I recently spent 2 days getting Messenger Service popups every 10-30 seconds
while attempting updates following a total reinstall (W2K). Naturally I had
a bad reaction, but someone was smart enough to respond with the following
*highly detailed* list of solutions. I present it here, hoping it will be
helpful to others.

* * *

In Microsoft's default configuration, there is a little program called
Messenger Services. This is a bit different from the MSN Messenger, which is
commonly used to chat.

Unscrupulous people have discovered that they can use Messenger Services to
send advertisements and spam to vulnerable machines on a network. A box will
pop up on your screen with the text "Messenger Services" at the top, but the
text will be an ad for a product or service -- interrupting whatever you're
doing on the computer at the time!

To make sure this doesn't happen to you, just take the following steps:

Disabling the Messenger Service
You can disable the Messenger service, although doing so may result in
Windows not being able to alert you to some conditions (like some print
spooler, anti-virus, and event logger status messages if you access these
services from a network server).

Windows 2000
1. Click Start -> Programs -> Administrative Tools -> Services
[or Admin Tools in Control Panel ~pH]
2. Scroll down and highlight "Messenger"
3. Right-click the highlighted line and choose Properties.
4. Click the STOP button.
5. Select Disable or Manual in the Startup Type scroll bar
6. Click OK

Windows XP
1. Click Start -> Control Panel
2. Click Performance and Maintenance
3. Click Administrative Tools
4. Double click Services
5. Scroll down and highlight "Messenger"
6. Right-click the highlighted line and choose Properties.
7. Click the STOP button.
8. Select Disable or Manual in the Startup Type scroll bar
9. Click OK

For Windows 95, 98, and ME:
Windows Messaging Service is not installed on Windows 95, 98, or ME.
Instead, those OSs come with Winpopup, which acts in a similar way, but is a
program rather than a service.

To get rid of Winpopup:
1. Click Start > Search (or Find) > Find Files or Folders.
2. Search for the winpopup.exe file.
3. Right-click on the winpopup.exe file and rename it to "winpopup.bad" (or
whatever fun file extension you can think of).
4. Click Yes if prompted.
5. Restart the computer.


1. Go to your Control Panel -> Add/Remove Programs -> Windows Setup ->
2. Scroll down to the bottom of the list.
3. Uncheck the Winpopup.

Blocking Network Access to the Messenger Service
Blocking access to the service is complicated because it can communicate
over multiple protocols, and it shares a port mapper with other
applications. Blocking all the possible ports will disable the ability of
other computers to send you messages, but it will also disable other
services. The most common service that may be affected is Windows file
sharing. If you want to share a folder on your computer to the network, this
ability may be affected. If you don't want to share a folder across your
network, blocking these ports is suggested as a way to improve overall

Block access to ports 135, 137-139, and 445. The default configuration of
the Internet Connection Firewall shipped with Windows XP will block these
ports. Windows NT, 2000, and XP TCP/IP security and filtering options in the
network control panel can also be used to block ports. If you have a
personal firewall (like BlackICE or ZoneAlarm) you can configure it to block
inbound traffic on those ports.

Possible issues with blocking Messenger ports:
- Microsoft Outlook clients can talk to Microsoft Exchange servers on TCP
- Windows file sharing requires TCP 139 or 445 depending upon OS
- Server operators, managed networks, and people with custom applications
should take great care with blocking ports. Domains and trusts require
several of these ports for authentication and other things.
- Some third party applications, particularly management oriented ones may
require TCP 135
- Windows Media Technology (also known as NetShow) uses TCP 135 for the
Windows Media Administrator and Windows Media Encoder
- According to Microsoft, "Microsoft Office suite and other applications are
DCOM aware. You may disable functionality that is in use by blocking ports."
- UDP 137 is needed for netbios name resolution. It and port 138 may be
needed for access to netbios resources on the network.
- Some RPC based services exist on high ports (those greater than 1024). It
may be possible that those services can be accessed and exploited directly
bypassing the mapper on 135.