As to the purpose of the messenger service... It is designed to receive messages from anyone who sends it too you. I've been looking on the web for what permissions you need to send messages to a computer, and can't find it anywhere. But, on any local network of Win NT or 2K machines, try one of the following (with the messenger service on, of course): NET SEND username "Look at my advertisement" NET SEND computername "Look at my advertisement" NET SEND ip address "Look at my advertisement" It is probably someone that is running a script that does "NET SEND <ip address> message" for a whole range of IP addresses. Send me your IP off list and I will try it from here and see if it works, if you'd like... I've sent by IP before, but always to computers who trust me... Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: Rayneman [mailto:reignofdeath@xxxxxxxxxxxxx] Sent: Friday, October 04, 2002 1:03 PM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: Virus/Worm via Messenger Service? I am 99% sure that it was the Window Messenger Service as it stated this in the header of the IM window. I was just not sure EXACTLY what it said and didn't want to get flamed for calling it by a name that it wasn't. I disabled the service EXACTLY as you described and your instructions were accurate to the letter. Once again thank you for the accuracy and promptness of your reply... Additionally, the Description of the service says "sends/receives messages transmitted by administrators or by the Alerter service." As stated prior, these messages were spam suggesting I look at their pictures of naked women and how to make a fortune sitting on my ass. Is there something in relation to administrator rights/privileges that I may have misconfigured that allowed administrative rights to spammers that allowed them to use this service? Again, I am concerned as to what rights this service has inside the w2kserver OS. As for the adware program....I have it, use it and think that it is a fine service as long as you read carefully what you are going to remove before doing so. Thank you all. Ray S. raynserv@xxxxxxxxx -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Sullivan, Glenn Sent: Friday, October 04, 2002 12:57 PM To: 'windows2000@xxxxxxxxxxxxx' Subject: [windows2000] Re: Virus/Worm via Messenger Service? This is all contingent upon the fact that these are actual "Windows Messenger" messages. If they still show up after you follow these steps, then we're barking up the wrong tree. Let us know, and maybe we can help determine the nasty-app in question. Assuming we read your messages correctly, that is... ;-) Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: Rayneman [mailto:reignofdeath@xxxxxxxxxxxxx] Sent: Friday, October 04, 2002 12:50 PM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: Virus/Worm via Messenger Service? I sincerely appreciate your detailed response... Previous comments withdrawn... Ray S. raynserv@xxxxxxxxx -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Sullivan, Glenn Sent: Friday, October 04, 2002 12:53 PM To: 'windows2000@xxxxxxxxxxxxx' Subject: [windows2000] Re: Virus/Worm via Messenger Service? I did not see the "What to do and where to do it" part. Here you go: Right click on My Computer->Manage. Open "Services and applications". Click on Services. In the right hand pane, find "Messenger". Double click on it. In the window that opens, click the "Stop" button. Change the "Startup type" to "Disabled." Click OK. Detailed enough for you? You can catch many more flies with Honey than you can with vinegar, but I am in a vinegar sort of mood. Regards, Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: Rayneman [mailto:reignofdeath@xxxxxxxxxxxxx] Sent: Friday, October 04, 2002 12:42 PM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: Virus/Worm via Messenger Service? Maybe you should read my post again... I asked a question a little more specific that what you gave me an answer to... And if this is your idea of a response then maybe you should save your/our bandwidth by not responding at all. Ray S. -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Sullivan, Glenn Sent: Friday, October 04, 2002 12:41 PM To: 'windows2000@xxxxxxxxxxxxx' Subject: [windows2000] Re: Virus/Worm via Messenger Service? Stop the messenger service. Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: Rayneman [mailto:reignofdeath@xxxxxxxxxxxxx] Sent: Friday, October 04, 2002 12:25 PM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: Virus/Worm via Messenger Service? I periodically get popup messages that are similar to IM messages but claim to be a Windows Messenger Service or some such thing....I don't remember installing any such thing but evidently I have some type of messaging service on this W2K Server machine that can send/receive messages in the background and I wish to COMPLETELY DISABLE this function. Please advise me as to what to do and where to do it. I'd like to think that I am relatively proficient in this OS but this is an obvious indication that I am NOT. And for those that are curious...they are all spam messages and I'm scared of what access this IM gives itself in my server. Thank you in advance. Ray S. raynserv@xxxxxxxxx -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Scott Ehrlich Sent: Friday, October 04, 2002 9:58 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Virus/Worm via Messenger Service? Last night around 5pm EST we received a Messenger Service window from a host called WX2. Most people, across subnets, received a poem, credited to Henry Cuyler Bunner (1855-1896) will a hallmark of "Provided by http://www.ALLprice.info"; Of our two NT 4 domain controllers, one received the message intact, the other just received "Message from WX2 to <domain controller> on 10/3/2002 <timestamp>" but no body of the message. Anyone heard of anything like that? nbtstat shows no such host, as does nslookup. Thanks for any insight. Scott ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm