Results 1 to 12 of 12

Thread: Another spyware

  1. #1
    Member
    Join Date
    Jun 2004
    Posts
    96

    Another spyware

    I have a problem with a spyware that is using windows message service. I've tried alot of programs but nothing seems to detect it. I've tried:
    Spyware doctor
    Ad-Aware pro
    Spyware search and destroy
    I know it's using msssrv.exe in windir\system32 please check if this is a windows file or I can delete it. How can I get rid of it?

  2. #2
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    Well it looks like it is a McAfee file. So don't think I'd delete it. check this:


    ModuleName : C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
    Command Line : "C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe"
    ProcessID : 1472
    ThreadCreationTime : 12-26-2004 11:52:36 PM
    BasePriority : Normal
    FileVersion : 1.00.1117.0
    ProductVersion : 1.00.1117.0
    ProductName : McAfee AntiSpyware
    CompanyName : Network Associates, Inc.
    FileDescription : McAfee AntiSpyware RealTime Service
    InternalName : MssSrv.exe
    LegalCopyright : Copyright 2004 Networks Associates Technology, Inc. All Rights Reserved.
    OriginalFilename : MssSrv.exe

  3. #3
    Member
    Join Date
    Jun 2004
    Posts
    96
    why in system32 and not in it's folder?

  4. #4
    Member
    Join Date
    Jun 2004
    Posts
    96
    take a look at that

  5. #5
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    That is an advertisement.

  6. #6
    Hardware guy Super Moderator FastGame's Avatar
    Join Date
    Apr 2002
    Location
    Blasters worm farm
    Posts
    3,416
    haha don't go to that place...

    Go to Control Panel> Administrative Tools> Services and disable "Messenger"

    Then use CCleaner and CWShredder for good measures.

    Also try a2 Free or ewindo Free

    What browser are you using ?

  7. #7
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    If you are getting messenger spam like that you either
    a) have no firewall
    b) have a crap firewall
    c) haven't turned your firewall on
    You can turn off the messenger service but a proper firewall wouldn't pass those packets anyway.

  8. #8
    Member
    Join Date
    Jun 2004
    Posts
    96
    It's probably because I allowed almost everything to connect to the Internet but the main qustion is why I can't find it with all the anti-spam program?
    and I have mcafee personal firewall.

  9. #9
    Junior Member oftentired's Avatar
    Join Date
    Oct 2004
    Posts
    17
    This is what Microsoft says about it:
    CAUSE
    This issue may occur if you receive a net send message from someone who is using the Messenger service in Windows. The Messenger service is a Windows service that transmits net send messages and messages that are sent through the Alerter service between client computers and servers. For example, network administrators use Messenger service to send administrative alerts to network users. Windows and other software programs can also use the Messenger service. For example, Windows may use it to inform you when a print job is completed or when you lose power to your computer and switch to an uninterruptible power supply (UPS). Your antivirus program may use the Messenger service to send you notifications. The Messenger service is not related to your Web browser, e-mail program, Windows Messenger, or MSN Messenger. This issue may occur if the following conditions exist:

    The Messenger service is started.
    The Remote Procedure Call service is started.
    Inbound NetBIOS (NetBIOS over TCP/IP) and UDP broadcast traffic is turned on for your Internet connection.


    RESOLUTION
    To resolve this issue, install or turn on a firewall that blocks inbound NetBIOS and UDP broadcast traffic. The method that you use to resolve this issue depends on your operating system and how you connect to the Internet. The following sections provide examples of several different configurations and possible methods of resolution.
    What this means is that this is a nice little program that comes with Windows which is intended for a most useful
    purpose BUT the @$$%#!!s of the world have figured out how to abuse it and make it popup advertisement spam in your face.

    The solution Microsoft presents will work. However, I recommend either disabling or completely removing the service.

    To Disable Windows Messenger Service (instructions)

    To Delete Windows Messenger Service (ShootTheMessenger Program you can download)

    Microsoft Knowledgebase Article 330904 (the quote is from this source)

    Download links for Slimbrowser:
    Lite Edition of Slimbrowser | Regular Edition of Slimbrowser

    Relationships are ours to make; we define them, day by day,
    by who we choose to love and how we choose to love them.
    And, by these choices, define ourselves. Richard N. Patterson

  10. #10
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,852
    I use the ShootTheMessengerProgram on all my comps and new installs too, only in my work domain computer cant disable service, but I configure firewall to block

    --- 0wN3D by 3gG ---

  11. #11
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    Make a registry patch you know exactly what is happening that way.
    ________________________________________________________________
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
    "Type"=dword:00000020
    "Start"=dword:00000004

    ________________________________________________________________
    Not that I don't trust Steve Gibson, but I do wonder why he didn't just make a registry patch instead of a program - what was the point? Still say you should sort your firewall out though because there are exploits which can get through the same hole if you dont.

  12. #12
    Hardware guy Super Moderator FastGame's Avatar
    Join Date
    Apr 2002
    Location
    Blasters worm farm
    Posts
    3,416
    Moved this thread for our brand new Spyware section

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •