How to rid "registry update" pop up
Moderator: Wiz Feinberg
-
Bill Myrick
- Posts: 2567
- Joined: 21 Feb 1999 1:01 am
- Location: Pea Ridge, Ar. (deceased)
How to rid "registry update" pop up
When online I get an itermittent pop up entitled "Messenger Service" --wanting me to go to registry update and down load a program for 19.95 to solve the "problem" (which I don't have) It seems to be buried deep in my hard drive and triggers whenever I'm online. Any suggestions ?? Thanks. Bill Myrick
-
Tom Diemer
- Posts: 244
- Joined: 26 Nov 2000 1:01 am
- Location: Defiance, Ohio USA
Bill, here is the supposed fix for that.
Excerpt from http://www.theeldergeek.com/messenger_service_popups.htm
----------------
Disable Messenger Service
Click Start > Run and type "services.msc" (no quotes) in the Open: line and click OK
In the right pane, scroll down to Messenger.
Double click Messenger and click the General tab.
Under Service Status: click the Stop button.
In the Startup Type: drop down box, select Disable.
Click Apply and OK.
-------------------
Excerpt from http://www.theeldergeek.com/messenger_service_popups.htm
----------------
Disable Messenger Service
Click Start > Run and type "services.msc" (no quotes) in the Open: line and click OK
In the right pane, scroll down to Messenger.
Double click Messenger and click the General tab.
Under Service Status: click the Stop button.
In the Startup Type: drop down box, select Disable.
Click Apply and OK.
-------------------
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
Those popups are known as Messenger Service Spam. Most of them originate in China and Korea, but can come from anywhere in the world. Many are being spewed out by Zombie computers that have been taken over due to lax security.
Follow the advise given above to disable this unnecessary Windows service and that spam will stop as soon as you stop the service.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage</small><font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 03 January 2006 at 07:51 PM.]</p></FONT><font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 04 January 2006 at 10:46 AM.]</p></FONT>
Follow the advise given above to disable this unnecessary Windows service and that spam will stop as soon as you stop the service.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage</small><font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 03 January 2006 at 07:51 PM.]</p></FONT><font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 04 January 2006 at 10:46 AM.]</p></FONT>
-
Bill Myrick
- Posts: 2567
- Joined: 21 Feb 1999 1:01 am
- Location: Pea Ridge, Ar. (deceased)
-
Dave Potter
- Posts: 1565
- Joined: 15 Apr 2003 12:01 am
- Location: Texas
I agree, that would make the pop-ups stop, but at the expense of disabling part of the OS functionality. I admit it's not a critical one, but I personally don't like allowing a spammer to best me on something like that.<SMALL>disable this unnecessary Windows service and that spam will stop as soon as you stop the service.</SMALL>
The root cause of the pop-up would still be on the machine, as I understand how these things work, and I'd want to work like crazy to find it and kill it. Wouldn't it be some .dll or a downloaded but modified "system file", something like that? Might be tough to locate, but I'd sure want to deal with it at the cause, if I could.
Or am I completely off base (not the first time), and some offending site is just using script or something to get into the machine through the browser?<font size="1" color="#8e236b"><p align="center">[This message was edited by Dave Potter on 04 January 2006 at 08:06 AM.]</p></FONT>
-
Tom Diemer
- Posts: 244
- Joined: 26 Nov 2000 1:01 am
- Location: Defiance, Ohio USA
Bill, I think they mean click the windows start button, then click run, and load services.msc by typing it in the command line and hitting enter or click ok.
This isn't a problem with your computer. Spammers are using the internet to send mass popup messages to people who don't have firewalls installed to block their popups.
You have two options Bill. Install a firewall that will allow blocking of the TCP ports the spammers are using (135, etc as posted on the linked page) or disable the service completely.
If you use messenger across your local network, you would want to go the firewall route. If not, then just disable it.
The root cause is spammers are sending these messages to all users using wildcards like * as explained on the linked web page. It isn't a spyware program installed on your computer. Spammers sure are getting creative, aren't they!
