well it looks like it is a McAfee file. So don't think I'd delete it. check this:
ModuleName : C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
Command Line : "C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe"
ProcessID : 1472
ThreadCreationTime : 12-26-2004 11:52:36 PM
BasePriority : Normal
FileVersion : 1.00.1117.0
ProductVersion : 1.00.1117.0
ProductName : McAfee AntiSpyware
CompanyName : Network Associates, Inc.
FileDescription : McAfee AntiSpyware RealTime Service
InternalName : MssSrv.exe
LegalCopyright : Copyright © 2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : MssSrv.exe
January 28th, 2005, 15:26 PM
why in system32 and not in it's folder?
January 28th, 2005, 15:37 PM
take a look at that
January 28th, 2005, 15:50 PM
Old and Cranky
That is an advertisement.
January 28th, 2005, 16:15 PM
haha don't go to that place...
Go to Control Panel> Administrative Tools> Services and disable "Messenger"
Then use CCleaner and CWShredder for good measures.
Also try a2 Free or ewindo Free
What browser are you using ?
January 28th, 2005, 21:07 PM
Triple Platinum Member
If you are getting messenger spam like that you either
a) have no firewall
b) have a crap firewall
c) haven't turned your firewall on
You can turn off the messenger service but a proper firewall wouldn't pass those packets anyway.
January 29th, 2005, 03:12 AM
It's probably because I allowed almost everything to connect to the Internet but the main qustion is why I can't find it with all the anti-spam program?
and I have mcafee personal firewall.
January 29th, 2005, 16:43 PM
This is what Microsoft says about it:
What this means is that this is a nice little program that comes with Windows which is intended for a most useful
This issue may occur if you receive a net send message from someone who is using the Messenger service in Windows. The Messenger service is a Windows service that transmits net send messages and messages that are sent through the Alerter service between client computers and servers. For example, network administrators use Messenger service to send administrative alerts to network users. Windows and other software programs can also use the Messenger service. For example, Windows may use it to inform you when a print job is completed or when you lose power to your computer and switch to an uninterruptible power supply (UPS). Your antivirus program may use the Messenger service to send you notifications. The Messenger service is not related to your Web browser, e-mail program, Windows Messenger, or MSN Messenger. This issue may occur if the following conditions exist:
• The Messenger service is started.
• The Remote Procedure Call service is started.
• Inbound NetBIOS (NetBIOS over TCP/IP) and UDP broadcast traffic is turned on for your Internet connection.
To resolve this issue, install or turn on a firewall that blocks inbound NetBIOS and UDP broadcast traffic. The method that you use to resolve this issue depends on your operating system and how you connect to the Internet. The following sections provide examples of several different configurations and possible methods of resolution.
purpose BUT the @$$%#!!s of the world have figured out how to abuse it and make it popup advertisement spam in your face.
The solution Microsoft presents will work. However, I recommend either disabling or completely removing the service.
To Disable Windows Messenger Service (instructions)
To Delete Windows Messenger Service (ShootTheMessenger Program you can download)
Microsoft Knowledgebase Article 330904 (the quote is from this source)
January 30th, 2005, 21:25 PM
I use the ShootTheMessengerProgram on all my comps and new installs too, only in my work domain computer cant disable service, but I configure firewall to block
--- 0wN3D by 3gG ---
January 30th, 2005, 21:47 PM
Triple Platinum Member
Make a registry patch you know exactly what is happening that way.
Windows Registry Editor Version 5.00
Not that I don't trust Steve Gibson, but I do wonder why he didn't just make a registry patch instead of a program - what was the point? Still say you should sort your firewall out though because there are exploits which can get through the same hole if you dont.
January 30th, 2005, 21:57 PM
Moved this thread for our brand new Spyware section