i Kemss - There are currently two classes of things going on that are
causing people popup difficulties. If you get popups even when your browser
is not connected to the Internet with a title bar reading "Messenger
Service", then these are most likely due to open NetBios TCP ports 135, 139
and 445 and UDP ports 135, 137-138 and a UDP port in the range of
1026-1029.. You really need to block these with a firewall as a general
protection measure. You can stop the popups by turning off Messenger
Service; however, this still leaves you vulnerable. If you have an NT-based
OS such as XP or Win2k, you should probably also specifically block TCP
593, 4444 and UDP 69, 139, 445, and install the very important 823980 patch
from MS03-026, here: http://support.microsoft.com/?kbid=823980 to block
the Blaster worm..
See: Messenger Service Window That Contains an Internet Advertisement
Appears http://support.microsoft.com/?id=330904 which identifies reasons to
keep this service and steps to take if you do.
You can test your system and follow the 'Prevention' link to get additional
http://www.mynetwatchman.com/winpopuptester.asp Unless you have very good
reasons to keep this active, it should be turned off in Win2k and XP. Go
here and do what it says:
http://www.itc.virginia.edu/desktop/docs/messagepopup/ or, even better, get
MessageSubtract, free, here, which will give you flexible control of the
service and viewing of these messages:
(FWIW, ZoneAlarm's default Internet Zone firewall configuration blocks the
necessary ports to prevent this use of Messenger Service. I don't know the
situation with regard to other firewalls.)
Messenger Service is not per se Spyware or something that MS did wrong - It
provides a messaging capability which is useful for local intranets and is
also sometimes (albeit nowdays infrequently) used by some applications to
provide popup messaages to users. However, it can also be (and now
frequently is) used to introduce spam via this open NetBios channel.
For a single user home computer, it normally isn't needed and can be turned
off which will eliminate the spam popups. This DOESN'T, however, remove the
vulnerability of having these ports open, when in fact they aren't needed,
since they can be perverted in other ways as well, some of which can be much
more damaging than just a spam popup.
If you're getting a lot of popups while surfing, then the following may be
Popups - The best way to start is to get Ad-Aware 6.0, Build 181 or later,
here: http://www.lavasoftusa.com/support/download/. Update and run this
regularly to get rid of most "spyware/hijackware" on your machine.
Another excellent program for this purpose is SpyBot Search and Destroy
available here: http://security.kolla.de/ SpyBot Support Forum here:
http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi I recommend
using both normally. After fixing things with SpyBot S&D, be sure to re-boot
and rerun SpyBot again and repeat this cycle until you get a clean "no red"
Then, there are a variety of third party "Popup Killers" available. I
normally use AdShield, which, if you maintain its Block List every now and
then, almost totally stops this. In addition, it stops a variety of
ads/banners/etc. (particularly spyware like doubleclick) on pages I access.
This is probably all you'll need; howev