The built in windows firewall (XP pro Sp1 or SP2) will not block these ports, you'd need something more powerful. If you are using a router to connect to the internet, you might be able to block them there.
If the start run thing is confusing to you, another way to get to the services control is in control panel / administration tools / services. Then find the messenger service, stop the service, then set startup type to disabled.
Hope this helps Bill.
This isn't a problem with your computer. Spammers are using the internet to send mass popup messages to people who don't have firewalls installed to block their popups.
You have two options Bill. Install a firewall that will allow blocking of the TCP ports the spammers are using (135, etc as posted on the linked page) or disable the service completely.
If you use messenger across your local network, you would want to go the firewall route. If not, then just disable it.
The root cause is spammers are sending these messages to all users using wildcards like * as explained on the linked web page. It isn't a spyware program installed on your computer. Spammers sure are getting creative, aren't they!
The built in windows firewall (XP pro Sp1 or SP2) will not block these ports, you'd need something more powerful. If you are using a router to connect to the internet, you might be able to block them there.
If the start run thing is confusing to you, another way to get to the services control is in control panel / administration tools / services. Then find the messenger service, stop the service, then set startup type to disabled.
Hope this helps Bill.
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
To block Messenger Service popup spam create rules in a firewall, or router with a firewall, to block unsolicited incoming UDP traffic on ports 1025 through 1031. Most, if not all, broadband routers with internal firewalls do this by default (block unsolicited incoming traffic).
Most software firewalls need to be configured to block incoming UDP traffic, altho they may popup a notice asking if you want to allow an incoming UDP packet from some remote IP address, on Port (1025-1031). Say no and create a rule to block all such incoming UDP traffic on Ports 1025 - 1031.
UPD traffic is not specifically designated for any one computer or network. It is a Universal Datagram being broadcast without any destination IP. Once such a Datagram is sent over UDP every single Windows computer that has the Windows Messenger Service active and not blocked by a firewall will receive that broadcast and will popup a Messenger box with the spam message on it.
The Windows Messenger Service was designed as a memo tool for use on business LAN Intranets. It is used by technicians and administrators to notify workers that their server will be down for maintenance or rebooting; save your work and exit, or to alert them to company news or security issues. It was never meant to be used over the public Internet. Messenger Service is rarely used outside the corporate LAN structure and can be safely disabled as described proviously, with no ill affects.
Unless you are specifically part of a company that uses this service, or are using it at home to send popup messages to other family members, do yourself a favor and Stop and disable the Windows Messenger Service.
Do not confuse the "Windows Messenger Service" with Windows or MSN Messenger, which is used by Outlook Express and MSN as an IM client.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage</small><font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 04 January 2006 at 11:04 AM.]</p></FONT>
Most software firewalls need to be configured to block incoming UDP traffic, altho they may popup a notice asking if you want to allow an incoming UDP packet from some remote IP address, on Port (1025-1031). Say no and create a rule to block all such incoming UDP traffic on Ports 1025 - 1031.
UPD traffic is not specifically designated for any one computer or network. It is a Universal Datagram being broadcast without any destination IP. Once such a Datagram is sent over UDP every single Windows computer that has the Windows Messenger Service active and not blocked by a firewall will receive that broadcast and will popup a Messenger box with the spam message on it.
The Windows Messenger Service was designed as a memo tool for use on business LAN Intranets. It is used by technicians and administrators to notify workers that their server will be down for maintenance or rebooting; save your work and exit, or to alert them to company news or security issues. It was never meant to be used over the public Internet. Messenger Service is rarely used outside the corporate LAN structure and can be safely disabled as described proviously, with no ill affects.
Unless you are specifically part of a company that uses this service, or are using it at home to send popup messages to other family members, do yourself a favor and Stop and disable the Windows Messenger Service.
Do not confuse the "Windows Messenger Service" with Windows or MSN Messenger, which is used by Outlook Express and MSN as an IM client.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage</small><font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 04 January 2006 at 11:04 AM.]</p></FONT>
-
Bill Myrick
- Posts: 2567
- Joined: 21 Feb 1999 1:01 am
- Location: Pea Ridge, Ar. (deceased)